Exchange 2003 and Activesync Configuration and Troubleshooting Alan Hardisty's Blog - All Things IT Related

Exchange 2003 and Activesync Configuration and Troubleshooting « Alan... http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-active...
Home
About
Entries RSS | Comments RSS
Excellent Price / Performance Anti-Spam Software

If you are looking for some Excellent Anti-Spam software that is priced per server not per user and that will reduce your spam
dramatically, then I can recommend Vamsoft ORF (http://www.vamsoft.com). I personally use this on my own server and have
installed it successfully on the majority of my customer's servers and we are all incredibly pleased with the results. If you would like to
purchase this software at a very competitive price, please drop me an email to alan@it-eye.co.uk.
Top Posts
Exchange 2003 and Activesync Configuration and Troubleshooting
Activesync Working But Only For Some Users On Exchange 2007 / 2010
How To Close An Open Relay In Exchange 2007 / 2010
Apple iOS4 Issues with iPhone 4 / 3Gs / 3G and Exchange
Exchange 2007 / 2010 Inbound Mail-flow Suddenly Stops – Quick Fix
HTC HD2 Screen Lock - Prompt For PIN Every Time Phone Turned On Fix
Exchange 2010 POP3 Collection Problems
Prevent Spam Mail From Your Own Domain in Exchange 2007
Windows Small Business Server 2011 Standard and Premium Add-on Released to Manufacturing
Why are my Outbound Queues Filling up with Mail that we didn't send?
Categories
Activesync (2)
Anti-Spam (4)
Blacklists (1)
BT (1)
BT (2)
Demon (1)
Exchange 2003 (13)
1 of 21 5/24/2011 6:40 PM
Exchange 2007 (17)

Exchange 2010 (19)
Exchange Server (30)
Forefront Threat Management Gateway (1)
Hoaxes (5)
IIS (1)
iPad (4)
iPhone (3)
ISP's (3)
MAC (1)
Mobile phones (7)
Outlook (1)
Reverse DNS (1)
SBS (1)
SBS 2008 (3)
SBS 2011 (1)
Security (7)
Symantec (1)
Uncategorized (2)
Windows Mobile (4)
Archives
May 2011 (2)
April 2011 (1)
March 2011 (3)
February 2011 (2)
January 2011 (2)
December 2010 (4)
November 2010 (4)
October 2010 (2)
September 2010 (5)
August 2010 (1)
July 2010 (2)
June 2010 (3)
May 2010 (3)
April 2010 (4)
March 2010 (4)
February 2010 (10)
Recent Posts
Problems Installing KB891193 on SBS 2003
Fake Security Software Hits Macs – MAC Defender / MAC Security
Waiting for BT on a Friday!
Potential for database corruption as a result of installing Exchange 2007 SP3 RU3
BT Should Stick to Telephones and Not Configuring Mail Servers!
Exchange 2003 and Activesync Configuration and Troubleshooting

Posted on February 28, 2010 by Alan Hardisty
So, here is my guide to solving (most) Exchange 2003 and Activesync issues:
Pre-Requisites:
1. Make sure that you have Exchange Server 2003 Service Pack 2 Installed. Whilst Activesync will work with Exchange 2003 Service Pack
1, Service Pack 2 makes it a whole lot easier!
To check if you have it installed, open up Exchange System Manager (Start> Programs> Microsoft Exchange> System Manager). Then
expand Servers, Right-Click your server and choose Properties. This will display whether you have SP2 installed or not.
2 of 21 5/24/2011 6:40 PM
If you do not have SP2 installed you can download it here – http://www.microsoft.com/downloads
/details.aspx?FamilyID=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en
2. Ensure that TCP Port 443 is open (and forwarded) on your firewall to your Exchange server. You don’t need to open up any other ports to
get Activesync working, just TCP port 443. You can check this on your Exchange Server at http://www.canyouseeme.org and you should see
‘Success’ if the port is open and forwarded correctly. If it isn’t open and forwarded, check your router and make sure you have the settings
configured correctly.
3. Please check the LAN Adapter Binding order to make sure the NIC that Exchange is bound to is at the top of the list (Start> Run> [type]
ncpa.cpl [press enter]> Advanced> Advanced Settings> Connections).
4. Open up IIS Manager (Start> Programs> Administrative Tools> Internet Information Services (IIS) Manager), expand ‘Web Sites’ then
‘Default Web Site’ then right-click on the relevant Virtual Directory (see below) and choose properties, then click on the Directory Security
Tab):
Exchange 2003 (Not part of Small Business Server):
Exchange Virtual Directory

• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name – e.g., yourcompany* (no more than 15 characters)
• Realm = yourcompany.com
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL NOT ticked (very important)
Microsoft-Server-Activesync Virtual Directory

• Authentication = Basic
• Default Domain = NETBIOS domain name – e.g., yourcompany* (no more than 15 characters)
3 of 21 5/24/2011 6:40 PM
• Realm = NETBIOS name

• Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked
Exchange 2003 (Part of Small Business Server):
Exchange Virtual Directory

