Exchange 2010 Activesync
Okay, I give up. This has been driving me crazy for two days and nothing I've been able to do has changed anything at all. What we have is an Exchange 2003 server that we're migrating to Exchange 2010. We don't want to do coexistence. I'm concerned about the 2003 server even living long enough to get through the migration. Regular email and OWA work fine on the 2010 server. Activesync, however, seems to be hosed. Any iPhone that tries to connect gets either an 'unable to verify' error or a password prompt. Obviously something in the authentication process isn't working, but I haven't been able to find anything wrong. I've tried a different router, I've tried removing and re-creating the Microsoft-Server-ActiveSync virtual directory, I've tried fiddling with the various settings, I've turned SSL on and off, tried different users, none of it has made any difference. The Activesync test site shows only one error: *** Testing HTTP Authentication Methods for URL https://mail.gotechnow.com/Microsoft-Server-ActiveSync/. The HTTP authentication test failed. Additional Details The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario. *** Which is annoying since I can't find anywhere that Anonymous is turned on. I guess this has SOMETHING to do with the problem, but I can't find anything about that error except to remove and re-create the Activesync virtual directory, which only accomplished two things; jack and squat. Event viewer now and then shows: Watson report about to be sent for process id: 4068, with parameters: E12, c-RTL-AMD64, 14.02.0297.000, AirSync, M.Exchange.AirSync, M.E.A.AirSyncUser.get_WindowsIdentity, System.InvalidCastException, aed0, 14.02.0298.004. ErrorReportingEnabled: False The IIS logs only show things like this: 2012-06-09 18:17:07 192.168.1.14 POST /Autodiscover/Autodiscover.xml - 443 gotech\tuser 166.147.67.193 Apple-iPhone4C1/902.206 200 0 0 155 2012-06-09 18:17:10 192.168.1.14 OPTIONS /Microsoft-Server-ActiveSync/default.eas - 80 - 166.147.72.16 Apple-iPhone4C1/902.206 403 4 5 46 Which doesn't seem very useful. The SSL cert that they're using is not self-signed, but it is only a single name cert. The Exchange 2010 server is on SP2 and Windows Server 2008 R2. Does anyone have any ideas? I'm fresh out.
June 9th, 2012 3:02pm

>This has been driving me crazy for two days and nothing I've been able to do has changed anything at all. > >What we have is an Exchange 2003 server that we're migrating to Exchange 2010. We don't want to do coexistence. I'm concerned about the 2003 server even living long enough to get through the migration. Regular email and OWA work fine on the 2010 server. Activesync, however, seems to be hosed. > >Any iPhone that tries to connect gets either an 'unable to verify' error or a password prompt. Obviously something in the authentication process isn't working, but I haven't been able to find anything wrong. I've tried a different router, I've tried removing and re-creating the Microsoft-Server-ActiveSync virtual directory, I've tried fiddling with the various settings, I've turned SSL on and off, tried different users, none of it has made any difference. > >The Activesync test site shows only one error: >Testing HTTP Authentication Methods for URL https://mail.gotechnow.com/Microsoft-Server-ActiveSync/. > > >The HTTP authentication test failed. When you use the EMC and look at the "Server Configuration | Client Access | <server name>" and select the "Exchange ActiveSync" tab, what do you see on the "Authentication" tab of the "Microsoft-Server-ActiveSync (Default Web Site)"? You should have "Basic Authentication" checked, and "Ignore client certificates" checked. Are you using SSL offloading? The IIS status code "403.4" in the IIS log means "SSL required". Assuming you have SSL as a reqirement on the virtual server, it could mean that there's no certificate associated with the VS. Do the internal and external URLs for the "Microsoft-Server-ActiveSync (Default Web Site)" (in the EMC) use HTTPS? Check the IIS manager. The site should require SSL and ignore client certificates in the "SSL Settings). --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2012 5:20pm

> When you use the EMC and look at the "Server Configuration | Client > Access | <server name>" and select the "Exchange ActiveSync" tab, what > do you see on the "Authentication" tab of the > "Microsoft-Server-ActiveSync (Default Web Site)"? > > You should have "Basic Authentication" checked, and "Ignore client > certificates" checked. Yes. > Are you using SSL offloading? No. > The IIS status code "403.4" in the IIS log means "SSL required". > Assuming you have SSL as a reqirement on the virtual server, it could > mean that there's no certificate associated with the VS. Do the > internal and external URLs for the "Microsoft-Server-ActiveSync > (Default Web Site)" (in the EMC) use HTTPS? Check the IIS manager. The > site should require SSL and ignore client certificates in the "SSL > Settings). How do I verify that the installed SSL cert is associated with the Activesync folder? The external URL in the EMC had http: instead of https: but when I changed that it broke OWA, which now gives a: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. Error. (I know that doesn't make any sense. But there it is.) The iPhone now continually prompts for, and rejects, a password.
June 9th, 2012 11:23pm

Okay, I think I've got it. The OWA error was SSL being on on the root of the website (couldn't redirect to the OWA HTTPS folder). I must have turned that on while fiddling somewhere. On the iPhone errors, I toggled some of the authentication settings (changed them, changed them back), and it seems to be working. Fingers crossed. But it looks like the root of it all was the http instead of https on the external site in the EMC. Thanks. It's been my experience that almost all these frustrating problems have a simple solution, if only you can find it....
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2012 12:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics