Announcement

Collapse
No announcement yet.

Need help in setting up OMA/ActiveSync on Exchange 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help in setting up OMA/ActiveSync on Exchange 2003

    Hello All,

    I have been trying to setup OMA/ActiveSync on Exchange 2003 for about 2-3 days now, but havent gotten it to work. I have gone thru a lot of blogs and KB articles, and tried some of the suggestions, but all in vain.

    First of, info about the server:
    - Windows 2003 Enterprise SP2 + Exchange 2003 Enterprise SP2 + all security updates/patches from windows updates applied (except the Win Malicious Software Removal Tool and IE 7).
    - Outlook Web Access (OWA) is setup with SSL; Forms Based Authentication (FBA) is NOT enabled
    - RPC over HTTP has NOT been configured
    - Currently, Exchange is being used only with:
    1. Internal Outlook clients
    2. OWA over SSL
    - Firewall ports 88 and 443 ONLY are opened on the hardware firewall for external OWA/SSL connections (dont know why 88 is open, I wasnt the one who initially setup the firewall); Windows Firewall is disabled on the server

    ***Note: It seems SSL has been setup on the Default Web Site in IIS, so I guess it gets applied to all virtual directories. Is this a good practice!?

    OMA virtual directory config:
    OMA > Properties > Directory Security tab > Authintication and Access Control
    - Enable Anonymous Access - NOT CHECKED
    - Integrated Windows Authentication - NOT CHECKED
    - Digest Authentication - NOT CHECKED
    - Basic Authentication - THIS IS CHECKED
    - .NET Auth - NOT CHECKED
    - Default Doamin: \ (backslash)
    - Realm: blank (empty)

    Going through the blogs on the internet, I have come across several things:
    # FIRST, I learned that OMA/ActiveSync has problems syncing up to Exchange when OWA is set to use SSL (or also if FBA is enabled).
    - I followed Microsoft KB817379, or article
    http://www.petri.com/problems_with_f...activesync.htm, and created a different v-dir - exchange-oma - for OMA/ActiveSync use as suggested in them.

    But it didnt work.. I still cannot access https://serverFQDN/OMA using a simple IE 6 browser; gives me a login window, but I get the following error:
    "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."

    and the following Application event log on the Exch server:
    -----
    Event Type: Error
    Event Source: MSExchangeOMA
    Event Category: (1000)
    Event ID: 1503
    Date: 7/24/2008
    Time: 3:44:50 PM
    User: N/A
    Computer: *****
    Description:
    An unknown error occurred while processing the current request:
    Message: The remote server returned an
    error: (403) Forbidden.
    Source: Microsoft.Exchange.OMA.ExchangeDataProvider
    Stack trace:
    at
    Microsoft.Exchange.OMA.ExchangeDataProvider.OmaWeb Request.GetRequestStream()
    at Microsoft.Exchange.OMA.ExchangeDataProvider.Exchan geServices.GetSpecialFolders()
    at Microsoft.Exchange.OMA.ExchangeDataProvider.Exchan geServices..ctor(UserInfo user)
    Message:
    Exception has been thrown by the target of an invocation.
    Source: mscorlib
    Stack trace:
    at
    System.Reflection.RuntimeConstructorInfo.InternalI nvoke(BindingFlags invokeAttr, Binder binder, Object[]
    parameters, CultureInfo culture, Boolean isBinderDefault)
    at System.Reflection.RuntimeConstructorInfo.Invoke(Bi ndingFlags invokeAttr, Binder binder, Object[]
    parameters, CultureInfo culture)
    at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args,
    CultureInfo culture, Object[] activationAttributes)
    at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args,
    CultureInfo culture, Object[] activationAttributes)
    at Microsoft.Exchange.OMA.UserInterface.Global.Sessio n_Start(Object sender, EventArgs e)
    Message:
    Exception of type Microsoft.Exchange.OMA.DataProviderInterface.Provi derException was thrown.
    EventMessage:
    UserMessage: A System error has occurred while processing your request. Please try again.
    If the problem persists, contact your administrator.
    Source: Microsoft.Exchange.OMA.UserInterface
    Stack
    trace:
    at Microsoft.Exchange.OMA.UserInterface.Global.Sessio n_Start(Object sender, EventArgs e)
    at System.Web.SessionState.SessionStateModule.RaiseOn Start(EventArgs e)
    at System.Web.SessionState.SessionStateModule.Complet eAcquireState()
    at System.Web.SessionState.SessionStateModule.BeginAc quireState(Object source, EventArgs e,
    AsyncCallback cb, Object extraData)
    at System.Web.AsyncEventExecutionStep.System.Web.Http Application+IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously)

    For
    more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    -----

    If I turn ON "Integrated Authentication" on the OMA v-dir, I get the same error as above on the client machine, along with a "Home" link .. notice the Home link below:
    "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
    Home"

    But, as at least one other user experienced
    (http://forums.msexchange.org/m_18003...htm#1800387349), cliking on "Home" doesnt get me to my OMA inbox.. it just pops up the login window over and over again.