• Default Domain = NetBIOS domain name – e.g., yourcompany*
• Realm = yourcompany.com
• Secure Communications = Require SSL IS ticked (very important)
Microsoft-Server-Activesync Virtual Directory

• Default Domain = NETBIOS domain name – e.g., yourcompany*
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked
Exchange-oma Virtual Directory

• IP Address Restrictions = Restricted to IP Address of Server
OMA Virtual Directory

* yourcompany can be determined by opening up a command prompt (Start> Run> [type] cmd [press enter]) and then typing ‘SET’ and
pressing enter. The variable ‘USERDOMAIN’ is the info you should use for ‘yourcompany’. Most often – this is not required, but I have
seen instances where simply adding this info has made Activesync work.
5. ASP.NET should be set to version 1.1 for all virtual directories listed above. If you cannot see the ASP.NET tab, you only have v 1.1
installed so do not worry. If any version other than 1.1 is selected, please change it to v 1.1.4322.
6. Make sure that you have HTTP Keep-Alives enabled. Right-Click on the Default Web Site and choose Properties. On the Web Site tab, in
the Connections section, click the Enable HTTP Keep-Alives check box and click OK
4 of 21 5/24/2011 6:40 PM
7. Check that Ignore Client Certificates is selected under the IISADMPWD virtual directory / Directory Security Tab / Edit Secure
Communications Button. This Virtual Directory may not exist if you have not setup the ability to reset passwords via Outlook Web
Access (OWA). If it is not there – no worries.
IPV6
Please make sure that IPV6 is NOT installed on your server as this is known to break Activesync. (Start> Run> [type] ncpa.cpl [press
enter]) Right-click on your Local Area Network Connection and choose Properties. Look under ‘This Connection Uses The Following
Items:’ for Internet Protocol (TCP/IP) v6 – if it exists – uninstall it and reboot.
8. Ensure that the IP for the Default Website is set to All Unassigned and using port 80 (open up IIS manager, Right-Click the Default
Website and choose properties, then on the Advanced button).
If your default website is using any port other than port 80, it simply will not work, so if you have changed this to make something else
work, either change it back to port 80 or stop trying to use Activesync! Also make sure that you are not using any Host Headers on the
Default Website because this can also break Activesync.
If you make any changes to IIS, you will need to reset IIS settings. Please click on Start, Run and type IISRESET then press enter.
5 of 21 5/24/2011 6:40 PM
SSL Certificate
Make sure that the name on the SSL certificate you have installed matches the Fully Qualified Domain Name (FQDN) that you are
connecting to for ActiveSync – for example, mail.microsoft.com. To check, right-click on the Default Web Site in IIS, choose Properties,
click on the Directory Security Tab and then on the View Certificate Button.
If it does not match, either re-issue the certificate if you created it yourself, or re-key the certificate from your SSL certificate provider.
If you have a Small Business Server and don’t want to buy a 3rd Party SSL certificate, just re-run the ‘Connect To The Internet Wizard’,
(Start> Server Management> To-Do List> Connect to the Internet).
Click Next. If the Wizard detects a Router – click No to leave the configuration alone.
6 of 21 5/24/2011 6:40 PM
Make sure ‘Do not change connection type’ is selected and click Next.
Leave the Web Services Configuration Settings as they are and click Next.
Select ‘Create a new Web server certificate’ and enter a ‘Web server name’ e.g., mail.yourdomain.com and click Next.
Select ‘Do not change Internet e-mail configuration’ and click Next.
7 of 21 5/24/2011 6:40 PM
Click Finish to complete the Wizard
If you have Windows Mobile Phones, Activesync is much easier to get working with a purchased SSL certificate. If you have a self-created
SSL certificate and use Windows Mobile Phones, you will have to install the SSL certificate onto each and every Windows Mobile Phone
that you want to use with your Exchange 2003 server. If you only have a handful of devices, then it won’t take long to do, but if you have
dozens, a £30 1-Year SSL certificate is probably a very good investment. You can purchase a cheap, trusted SSL certificate from
http://exchange-certificates.com that will work happily.
Windows Mobile Phone / iPhone Settings:
Email Address: Your Users Email Address

Server: Whatever name you have on your certificate e.g., mail.yourdomain.com (do not add /exchange or /oma or /anything)
Domain: Your internal Domain Name e.g., yourdomain (maximum 15 characters)
Username: Your Username e.g., User123
Password: The CORRECT password!
Description: Whatever you want to call the Account
Testing:
If you have got SP2 installed, check on https://testexchangeconnectivity.com to see if everything is working properly by running the
Exchange Activesync check. The site is an official Microsoft site specifically for testing Exchange installations and connectivity.
Please select ‘Specify Manual Server Settings’ (Exchange 2003 does not have native Autodiscover enabled so using the Autodiscover
settings will fail).
3rd Party SSL Certificate:
Do NOT check the “Ignore Trust for SSL” check box
8 of 21 5/24/2011 6:40 PM
Self-Certified SSL Certificate:
Check the “Ignore Trust for SSL” checkbox.
If you are trying to make an iPhone work, then you can also download the free iPhone App ‘Activesync Tester’ and this should identify any
problems with your configuration, or download the version for your PC from https://store.accessmylan.com/main/diagnostic-tools
Various Activesync Errors / Solutions:
REMEMBER – If you make any changes to IIS settings, please run IISRESET and re-visit https://testexchangeconnectivity.com and re-run
the test.
Activesync Error 0×86000108:

