Announcement

Collapse
No announcement yet.

ActiveSync only works sometimes

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ActiveSync only works sometimes

    Hello forum,

    I'm running an Exchange 2003 on a Server 2003.
    Everything works perfect except ActiveSync from a mobile device.

    This works without problems:
    Exchange RPC over HTTPS (Outlook 2003)
    OWA over HTTPS
    OMA over HTTPS (works without problem)
    The SSL certificate which I have generated myself.

    The only thing that doesn't work 100% is the active sync from a mobile device. It works 4 out of 5 times or so. But suddenly when I hit "Synchronize" I get a HTTP_500 on the 2003SE and a 0x85010014 on the 2005. I then wait for half an hour or so, and it works again. I find it very weird.

    I have goggled for hours to find a solution, but all the posts I can find is the problem "all or nothing". Haven't found anywhere, where it works sometimes, and sometimes doesn't.

    I have tried looking in the Server Event Viewer but can't find anything relevant.

    Anyone have heard of this error before?

    I would really appreciate getting this to work.

    Best regards

    HMR-design
    Henrik Rasmussen

  • #2
    Re: ActiveSync only works sometimes

    Have you made the changes outlined in KB 817379 ?
    The fact that it works sometimes and then doesn't would still make me want to make those changes.

    You could also look at my variant of the process: http://www.amset.info/exchange/mobile-85010014.asp

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: ActiveSync only works sometimes

      Hello Simon,

      Sorry for the late reply..

      I've followed your link, and tried to reset the Exchange-folders using the Microsoft guide you have linked to.

      Then I tried to follow your example.

      I have disabled form-based logins.
      I have disabled all require SSL.
      Everthing works perfect.

      I then add the "ExchangeVDir" key to the registry, and enabel require SSL on "OMA" and "Exchange" virtual directories. Now it doesn't work. If I delete the registry key, and disable the require SSL it works again.

      I think my smartphone is syncing over SSL, even though it is not required in IIS. So it is not the SSL thats the problem. Its the require flag which create problems.

      Have you any ideay on how I can get this "Require SSL" to work?

      Best regards
      Henrik Rasmussen

      Comment


      • #4
        Re: ActiveSync only works sometimes

        Don't confuse the setting "Require SSL" with your ability to use SSL. You do not need Require SSL to use SSL. I don't have Require SSL enabled on any of my servers - I simply do not allow port 80 (http) traffic in to the site so the setting is not required.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: ActiveSync only works sometimes

          Ahh.. So theres no trouble. I already have blocket port 80 on the server in the firewall.

          Then I can't see what the exchange-oma vdir is good for? Right now I'm using SSL without this dir and without the registry edit?

          Am I wrong?

          /Henrik

          Comment


          • #6
            Re: ActiveSync only works sometimes

            The additional directory is required if you are using SSL and forms based authentication. FBA only allows you to use basic authentication on the /exchange virtual directory, whereas EAS and OMA need integrated authentication. EAS/OMA make internal calls on port 80 to the /exchange (or /exchange-oma directory if the registry key is in place) and need to authenticate.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: ActiveSync only works sometimes

              OK - thanks for the information..

              I'm the only one using the exchange server, and I don't mind using form based logins.

              Port 80 on the router is forwarded to another server (linux webserver), and port 443 is forwarded to the exchange server.

              Just to make things clear:
              Theres is no security issue in not enabling form based logins and not requiring SSL?

              Many many thanks.

              /Henrik

              Comment


              • #8
                Re: ActiveSync only works sometimes

                Not enabling forms based authentication I see as a security risk.
                If a user doesn't close down all Internet Explorer sessions after logging out of OWA then their session isn't closed and you can easily get back in to the mailbox. Using FBA adds cookie control with the cookie flushed when the session ends.

                If you can only access Exchange on port 443 then require SSL doesn't do anything for you. Al your traffic will be coming in over port 443 anyway. All that require SSL does is throw an error if you access the session on port 80.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: ActiveSync only works sometimes

                  Thanks..

                  You've have been a great help.

                  /Henrik

                  Comment


                  • #10
                    Re: ActiveSync only works sometimes

                    Simon,

                    Thanks and thanks and thanks again for your tutorial at http://www.amset.info/exchange/mobile-85010014.asp. I was having issues with both OMA and EAS and after following your tutorial word for word, without even looking at the associated MSKB article, it is now working beautifully!