    And.. I get one more Application event log entry before the 1503 entry (in addition to the 1503 entry above)
    -----
    Event Type: Error
    Event Source: MSExchangeOMA
    Event Category: (1000)
    Event ID: 1502
    Date: 7/24/2008
    Time: 4:15:51 PM
    User: N/A
    Computer: *****
    Description:
    No Basic credentials were found in the HTTP request. To fix this problem, verify that Basic authentication is turned on and all other authentication methods are turned off on the Outlook(R) Mobile Access virtual directory.
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -----


    # SECOND, in the user/admin guides I got from Apple's website to setup iPhone, it is mentioned in several places that an ISA server is required and RPC over HTTP has to be setup on ISA. Is the ISA server really "required"!!? I cant imagine Apple needs all Exchange organizations to setup ISA servers, just to get ActiveSync working for the iPhone!

    If the ISA server part is optional, can RPC-over-HTTP (or HTTPS actually) be setup on the Exchange server box directly? I read http://www.petri.com/configure_rpc_o...gle_server.htm in detail, however I dont exactly fit into the Single Server or the Multiple Server scenarios - my Exchange server is a standalone box (not a front end-back end config), and is not a DC. I do have 3 domain controllers in the domain, but NO separate Proxy Server. So which directions should I follow?

    ***Note: I noticed yesterday that the IMAP service on my Exchange server was hung, it couldnt be restarted, or stopped and started.. so I rebooted the server and the IMAP svc is working fine now. This was after I tried syncing a user's iPhone to exchange, and it wouldn't sync. iPhone gave an error "Exchange server is not repsonding".. something like that.

    Any help/guidance will be greatly appreciated!!
    Thanks a lot in advance!

    Sincerely,
    Vinay.
    Last edited by svinay23; 24th July 2008, 22:34.

  • #2
    Re: Need help in setting up OMA/ActiveSync on Exchange 2003

    No opinions on question 1 but as for question 2: your Exchange server is a single server configuration, it will act as it's own proxy server. This is how we have it set up. As for the Iphone, are you referring to the new Iphone? If you are referring to the original Iphone, it cannot connect to Exchange using RPC over HTTP AFAIK, even though on the Iphone it has an "Exchange" option. It still only uses POP or IMAP.

    Comment


    • #3
      Re: Need help in setting up OMA/ActiveSync on Exchange 2003

      Yes, these are first generation iPhones I am dealing with for now, or iPhone "classic" as they like to call them. I thought Apple released a firmware v 2.0 for iPhone Classic's that connects to Exchange, just like the new iPhone 3G's.. without POP or IMAP, but using ActiveSync with RPC over HTTP. Maybe I am mistaken...

      Thanks for your respone. I am hoping someone has more insight on my question 1... Thanks again.

      Comment


      • #4
        Re: Need help in setting up OMA/ActiveSync on Exchange 2003

        Sorry, I think you're right about the firmware update for the iPhone "classic".

        Comment


        • #5
          Re: Need help in setting up OMA/ActiveSync on Exchange 2003

          Joe..
          Thanks much for clarifying!

          Comment


          • #6
            Re: Need help in setting up OMA/ActiveSync on Exchange 2003

            The first thing I noticed was this...

            "Firewall ports 88 and 443 ONLY "

            Port 88 ? Is that a typo?

            If this is the first time you have setup the feature on this server then I would be tempted to reset the virtual directories back to default, remove the registry entry and additional exchange-oma directory and confirm it works native before making any changes (like forms based authentication or require SSL).

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Need help in setting up OMA/ActiveSync on Exchange 2003

              Hey Simon,

              No, 88 is NOT a typo! I was surprised too, but 88 and 443 are the only ports open to the outside world for the Exchange server.

              Yes, this is the first time I am trying to setup OMA/ActiveSync on this server. I was thinking same.. to reset the v-dir's as they originally were, delete exchange-oma.. and try syncing the iPhone (or OMA using IE) one more time. (We dont need FBA for now, only SSL is being used)

              Can you pls confirm the settings for the OMA virtual directory when OMA is NOT being used?! I remember only Basic Auth checked, and the domain name entry had just a " \ " (backspace).

              Thanks much!
              Last edited by svinay23; 25th July 2008, 15:14. Reason: Added last sentence in 2nd paragraph

              Comment


              • #8
                Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                First - if the port has been changed internally then that is a problem.

                Internal calls are made on port 80. that is hard coded and cannot be changed. I don't see the point in having port 88 open - you may as well close it. You do not get security by obscurity.