Activesync is unsuccessful and you see the error 0×86000108 on your Windows Mobile Device:
Please read the following MS Article which checks that Authenticated Users has write permissions to the %TEMP% directory (usually
c:\windows\temp) – http://support.microsoft.com/kb/950796/en-us
Application Event Log 3005 Errors:

A lot of 3005 errors can be resolved by changing the Default Website Timeout value from 120 (default) to something greater, such as 480
using IIS Manager.
For Small Business Server 2003 Users – please read this MS article – http://support.microsoft.com/kb/937635
Inconsistent Sync::
If you are getting inconsistent Synchronisation from your device to your Exchange 2003 server, please add the following registry key to the
server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan
ProactiveScanning REG_DWORD 1
HTTP 401 Error:

If you are getting an HTTP 401 error when testing on https://testexchangeconnectivity.com then you are probably entering an incorrect
username or password, or you may have IP Address restrictions setup on your virtual directories (see IIS Settings above under prerequisites).
HTTP 403 Error:

Ensure that Forms Based Authentication is NOT turned on under Exchange Virtual Server under Exchange Protocols (Exchange System
Manager, Servers, Protocols, HTTP, Exchange Virtual Server properties, Settings Tab). If it is – please read http://support.microsoft.com
/kb/817379 and create an exchange-oma virtual directory following the instructions in the KB article.
I have had Activesync work despite seeing “An HTTP 403 forbidden response was received. The response appears to have come from
Unknown. Body is:
HTTP/1.1 403 Forbidden

” at the end of the test above. To resolve this (if you like things tidy), please open up Exchange System Manager, Global Settings, Mobile
Services Properties, Device Security Button, Exceptions Button, then add your account to the exceptions list.
I have also seen the 403 error resolved by running:

eseutil /p
eseutil /d and
isinteg -s servername -fix -test alltests (at least twice)
Check to see if Activesync is enabled globally on your server – http://technet.microsoft.com/en-us/library/bb125073(EXCHG.65).aspx
9 of 21 5/24/2011 6:40 PM
Also check to see if it is enabled on a user by user basis – http://technet.microsoft.com/en-us/library/aa997489(EXCHG.65).aspx
HTTP 500 Error:

If you still cannot get Activesync to work or keep getting an HTTP 500 error, please follow Method 2 in Microsoft Knowledgebase Article
KB883380 and this should resolve the issues. This essentially deletes the Exchange Virtual Directories from the IIS Metabase (which can be
corrupted) and rebuilds them. When deleting the Exchange virtual Directories, please also delete the Exchange-OMA virtual directory if it
exists. Rebuilding those virtual directories often clears up problems that all the other steps above do not resolve.
If, after following KB 883380, Activesync still does not work and it keeps coming up with HTTP 500 errors, please do the following:
• Disable Forms Based Authentication – Exchange HTTP Protocol (if enabled)

• Remove SSL settings from the Exchange IIS virtual directory
• Run iisreset
• Test Activesync without SSL selected – hopefully this should work or give the OK result
• If okay – right-click on the Exchange Virtual Directory and select all Tasks> Save Configuration to a file. Name the file Exchange and save
to the desktop
• Run Regedit (and be extremely careful here as you can kill your server very easily) then right-click on My Computer and select Export.
Name the file as ‘EntireRegistry’ and save the backup of the registry to the desktop
• In regedit – locate HKLM \ System \ CurrentControlSet \ Services \ MasSync \ Parameters and delete the ExchangeVDir key from the
right-hand pane.
• Close Regedit
• Right-click on the default-website and select New> Virtual Directory fom File. Browse to the desktop and click on the Exchange.xml that
you created above, then click on Read file, select Exchange from the ‘Select a configuration to import’ section and click on OK. Select
‘Create a new virtual Directory’ and name the directory ‘exchange-oma’ and click OK.
• Right-click on Exchange-OMA virtual directory you just created and click Browse – you should see OWA open up happily
• Open Regedit and add the ExchangeVDir key back that you recently deleted as a String Value and then change the value to read
/exchange-oma
• Close regedit
• Enable SSL and require 128-Bit Encryption on the Exchange Virtual Directory to ensure it is secure once again
• Enable Forms Based Authentication (if you want to use it) on Exchange > Protocols> HTTP
• Make sure that Integrated Authentication is enabled on the Exchange Virtual Directory
• Check that the Exchweb virtual directory does not have SSL enabled
• Run iisreset
• Test Activesync – it should hopefully be working now!
If the above fails, please check you event logs for Event ID 9667 – Source MSExchangeIS. If this event exists, please have a read of MS
KB820379
In a recent question on Experts-Exchange.com, I was advised that running the following command against the unmounted database solved
an HTTP 500 error, so if you are still having issues, please try running the integrity check (from a command prompt):
Isinteg –s servername –fix –test alltests
Select the dismounted database and let the check run. If you see 0 errors and 0 fixes, then all is well. If not, please re-run the test until you
do (as many times as it takes – two usually is ufficient).
If you are still reading this article and are still seeing HTTP 500 errors, then we need to check the settings on the EXCHWEB Virtual
Directory in IIS Manager.
Exchweb Virtual Directory

