Announcement

Collapse
No announcement yet.

ActiveSync for iPad fails only when non-default policy applied

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ActiveSync for iPad fails only when non-default policy applied

    Hi All,

    I have an Exchange 2007 server and OWA has been working for some time. I have ActiveSync enabled and am trying to get an iPad to sync with Exchange. (I am testing with an iPad but actually want to get this functioning for an iPhone)

    If I enable the default ActiveSync Mailbox policy on my test user account, I can sync mail. However, I want to apply a secure policy with various password and encryption policies. Whenever I tried to connect with the custom policy, it fails and continues to prompt for the password or indicates that the username/password cannot be verified, etc. So then I modified my new policy to be exactly the same as the default policy and got the same results. I then created a brand new policy from scratch and set it to be the same as the default policy and it still fails.

    At testexchangeconnectivity.com, testing when my account has the default policy applied comes back 100% successful aside from a warning that the SSL cert won't work on earlier version of WindowsMobile than version 6. When I test with my custom policy setup exactly as the default policy, it returns the following error:

    ExRCA is attempting to send the OPTIONS command to the server.
    Testing of the OPTIONS command failed. For more information, see Additional Details.

    Additional Details
    A Web Exception occurred because an HTTP 401 - Unauthorized response was received from IIS6

    In EMC, Server Configuration>Client Access>Exchange ActiveSync tab, I see that the ActiveSync instance is using the "Default Website." The previous administrator had a separate tree in IIS called "Client" that contains a second listing of Microsoft-Server-ActiveSync. This tree named "client" has the SSL cert from Starfield applied to it while the original "Default Website," just has the self-issued cert. I was interested in changing the Exchange ActiveSync instance to point to the "Client" Website instead of the "Default Website" but there is nowhere in the gui to do this and I have not yet found out how to do that in powershell. The reason why I wanted to make this change was I read that the HTTP 401 error I noted above is due to a self-signed cert instead of from a verified cert authority. However, if I just use the Default ActiveSync policy, it works fine so I began to question whether I was on the right path.

    I really appreciate your input!

    R

  • #2
    Re: ActiveSync for iPad fails only when non-default policy applied

    What a mess.
    No idea why a second web site was used.

    Not everything is done through the GUI, things are done through the management shell as well.

    However, in this case, the site being used by the client has nothing to do with Exchange, it is how your firewall and/or DNS is configured. You need to see how the two web sites are being separated, probably by IP address and adjust any DNS and/or firewall to point to that web site instead.

    I would actually consider removing the second web site completely. However you can't just delete it, if the virtual directories for Exchange are in there then you need to remove them using

    remove-owavirtualdirectory
    remove-activesyncvirtualdirectory
    remove-oabvirtualdirectory
    etc

    Those commands are all documented on Technet.

    You will also need to move the SSL certificate to the default web site. Again you have to use the shell for that.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: ActiveSync for iPad fails only when non-default policy applied

      Thanks very much, Simon. If ActiveSync works with the default ActiveSync Mailbox policy, why would firewall or DNS settings come into play? To recap, activesync is not working when I make a new ActiveSync Mailbox policy that matches the default policy exactly. Would a new but identical policy be using a different site in IIS?

      Thanks!

      Comment


      • #4
        Re: ActiveSync for iPad fails only when non-default policy applied

        Can't answer anything about the policy. Apple's implementation of ActiveSync is half baked at best. They have done almost the minimum required to get it to work, but with that half of the policy items don't work.

        Given the mess you are in, it is hard to know why things don't work.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X