B.O.G.A. IT Consultants

 

      Article ID: 817379 to see the Microsoft article click here

 

Have you recreated your virtual directories? Article ID: 883380 That will reoslve your activesync errors in event viewer
Have you verified the exchange-oma settings? Article ID: 937635 - there is much speculation as to the actual need for this folder and it has been tried with and without this folder; SBS 2003 probably does need it, 2003 server shows no evidence of needing it - you can do it, but only if you have forms based authentication problems with Outlook Web Access, not for mobile evice syncing.
ID: 3005 Source: Server ActiveSync version: 6.5.7596.0 - Message: Unexpected Exchange mailbox Server error: Server: [%1] User: [%2] HTTP status code: [%3]. Verify that the Exchange mailbox Server is working correctly. - Make sure "require SSL" is not enabled for the activesync virtual directory

Finally, the solution: right click default website -

  • go to properties
  • go to directory security

default directory properties

  • Under Secure communications, click edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK. Click "select all" when asked to propagate these changes to all sub folders.
  • Restart IIS in control panel, services.
  • Select "yes" to restart all dependent services

iis restart other

  • return to IIS admin console
  • reconnect to IIS when prompted
  • Expand default website
  • right click exchadmin - go to directory security. You may choose to enable SSL for this, in which case, under Secure communications, click edit. Make sure that Require secure channel (SSL) is enabled, and then click OK.
  • DO NOT enable SSL for exchange-oma, exchange, exchweb, microsoft server activesync. Your mobile device will still use tyour domain's certificate during authentication, this is proven if you are using a self-certified certificate, in which case a warning will pop up.
  • DO NOT allow anonymous access for "exadmin" - under the authentication and access control tab, make sure "enable anonymous access" is unticked. Enusre "integrated windows authentication and basic authentication" are ticked. (Linked problems for exadmin folder - click here)
  • Do the same for the "Exchange" folder, as well as making sure "integrated windows authentication and basic authentication" are ticked.
  • Do enable "enable anonymous access" for "Exchweb".
  • Make sure your virutual directories look like this:

virtual directories

How to decide what should have SSL enabled:

  • Exchweb   Stores graphics and additional files required for Microsoft Office Outlook Web Access for Exchange Server 2003. This is a standard virtual directory that points to the \Program Files\Exchsrvr\Exchweb directory on the server's hard disk. - SSL is not required here because it is only accessible after the first FBA* screen - since this is accessed from the web, anonymous access is enabled, we haven't tested it with anonymous off, but ensure basic authentication against your domain name, and integrated windows authentication is enabled as well. This way, if a folder is accessed, it will require a username and password.
  • Exchange   Used by Outlook Web Access for mailbox access. This virtual directory binds to the URL \\.\BackOfficeStorage\<server's fully qualified domain name>\mbx. - does not need SSL but should have at least basic authentication against your domain name. Forms based authentication is enabled for this folder under exchange System Manager console. DO NOT allow anonymous access for this folder so that web access is always met with a prompt for username and password. Read more about DAV access to mailboxes here
  • Public   Used by Outlook Web Access for public folder access. This virtual directory binds to the URL \\.\BackOfficeStorage\<server's fully qualified domain name>\public folders. - does not need SSL but should have at least basic authentication against your domain name. Would suggest using integrated windows authentication as well. See DAV access link just above.
  • Exadmin   Used by Exchange System Manager to administer public folders. This virtual directory binds to the URL \\.\BackOfficeStorage. - enable SSL here but as per Microsoft suggestion, under "IP address and domain name restrictions", limit IP access to your exchange server or to a set range of internal servers only. If you browse to this page from within IIS it will fail because IIS browses to port 80 by default and enabling SSL will force the need to browse via 443.

ip restriction

Perform a full factory reset on your hand -held device and then proceed to configure your outlook connector service via your exchange server portal e.g. webmail.domain(webdomain-name).co/com/net

You can then set "remote site requires SSL". If the first attempt fails, delete the outlook connector you just made and then try again. For 3G users ensure the 3G logo/icon is displayed on your phone and that "connecting to <provider>internet is shown when activesync is clicked.

 

More solutions to come!

* Forms Based Authentication

Comments? Feedback? mail: support@bogaitc.co.uk

High demands in the market means that we have to allocate resources according to priority.

As ever, the more time you provide us in advance the quicker our response will be. 

Provide the details of your availability and we'll return a date that matches as closely as possible. 

At the present, callouts for site visits or support is centred around off-peak times and weekends and

we often advise that you e-mail your fault findings or requirements in advance. 

You'll be suprised to know that a lot of problems can be resolved without the need for an engineer to visit!

Back to Homepage}{Back to Top

 
Copyright Boga's Electronics and B.O.G.A. IT Consultants 2007
sole ownership of site contents, 
duplication is forbidden. 
Some images from readily available sources.

Free Hit Counters