• Authentication = Anonymous
Exchweb \ Bin Directory

Exchweb \ Bin \ Auth Directory

• Authentication = Anonymous
Exchweb \ Bin \ Auth \ USA Directory

REMEMBER – If you make any changes to IIS settings, please run IISRESET and re-visit https://testexchangeconnectivity.com and re-run
the test.
10 of 21 5/24/2011 6:40 PM
Hopefully if you are now at the bottom of my article, your mobile phones should now be synchronising happily. If that is not the case, please
review your IIS Settings carefully and start at the top of this article again.
If you are still not working – then you will probably have to call Microsoft to get support from them as something else not covered by this
article is causing your problems.
So, in summary, you have reviewed and checked the settings in IIS to ensure that Activesync will work on your Exchange 2003 server, you
have made sure that you have Exchange 2003 Service Pack 2 installed and you have run a test to make sure that your server is responding
happily and by now, your iPhones and Windows Mobile phones should be happily synchronising.
Having got this far – and hopefully fixing your problems – if you have found this article helpful, please vote for it at the top of the page : )
* * * Please rate this article below if you have found it helpful * * *
25 Votes
Possibly related posts: (automatically generated)
Exchange 2007 Service Pack 2 Rollup 4 Released

Exchange 2007 Service Pack 3 Released
Exchange 2010 Rollup 3 Released
How to start monitoring of Exchange 2007 Servers
A D V E R T IS E ME NT
Filed under: Exchange 2003, Exchange Server, iPad, iPhone, Mobile phones, Windows Mobile Tagged: | Activesync, Exchange 2003
« Exchange 2010 POP3 Collection Problems Why Am I Blacklisted? »
Like 3 bloggers like this post.
49 Responses
1. Google Nexus One Mobile Phone and Exchange Mail (Activesync) « Alan Hardisty's Blog – All Things IT Related, on April 27,
2010 at 5:38 pm said:
[...] 2003 box and I had already configured Activesync on the server having followed my own article
(http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-configuration-and-troubles...), so I knew that this part
was not going to present me with any [...]
Reply
2.
Mark, on May 17, 2010 at 3:18 pm said:
This worked perfectly on two SBS 2003 servers.

Thank you!
Reply
11 of 21 5/24/2011 6:40 PM
Alan Hardisty, on May 17, 2010 at 3:21 pm said:
Very glad it helped you out and thanks for letting me know. Feedback is always appreciated, especially positive feedback : )
Reply
3.
Franklin, on May 20, 2010 at 5:08 am said:
This is the most comprehensive troubleshooting page I have come across – I got stuck trying to troubleshoot a client’s ActiveSync, and
your article definitely helped!
Reply
4.
Steve Davies, on May 22, 2010 at 10:00 am said:
Hi,
I’ve just updated to Service Pack 2, however am stuck where you say
“Please check and mirror the settings below (Open up IIS, expand the default website then expand the relevant Virtual Directory,
right-click on the Virtual Directory and choose properties, then click on the Directory Security Tab):”
Which virtual directory are you reffering to?
Also, how do I know if my Exchange Server is part of OR not part of SBS 2003?
I’d really appreciate some help because this looks promising.
Thanks in advance,
Steve
Reply
Steve Davies, on May 22, 2010 at 11:00 am said:
I figured out what you meant. That was me just being stupid.
As for the exchange being part of SBS, I just tried the first settings and along with the test link, and this URL (to create a self
signed SSL) http://www.somacon.com/p42.php, I was able to get this working.
PLEASE NEVER DELETE THIS PAGE
Reply
5.
Warren, on May 27, 2010 at 4:18 am said:
Great walk through I’ve been trying to get Iphones working with exchange for ages and this got it working. I will be saving this web
page for future reference
Reply
6. Configure iPhone for use with Exchange Server « Demazter's Blog, on June 14, 2010 at 1:21 pm said:
[...] Troubleshooting ActiveSync with Exchange 2003: http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-

