All, Following a forced rebuild of my SBS2003 server, the exchange part of the server refuses to play. The symptoms are that email is coming in and going out correctly, but users can only access exchange via OWA. Mobile devices (Windows Mobile and Android) refuses to connect, and outlook clients refuse to connect. I suspect (but I may be wrong) that this may be down to the fact that OWA refuses to use form based authentication – it insists on showing a pop-up login screen for authentication. When i try to connect a mobile device (tried both Android and WM), the users are marked as mobile users, there permissions allow mobile access. It should allow form based authentication – Under Exchange > Servers > Protocols > HTTP> Exchange Virtual Server I have “enabled Forms Based Authentication” ticked, compression High set. Under IIS settings, I have my server > Web Sites> Default Web Site > Directory security set with the certificate (which is picked up ok for OWA), and under Authentication and access Control, the settings are: Enable anonymous access is ticked (with the user name and password as per the default), and both Integrated Windows Authentication and Basic Authentication ticked. The default domain is set to Dogsbodysystems.local as described below. As far as the Outlook connection goes – no user can validate their settings. Regardless of whether they go through the outlook setup of mail, or use the control panel MAIL snap in, when they go to validate, the message produced is “The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete”. Does anybody have any idea what I can try, what is going on, or why outlook/mobile devices refuse to connect?!? Technical Details: Server is running SBS2003 SP2, with exchange 2003 SP2 – exchange has been reinstalled just in case, and SP2 reapplied Server is running IIS and ISA 6.0, with external certification in place. Outlook clients are both 2003 and 2007 My computer is named : DOGBODYSYSTEMS Exchange is named (via the exchange server management) : DOGSBODY Domain is named : Dogsbodysystems.local External web address is : www.dogsbodysystems.co.uk (note in the above, “dogsbody” replaces my company name)

The other message that I see, on some mobile devices is as follows: "your microsoft exchange Server account does not have permission to synchronize with your current settings." If I look under the "Users" snap in within the SBS2003 server management for one of the users, under Exchange Features, Outlook Mobile Access, User Initiaed Sync and Up to Date Notifications are all listed and enabled.

Hello, Do you have a FE server in your production environment? Mobile phones use the activesync virtual directory in IIS. We can test the activesync connectivity externally via the following link: https://www.testexchangeconnectivity.com/# For the Outlook connectivity issue, I’d like to ask whether Outlook works internally? Thanks, Simon

FE Server - Nope, not included. When I use the mobile phone check as suggested on our Https from an external location, I get a 403 error as shown below. In terms of outlook, no, outlook clients cannot connect internally. Results of the https://www.testexchangeconnectivity.com/# test (on my domain): You are not authorized to view this page The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. HTTP Error 403.6 - Forbidden: IP address of the client has been rejected. Internet Information Services (IIS) Technical Information (for support personnel) Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403. Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Limiting Access by IP Address, IP Address Access Restrictions, and About Custom Error Messages.

Just another thought. Despite the fact that I created the users using the user Wizard on the SBS2003 server console, if I look under the Server managment > Advanced Management > Active directories Users and Computers > myserver.local > Users... it does not list any of the users that I have created. Should it? Why didnt it?

Do you actually have IP restrictions on the website? Please check using the instructions below (may be different for SBS not sure) 1. start run, type inetmgr 2. Right click the website, properties 3. Directory security tab, ip address and domain name restrictions, edit. The default setting is granted access and nothing configured in the white pane.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

On the internet facing exchange server, try accessing the ActiveSync VD in IE: https://localhost/Microsoft-Server-ActiveSync What’s the detailed error code now? We can also try rebuilding the ActiveSync Virtual Directory by the following steps: http://support.microsoft.com/kb/883380 Thanks, Simon

Further updates. I have found the problem (I think), but I cannot see why it happens. Basically, the Microsoft Exchange information Store is not running (it is set to automatic start). But, if I manually start it, it runs, and everything is good. But, the moment a mobile user tries to activesync I get three Event logs, followed by the MEIS stopping. The event logs are: 1) VsJITDebugger - An unexpected win32 exception occurred in store.exe (7036). Event ID 4096 2) EventID 1005 - Unexpected error <<0xc1050000 - Network problems are preventing connection to the Microsoft Exchange Server computer. An unexpected unknown error has occured. Microst Exchange Server Information Store Id no: 80040115-0514-000006bf>> occured 3) Unexpected Exchange mailbox Server error: Server (myserver.mydoimain.local) User : (a user@myaddress.co.uk) HTTP status code : [503]. Verify that the Exchange mailbox Server is working correctly - Event ID 3005 Help!