                    Let me just ask you like this: I have a good SSL Cert from GoDaddy (which BTW only works on WM5 devices with MSFP installed as per https://partner.microsoft.com/global/partner/40027352) which I use for my web server. I would like to set Exchange to only allow SSL connections since I have no reason not to. You mentioned earlier something about port 80 being blocked on your setup, but on mine it's open so I'd rather be secure and allow SSL only. Can you describe to me how to do this? And while you're describing that, how can I get it that when a user goes to http://FQDN/exchange it automatically redirects them to httpS://FQDN/exchange?

                    Thanks again.

                    Comment


                    • #11
                      Re: ActiveSync only works sometimes

                      Well, after doing some searching for a different issue, I found the answer at http://support.microsoft.com/kb/555053. Followed it step by step and now I just type my FQDN into IE and it redirects to https://FQDN/exchange.

                      -Eli

                      Comment


                      • #12
                        Re: ActiveSync only works sometimes

                        Have you checked that everything still works after that?
                        OMA/EAS makes internal calls on port 80 and redirects can break that functionality.

                        All I do is not open port 80 on the firewall. The only port is 443.
                        If the users enter http://host.domain.com then they get an error - tough - they have to correct the URL. They soon learn and it keeps the entire server secure - no http traffic comes in to the server at all.

                        Simon.
                        --
                        Simon Butler
                        Exchange MVP

                        Blog: http://blog.sembee.co.uk/
                        More Exchange Content: http://exchange.sembee.info/
                        Exchange Resources List: http://exbpa.com/
                        In the UK? Hire me: http://www.sembee.co.uk/

                        Sembee is a registered trademark, used here with permission.

                        Comment


                        • #13
                          Re: ActiveSync only works sometimes

                          My Treo 700wx syncs fine with my Exchange server, but prior to that I had trouble getting my Dell Axim to sync - I got the same error, HTTP_500

                          My domain was ct.local and my logon was r042wal
                          My e-mail domain was convergent-tech.ca and my alias was rob
                          My primary SMTP mail address was [email protected]
                          In ADUC I also had [email protected]l

                          ActiveSync was set up with [email protected] to log in to Exchange but it would fail with HTTP_500

                          The solution was to create an e-mail account in ADUC for [email protected]l and [email protected]

                          It worked after that.
                          Network Engineers do IT under the desk

                          Comment


                          • #14
                            Re: ActiveSync only works sometimes

                            Originally posted by Sembee View Post
                            Have you checked that everything still works after that?
                            OMA/EAS makes internal calls on port 80 and redirects can break that functionality.
                            After following the MS article above and forwarding all HTTP traffic to HTTPS, all 4 things work fine (OWA, OMA, EAS, and RPC/HTTP).

                            Originally posted by Sembee View Post
                            All I do is not open port 80 on the firewall. The only port is 443.
                            If the users enter http://host.domain.com then they get an error - tough - they have to correct the URL. They soon learn and it keeps the entire server secure - no http traffic comes in to the server at all.

                            Simon.
                            What you're saying is that if I block port 80 then when users go to HTTP://FQDN/ it won't forward them to HTTPS://FQDN/exchange?? I don't know if that's so good. I don't have the smartest users. How bad is it to have port 80 open if there is really no web server aside from Exchange installed on the machine?

                            -Eli

                            Comment


                            • #15
                              Re: ActiveSync only works sometimes

                              Originally posted by kingbear2 View Post


                              What you're saying is that if I block port 80 then when users go to HTTP://FQDN/ it won't forward them to HTTPS://FQDN/exchange?? I don't know if that's so good. I don't have the smartest users. How bad is it to have port 80 open if there is really no web server aside from Exchange installed on the machine?
                              That is indeed what I am saying.
                              I do not want port 80 open to the network, whether or not it is simply bouncing the traffic to the SSL port. It is one of the most heavily scanned ports on the internet (along with 135 and the FTP ports).
                              There are now too many people in the IT industry who were either not around or have forgotten the last time port 80 was attacked and the chaos it caused. The "Code Red" worm.

                              If the users are too stupid to enter the https then they will soon learn.
                              If they complain, then put a link on a public web site that they can click on. Do not compromise network security to accommodate lazy or stupid users. That may seem harsh, but it only takes a single attack on your machine for it to pay off.

                              Simon.
                              --
                              Simon Butler
                              Exchange MVP

                              Blog: http://blog.sembee.co.uk/
                              More Exchange Content: http://exchange.sembee.info/
                              Exchange Resources List: http://exbpa.com/
                              In the UK? Hire me: http://www.sembee.co.uk/

                              Sembee is a registered trademark, used here with permission.

                              Comment

                              Working...
                              X