                Wile you are trying to use port 88, it will never work.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                  The port openings in the hardware firewall were made by the previous network admin; I dont think 88 is being used for anything though, only 443 is being used for OWA-SSL. I could very well close 88.. you are right.. will look into it.

                  Windows Firewall on the server is disabled, so internal calls on port 80 should go through fine.

                  When I first tried syncing the users iPhone, I was doing it from the users MAC, using the Apple Mail 3.3 software. (Seems you have to setup Apple Mail for Exchange first and then sync the settings to iPhone). The MAC is on the internal network.. on the domain, and could ping the Exchange server fine. But after entering all settings in Apple Mail, it still did not sync to Exchange.. said "the server is not responding..."

                  How do I check if 88 is, in fact, being used for something?! As usual, I have almost no documentation on configuration settings of this server!

                  Comment


                  • #10
                    Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                    Running " netstat -ano " on the Exchange server shows ports listening for incoming connections, and 88 is NOT in that list! Seems 88 is not being used after all. Have no idea why it had been left open in the firewall!

                    Comment


                    • #11
                      Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                      Where does port 88 on the firewall go?
                      If you look at the properties of the web server, that should you the port that is being used.

                      Whether Windows Firewall is on or off doesn't matter, as it is an internal call on the server itself. OMA and EAS both get their data via the /exchange virtual directory by default, on port 80. That is why the require SSL option and authentication changes when you use FBA causes so much of a problem.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment


                      • #12
                        Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                        GOOD news.. I just got OMA and ActiveSync to work !! Resetting the OMA virtual directory to original settings, and removing the changes made by KB817379 did the trick.. OMA login from Internet Explorer started working. The iPhone Classic's (with f/w v2.0) are now syncing up too! I dont have a Windows Mobile phone or the recent iPhone 3G's to test yet. (After going thru all this, I guess the changes in KB817379 are not needed if Exchange SP2 is already installed)

                        Nothing was changed on the firewall. Port 88 is not going anywhere.. its just open.. and the website in IIS, the default web site is configured on 80 (HTTP) and 443 (HTTPS).. no mention of 88 anywhere. I will close 88 on the firewall now.

                        I am using SSL for OWA, but the "Require SSL" option is NOT CHECKED. Also, FBA is not being used, it is disabled.


                        To sum it all up, I think the following were causing problems during the initial sync trial 4 days ago:

                        1. IMAP service on the server was hung that day. I remember reading somewhere that iPhones (Classic's, maybe not the 3G) need the IMAP service running (even if they only use ActiveSync and don't use IMAP). A server reboot fixed the IMAP service.

                        2. When entering the server external FQDN on the iPhone, DO NOT enter http:// or https:// with the URL. If using SSL, the iPhone (or the Apple Mail software on the MAC) has a check box to check for SSL. Also, if the OWA URL for your server is https://serverFQDN/exchange... do not enter "exchange" at the end too.. just serverFQDN is needed.

                        3. Login credentials on iPhone and Apple Mail should be entered in domain\username format, not just username.


                        Of course, before all of this, do remember to enable ActiveSync and OMA from the Exchange System Manager:
                        ESM > Global Settings > Mobile Services > Rright-click - Properties


                        Thanks,
                        Vinay
                        Last edited by svinay23; 25th July 2008, 17:21.

                        Comment


                        • #13
                          Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                          Hi,

                          Could you just confirm how you get the OMA directory back to it's orginal settings, also what are they

                          Thanks for your help!

                          Comment


                          • #14
                            Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                            The quickest way is to reset the virtual directories using this kb article:
                            http://support.microsoft.com/default.aspx?kbid=883380

                            Simon.
                            --
                            Simon Butler
                            Exchange MVP

                            Blog: http://blog.sembee.co.uk/
                            More Exchange Content: http://exchange.sembee.info/
                            Exchange Resources List: http://exbpa.com/
                            In the UK? Hire me: http://www.sembee.co.uk/

                            Sembee is a registered trademark, used here with permission.

                            Comment


                            • #15
                              Re: Need help in setting up OMA/ActiveSync on Exchange 2003

                              Thats a good article KB883380.. However, this will reset ALL IIS virtual directories under the default website to original settings. If only the OMA directory has to be reset, just undo the changes you made from KB817379 in reverse order:
                              1. Delete the /exchange-oma virtual directory from IIS
                              2. Delete the registry key added to point to this virtual directory: HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Par ameters\ExchangeVDir (be careful to only delete the ExchangeVDir value on the right hand side, DO NOT delete the Parameters subkey!)
                              3. Reset /OMA virtual directory settings back to original values (this is what I had):
                              IIS > OMA > (right click) Properties > Directory Security tab > Authentication and Access Control - Edit
                              --- ONLY Basic Authentication checked
                              --- Default Domain: \ (backslash)

                              ** Restart the IISAdmin service (using Run > services.msc)

                              Hope this helps!

                              Vinay.

                              Comment

                              Working...
                              X