configuration-and-troubles... [...]
Reply
7.
Linux, on June 21, 2010 at 3:52 pm said:
Thank you very mutch.
Reply
8.
Mark, on August 11, 2010 at 3:06 pm said:
12 of 21 5/24/2011 6:40 PM
Hi Alan,
I don’t have Exchange-OMA Virtual Directory on my IIS. Do you think that could be the problem I am not able to access exchange
emails on my IPhone ?
Reply
Mark, on August 11, 2010 at 7:18 pm said:
Please ignore my previous question as I made change in Excahnge Virtual Directory where Authentication = Integrated was
missing and when I put check on it and restarted the server and it works now.
thanks for your nice blog.
Reply
9.
Girardelli, on August 12, 2010 at 6:45 pm said:
These guidings didn’t work for me when I try to sync a HTC Wildfire. I have posted my problem under the title “device security
settings on sbs 2003″. I think the autentication goes OK for me, but it fails on some pasword handshaking : Failed to create the
account. Please try again later.
Do you believe this can be caused by the self signed cert I’m using?
Reply
Alan Hardisty, on August 12, 2010 at 9:37 pm said:
Self-Signed certificates can happily be used in SBS 2003 – you need to make sure the certificate name matches the server name
you enter in Activesync and that this name resolves to the IP Address of your SBS server.
What are the results of the Exchange Activesycn test on https://testexchangeconnectivity.com?
Reply
10.
bazzblog, on September 13, 2010 at 9:16 pm said:
I purchased a certificate from the website you refer “exchange-certificates.com” but I am having trouble finding directions to install
the SSL certificate on my Exchange 2003 server. They only offer support for Exchange 2007. Any and all help would be greatly
appreciated.
You blog here is very helpful, thanks for publishing it.
Reply
Alan Hardisty, on September 13, 2010 at 9:21 pm said:
Please have a read of the following link which should explain all you need:
http://help.godaddy.com/topic/742/article/4875
If you get stuck, please let me know. Glad you liked the article and thanks for using the certificate link.
Alan
Reply
Gr8 thanks! Under “To Install the SSL certificate: #7, I dont have that option “Process the pending request and install the
certificate”. I think its because I tried in the past to create a self signed one. Thats where I am stuck ;-(
Alan Hardisty, on September 13, 2010 at 9:30 pm said:
If you created a Certificate Signing Request (CSR) via IIS, then you should have the option to Process the Pending
13 of 21 5/24/2011 6:40 PM
Request.
If this is not available, how did you generate the CSR?
You may need to start again with the CSR via IIS and then re-key the certificate, then complete the installation.
11.
thanks that worked.
Reply
12. Blog bookmarks 09/27/2010 « My Diigo bookmarks, on September 27, 2010 at 4:30 am said:
[...] Exchange 2003 and Activesync Configuration and Troubleshooting « Alan Hardisty’s Blog – All… [...]
Reply
13.
Tomas, on October 3, 2010 at 7:40 am said:
Hi! Thanks for your post. I have configured myy SBS 2003 to get access from two iPhone 4, but I always get the same response:
“Cannot Get Mail, connection to server failed ” When I configure the account in the iPhone, it verify the account correctly, in SSL
mode and without SSL.
I have an self certificate, created with certsvr.
I have executed the test from testexchangeconnectivity.com an I get this certificate error:
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed.
> Additional Details
The certificate chain couldn’t be built. You may be missing required intermediate certificates. For more information, see Microsoft
Knowledge Base article KB 927465.
Although I have tried to configure the account in the iPhone without SSL and I also get the “Cannot Get Mail, connection to server
failed” problem.
Is it a certificate problem?
A lot of thanks
Reply
Alan Hardisty, on October 3, 2010 at 8:48 am said:
You may need to download the Windows Root Certificate Update from Micosoft from the following link
http://support.microsoft.com/kb/931125
Once that is loaded, please re-run the test, making sure you tick the “Ignore Trust for SSL” check box.
Any better?
Reply
Tomas, on October 3, 2010 at 2:00 pm said:
If I tick “Igenore trust for ssl” the test is ok. My problem only appears when I dont tick this option. Is it normall?
14.
Alan Hardisty, on October 3, 2010 at 2:08 pm said:
Yes – this is perfectly normal for a Self-Issued Certificate.
If the certificate was from a Trusted 3rd Party, then I would be concerned.
Is Activesync working happily now?
Reply
14 of 21 5/24/2011 6:40 PM
15.
Tomas, on October 4, 2010 at 8:42 am said:
Ok, now is working. This is the problem: I though that I have installed the SP2 for exchange, because I right-click over Mycomputer
and I saw that I have Windows Server 2003 for Small Bussines SP2, but this is NOT the Exchange SP2 !!!
Then I right-clicked on Server on Exchange Administration and I saw that I dont have any service pack.
I have downloaded the SP2 for Exchange and installed. Now all works perfect.
A lot of thanks
Reply
16. Microsoft Exchange and iPhone synchronization | Lubos System Admin Blog, on October 6, 2010 at 3:47 pm said:
[...] configure IIS, start with Alan Hardisty excellent tutorial and follow it in all details. Use ActiveSync Tester and Exchange Remote
Connectivity Tester from [...]
Reply
17. KB883380 Fails To Regenerate IIS Virtual Directories on Exchange 2003 / SBS 2003 « Alan Hardisty's Blog – All Things IT
Related, on November 7, 2010 at 11:01 am said:
[...] Posts Activesync Working But Only For Some Users On Exchange 2007 / 2010Exchange 2003 and Activesync Configuration and
TroubleshootingHTC HD2 Screen Lock – Prompt For PIN Every Time Phone Turned On FixApple iOS4 Issues with iPhone 4 / [...]
Reply
18. KB883380 Fails To Regenerate IIS Virtual Directories on Exchange 2003 / SBS 2003 « Alan Hardisty's Blog – All Things IT
Related, on November 7, 2010 at 11:01 am said:
[...] Posts Activesync Working But Only For Some Users On Exchange 2007 / 2010Exchange 2003 and Activesync Configuration and
TroubleshootingHTC HD2 Screen Lock – Prompt For PIN Every Time Phone Turned On FixWindows Small Business Server [...]
Reply
19. Exchange server activesync connectivity testing for iphone not working | King Computer Sydney Network Engineers IT Blog,
on November 29, 2010 at 5:24 am said:
[...] http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-configuration-and-troubles... [...]
Reply
20.
Ben G, on December 25, 2010 at 4:57 am said:
Thanks a lot. This page saved my bacon getting activesync to work on a clients server and iphones.
Reply
21. 2010 in review « Alan Hardisty's Blog – All Things IT Related, on January 5, 2011 at 10:17 pm said:
[...] Posts Exchange 2003 and Activesync Configuration and TroubleshootingActivesync Working But Only For Some Users On
Exchange 2007 / 2010Windows Small Business Server 2011 [...]
Reply
22.
Hugo, on January 10, 2011 at 8:19 pm said:
Alan,
I just came across this post while miserably failing to connect our first company iPad via activesync.
All I can say is THANK YOU!
I followed your instructions to a T and the iPad connected seamlessly and I am quite impressed.
Best Regards,
Hugo
15 of 21 5/24/2011 6:40 PM
Reply
Alan Hardisty, on January 10, 2011 at 8:48 pm said:
You are very welcome Hugo. Thanks for taking the time to post a comment on my blog : )
I am glad that it went smoothly for you – and hope it continues that way.
Best wishes
Alan
Reply
23.
Iain, on January 18, 2011 at 9:25 am said:
Hey Alan,
IainNIX from EE here, just found your site and this page helped me get our CEO’s iPad linked to our aging 2003 server. Little did I
know a few tweaks of the virtual directory settings (which did not interfere with our OWA and BES settings) was all it took.
Well impressed, many thanks Alan.
Rgds
Iain.
Reply
24.
Janto, on February 12, 2011 at 1:51 am said:
Hi Alan,
Yesterday, I finally managed to get Exchange SBS 2003 mail on Ipad’s client. I kept getting Ipad’s “cannot connect to server” error.
The cause was IIS default web-site port was set to 8080 to avoid conflict with port 80 used by web server of router for mgmt from
web. Once the port is set to 80 and IIS service restarted, all mails show up. Thank you very much for putting together a very nice
guide. Janto in Indonesia.
Reply
25.
jorge tavares, on March 12, 2011 at 9:38 am said:
Hi Alan,
I must start with a big thank you.
This step-by-step was precious to solve my problem with ActiveSync in an SBS2003 that was insisting on returning HTTP 500 error
while using the Exchange Remote Connectivity Tester.
I came here several times but, only when got completely desperate and after trying all your tips decided to go from the very first to the
very last step to get it fixed.
Just a few remarks that may help others with this same problem and which was the key to unlock my solution:
At some point under the topic “HTTP 500 error:” you have
“Test Activesync without SSL selected – hopefully this should work or give the OK result
• If okay…”
Using the Exchange Remote Connectivity Tester I don’t know how to do that so I decided to follow the “if okay…” also, the step “•
Right-click on Exchange-OMA virtual directory you just created and click Browse – you should see OWA open up happily” didn’t
work but doesn’t matter.
The fact was that at the end of this topic, the Exchange Remote Connectivity Tester returned to me the most beautiful green mark for
successful test I’ve ever seen.
Reply
26.
dwayne, on April 1, 2011 at 7:33 pm said:
Great stuff! All seems to work fine on the lan but not from the web. activesync tester fails at checking version. i have exchange server
2003 behind isa server 2000. thoughts on what i am missing?
16 of 21 5/24/2011 6:40 PM
Reply
Alan Hardisty, on April 8, 2011 at 4:25 pm said:
I am not up-to-speed on ISA server, but that would be where you need to start focussing your efforts as there will be a rule
somewhere that isn’t configured properly.
Please have a read of the following link, which should hopefully steer you in the right direction.
Alan
Reply
27.
Alberto Barajas, on April 9, 2011 at 12:39 am said:
Hi Alan
After following all your steps to conficure activesync, over and over again I just can’t make it to pass the exchange connectivity test.
The HTTP 401 error won’t clear. These are my specs and configuration:
Windows 2003 Standard (Single Server)

Exchange 2003 SP2
UCC SSL Certificate from GoDaddy.com
ISS 6.0 configuration

====================================
Default Website\Properties\Directory Security
Authentication and access control:
Enable anonymus access (checked)
————————————————————–
IP Address and Domain Name Restrictions:
Granted Access (checked)
————————————————————–
Secure Communications:
Require secure channel SSL (Not Checked)
====================================
Virtual Directories Configuration
Exchange\Properties\Directory Security
Authentication and access control
Integrated Windows Authentication (Checked)
Basic Authentication (Checked)
Default domain: MyCompany
Realm: MyCompany.com
—————————————————————
—————————————————————
Require secure channel SSL (Not Checked)
=====================================
Microsoft-Server-ActiveSync\Properties\Directory Security
Authentication and access control
Basic Authentication (Checked)
Default domain: MyCompany
Realm: MyServerName
—————————————————————–
—————————————————————–
Require secure channel SSL-Require 128-bit encryption (Checked)
=====================================
I have followed Microsoft’s KB817379, KB883380 and everything you posted here and ActiveSync just won’t work, this is getting
frustrating and I have asked helped averywhere and everyone points me to Microsoft’s KBs or online tutorials. Everybody complaints
17 of 21 5/24/2011 6:40 PM
about ActiveSync issues. Thank you for your support.
Reply
28.
Alberto Barajas, on April 9, 2011 at 12:42 am said:
Hi
I have tried everything you have posted in your blog, and nothing seems to work for me. Several times and very carefully.
I need to know the correct setting for a

Windows Server 2003 Standard (Single Server)
Exchange 2003 SP2
HTTP 400 Error won’t clear.
Thank you
Reply
29. jasoncoltrin.com – Only solutions! » Exchange (SBS) 2003 activesync troubleshooting, on April 24, 2011 at 2:31 am said:
Reply
30. jasoncoltrin.com – Only solutions! » ActiveSynch troubleshooting on Exchange/SBS 2003, on April 24, 2011 at 3:55 am said:
Reply
31.
Mukesh Trivedi, on April 25, 2011 at 2:47 pm said:
Hi Alan,
I was able to setup exchange emails on my Iphone after reading your article last year and I was able to get new email notification on
my Iphone. But for the last 2 weeks after Ipohne OS update seems like I am not able to get new emal notification on iphone. Same
problem is with my colleague in office. I called Apple Tech Support and they told me to reset all settings and restore on my iphone and
even I deleted my exchange account and setup again but not luck. Can you please guide me what could be the problem. Is it Exchange
Server problem. We have Windows Std Server 2003 Sp2 and Exchange Server 2003 SP2.
Thanks,
Mukesh
Reply
Alan Hardisty, on April 26, 2011 at 8:45 am said:
I would be very surprised if an iOS upgrade caused you the problems. That’s a first for me.
Have you run the Exchange Activesync test on https://testexchangeconnectivity.com and does it pass?
Reply
32.
Mukesh, on April 26, 2011 at 9:16 am said:
HI Aan, Thanks for your prompt response.

Seems like not update but when I setup my IPAD2 for exchange email. It started having not push. I found the solution from google
search. see below.
—–
anyone who has Exchange 2007, or older with Push, if you setup another device with Push, it will register with the server.
You need to go to the self-service in Webmail in 2007 or have your admin delete the synchronization relationship with the server so
only the iPhone is listed.
The server is confused as to which device to Push new email to. Once I deleted my other device and the iPhone was by itself in the
list, it alerted and changed the Icon.
18 of 21 5/24/2011 6:40 PM
——-
Can you please tell me where in Exchange server (synchronization relationship) I can remove IPAD device ?
Thanks,
Reply
Alan Hardisty, on April 27, 2011 at 5:18 pm said:
You can sync multiple devices to a single account. I have my iPad and iPhone hooked up to my account on Exchange 2010 and
there isn’t a problem.
Sadly, the information you have found is inaccurate.
If you log into OWA (following steps are from Exchange 2010 OWA), then go to Options> All Options> Phone – you should see
a list of devices configured under your account. If you want – you can delete one or more, but there isn’t a problem having more
than one device.
Reply
33.
Hi Alan,
I tested ActivSync connectivity and it is passed except SSL as we don’t have.
Reply
34.
Hi Alan, Thnaks for oyur prompt response again.
I have Excahnge Server 2003 so I don’t have ALL OPTIONS where I can see devices.
Reply
35.
Hi Alan,
I checked on Event Viewer Application and have found Error ID 3024 and 3015. As per 3015 error , seems like I need to add UDP
port 2883 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ReservedPorts
Do you think this could solve my problem. I am going to change today and will reboot the server tonight to see if that works. Presently
only 3343 port is added in ReservedPorts key.
Thanks,
Mukesh
Reply
Mukesh Trivedi, on May 4, 2011 at 3:00 pm said:
It works now. Thanks.
Reply
Leave a Reply
Your email address will not be published. Required fields are marked *
Name *
Email *
Website
19 of 21 5/24/2011 6:40 PM
Comment
You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote
cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Notify me of follow-up comments via email.
Notify me of new posts via email.
About Alan Hardisty

I am a seasoned IT Support Professional who has worked in the IT Industry for the past 20+ years and am currently running my own
IT Support Company in Orpington, Kent (UK) with my business partner Mark Sitwell, who has also been in the IT Industry for the past
20+ years.
I can be found regularly answering technical questions on Experts Exchange where I am currently sitting at 45th position out of
111,436 Experts worldwide.
IT Eye primarily focus on the Small to Medium Business Sector (SMB) and have a wealth of experience supporting single users up to
and including customers with multiple servers and 60+ workstations.
Distance is not a problem as we use a variety of Remote Support Tools to support our customers and have worked numerous times on
servers in the US, Canada and other countries around the globe, as well as across the UK.
Our website can be found at http://www.it-eye.co.uk
Our telephone number is 020 8676 6670.
Need a Trusted 3rd Party SSL Certificate?

If you are looking for a GoDaddy Trusted 3rd Party SSL Certificate that you can install on your server and means you don't have to
install the certificate on your computers or hand-held devices, then you can buy one from: http://www.exchange-certificates.com
Tag Cloud
Activesync Adobe Adobe Reader Blacklist Bogus Brute Force BT Collection Problems Email Exchangd 2010 Exchange Exchange 2003 Exchange 2003
Exchange 2007 Exchange 2010 Forefront Threat Management Gateway Hackers Hoax HTC HD2 Lock Issue
iPad iPhone KB883380 Malicious microsoft Mobile Phones Open Relay Password Prompt PDF phone calls POP3 Reader Rollup 2 Service Pack 1 Service Pack 3 SP3 Rollup 1
iOS4
Spam Spoofed Mail Sync Problems Tighten Security Virtual Directories Windows Mobile Windows Phone 7 Series
Calendar
February 2010
M T W T F S S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
Mar »
Email Subscription
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
20 of 21 5/24/2011 6:40 PM
Blogroll
Exchangepedia Blog
Glen Knight's Blog
Matthew Huxtable's Blog
MS Exchange Team Blog
Official SBS Blog
Vamsoft ORF Blog
RSS - Posts
RSS - Comments
Blog Stats
65,929 hits
Spam Blocked
2,211
spam comments
Search This Blog
Blog at WordPress.com. Theme: Digg 3 Column by WP Designer.
21 of 21 5/24/2011 6:40 PM

Exchange 2003 and Activesync Configuration and Troubleshooting Alan Hardisty's Blog - All Things IT Related

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Exchange 2003 and Activesync Configuration and Troubleshooting Alan Hardisty's Blog - All Things IT Related

Încărcat de

Drepturi de autor:

Formate disponibile

Exchange 2003 and Activesync Configuration and Troubleshooting « Alan... http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-active...

Entries RSS | Comments RSS

Excellent Price / Performance Anti-Spam Software

Exchange 2007 (17)

Exchange 2003 and Activesync Configuration and Troubleshooting

Exchange 2003 (Not part of Small Business Server):

Exchange Virtual Directory

Microsoft-Server-Activesync Virtual Directory

• Realm = NETBIOS name

Exchange 2003 (Part of Small Business Server):

Exchange Virtual Directory

Microsoft-Server-Activesync Virtual Directory

Exchange-oma Virtual Directory

OMA Virtual Directory

Click Finish to complete the Wizard

Windows Mobile Phone / iPhone Settings:

Email Address: Your Users Email Address

3rd Party SSL Certificate:

Do NOT check the “Ignore Trust for SSL” check box

Self-Certified SSL Certificate:

Check the “Ignore Trust for SSL” checkbox.

Various Activesync Errors / Solutions:

Activesync Error 0×86000108:

Application Event Log 3005 Errors:

HTTP 401 Error:

HTTP 403 Error:

HTTP/1.1 403 Forbidden

I have also seen the 403 error resolved by running:

Check to see if Activesync is enabled globally on your server – http://technet.microsoft.com/en-us/library/bb125073(EXCHG.65).aspx

Also check to see if it is enabled on a user by user basis – http://technet.microsoft.com/en-us/library/aa997489(EXCHG.65).aspx

HTTP 500 Error:

• Disable Forms Based Authentication – Exchange HTTP Protocol (if enabled)

Isinteg –s servername –fix –test alltests

Exchweb Virtual Directory

Exchweb \ Bin Directory

Exchweb \ Bin \ Auth Directory

Exchweb \ Bin \ Auth \ USA Directory

* * * Please rate this article below if you have found it helpful * * *

Possibly related posts: (automatically generated)

Exchange 2007 Service Pack 2 Rollup 4 Released

« Exchange 2010 POP3 Collection Problems Why Am I Blacklisted? »

Like 3 bloggers like this post.

This worked perfectly on two SBS 2003 servers.

Alan Hardisty, on May 17, 2010 at 3:21 pm said:

Which virtual directory are you reffering to?

I’d really appreciate some help because this looks promising.

Steve Davies, on May 22, 2010 at 11:00 am said:

PLEASE NEVER DELETE THIS PAGE

[...] Troubleshooting ActiveSync with Exchange 2003: http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-

Thank you very mutch.

Mark, on August 11, 2010 at 7:18 pm said:

thanks for your nice blog.

Alan Hardisty, on August 12, 2010 at 9:37 pm said:

What are the results of the Exchange Activesycn test on https://testexchangeconnectivity.com?

Alan Hardisty, on September 13, 2010 at 9:21 pm said:

bazzblog, on September 13, 2010 at 9:26 pm said:

Alan Hardisty, on September 13, 2010 at 9:30 pm said:

If this is not available, how did you generate the CSR?

thanks that worked.

Alan Hardisty, on October 3, 2010 at 8:48 am said:

Tomas, on October 3, 2010 at 2:00 pm said:

Yes – this is perfectly normal for a Self-Issued Certificate.

Is Activesync working happily now?