mikehunt18929
asked on
SBS Exchange OMA Active-sync I-phone problem
I am trying to get an I-phone to work with Exchange 2003 SBS R2.
I have configured the exchange-oma directory
OWA works fine, when i go to http://server/oma or https://server/oma , i am prompted for a password and username, i supply this and i get
A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
when i try the exchange remote connectivity tester it fails at the very end with this :
Errors were encountered while testing the ActiveSync session
Testing the OPTIONS command failed. See Additional Details for more info
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
these are directory security settings
Default Web Site Anonymous Integrated SSL Not Required
Exchange Basic [Default Domain = \] SSL Required
exchange-oma Integrated Basic [Default Domain = \] SSL Not Required
Microsoft-Server-ActiveSyn
OMA Basic [Default Domain = <domain name>] SSL Not Required {<domain name> is internal domain name; contoso.local would be contoso}
Public Basic [Default Domain = \] SSL Required
ExAdmin Integrated SSL Not Required
FBA (Forms Based Authentication) is enabled.
the iphone connects to the server, i get past the what do you want to sync, we chhose email and calander, eveythign verifies, then when you go to the inbox it is empty.
tried 3 times with the same result
i think the problem lies with active sync or OMA since that pages wont open , even from the inside..
Any suggestion, has there been a hotfix or patch i am missing?
Thank you in advance
I have configured the exchange-oma directory
OWA works fine, when i go to http://server/oma or https://server/oma , i am prompted for a password and username, i supply this and i get
A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
when i try the exchange remote connectivity tester it fails at the very end with this :
Errors were encountered while testing the ActiveSync session
Testing the OPTIONS command failed. See Additional Details for more info
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
these are directory security settings
Default Web Site Anonymous Integrated SSL Not Required
Exchange Basic [Default Domain = \] SSL Required
exchange-oma Integrated Basic [Default Domain = \] SSL Not Required
Microsoft-Server-ActiveSyn
OMA Basic [Default Domain = <domain name>] SSL Not Required {<domain name> is internal domain name; contoso.local would be contoso}
Public Basic [Default Domain = \] SSL Required
ExAdmin Integrated SSL Not Required
FBA (Forms Based Authentication) is enabled.
the iphone connects to the server, i get past the what do you want to sync, we chhose email and calander, eveythign verifies, then when you go to the inbox it is empty.
tried 3 times with the same result
i think the problem lies with active sync or OMA since that pages wont open , even from the inside..
Any suggestion, has there been a hotfix or patch i am missing?
Thank you in advance
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have synced iPhone out of the box with a standard SBS install, have you checked the requires ssl in the email account settings?
I have synced iPhone out of the box with a standard SBS install, have you checked the requires ssl in the email account settings on the iphone
Also all u need is the server name you use for owa so owa.yourcompany.com no http and nothing after it
Raghuv's suggest is a good one to check. A lot of times the security settings on the Virtual directory is the problem. Also you don't need SSL in order for the phone to work.
Also, exchange 2003 does not support form-based authentication without using a front end server. There are ways around it: http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm . But it's only a work around.
Also, exchange 2003 does not support form-based authentication without using a front end server. There are ways around it: http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm . But it's only a work around.
ASKER
Thanks for your quick response, see below as nothing there worked please
To Alan Hardisty:
disabled and re-anabled form based, a couple of time, just did it again and reset IIS..
To Raghuv:
yup, followed that KB yesterday, double checked it but i can check it again..exchange-oma is setup, including the registry key corresponding to the virtual directory.. directory security settings are posted in the original post up top........
To demartzer:
are you saying i should be putting owa.mydomainname.com in the server name field on the iphone instead of mail.domainname.com ?
i use mail.domainname.com/exchan
mine is not syncing out of the box.. :) .. i tried on and off for SSLsettings on the phone
it connects, verifies, gives me the option to choose what to sync,, email, contacts, or calender, then it just sits there, nothing in the inbox... that is with ssl turned on , with ssl off i get a failure to connect to server error
are we sure that the iphone would work with me not being able to access http://server/oma from inside..and with the active sync connector test failing?
if anyone could tell me where to troubleshoot next, as i am at a loss at the moment
this is the log again from exchange connectivity tester : testing active sync..
Errors were encountered while testing the ActiveSync session
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
additional details:
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
so the problem is active sync? and it doesnt matter that i cannot open http://server/oma?
i am trying to at least eliminate some options..?
To Alan Hardisty:
disabled and re-anabled form based, a couple of time, just did it again and reset IIS..
To Raghuv:
yup, followed that KB yesterday, double checked it but i can check it again..exchange-oma is setup, including the registry key corresponding to the virtual directory.. directory security settings are posted in the original post up top........
To demartzer:
are you saying i should be putting owa.mydomainname.com in the server name field on the iphone instead of mail.domainname.com ?
i use mail.domainname.com/exchan
mine is not syncing out of the box.. :) .. i tried on and off for SSLsettings on the phone
it connects, verifies, gives me the option to choose what to sync,, email, contacts, or calender, then it just sits there, nothing in the inbox... that is with ssl turned on , with ssl off i get a failure to connect to server error
are we sure that the iphone would work with me not being able to access http://server/oma from inside..and with the active sync connector test failing?
if anyone could tell me where to troubleshoot next, as i am at a loss at the moment
this is the log again from exchange connectivity tester : testing active sync..
Errors were encountered while testing the ActiveSync session
Attempting to send OPTIONS command to server
Testing the OPTIONS command failed. See Additional Details for more info
additional details:
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
so the problem is active sync? and it doesnt matter that i cannot open http://server/oma?
i am trying to at least eliminate some options..?
ASKER
To LAnmonkey
that article you mentioned does not work for server 2003 as it does not guide you to use the exchange-oma virtual directory.. this is the correct KB file and below that is an what it says on the microsoft page
http://support.microsoft.com/kb/817379
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.
that the author you mention used the microsoft KB to make his article, he ommited the fact that 2003 MUST have the directory named exchange-oma, he for some reason changes that to a differnt name,, i lost hours and hours following that article , before i finally found the right one at Microsoft's website
A this point i may just delete it and start over again, did that 2 times already but maybe form based needed to be turned off, then IIS restarted befor doing the import.. i dunno..
Any other ideas would be greatly appreciated
that article you mentioned does not work for server 2003 as it does not guide you to use the exchange-oma virtual directory.. this is the correct KB file and below that is an what it says on the microsoft page
http://support.microsoft.com/kb/817379
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.
that the author you mention used the microsoft KB to make his article, he ommited the fact that 2003 MUST have the directory named exchange-oma, he for some reason changes that to a differnt name,, i lost hours and hours following that article , before i finally found the right one at Microsoft's website
A this point i may just delete it and start over again, did that 2 times already but maybe form based needed to be turned off, then IIS restarted befor doing the import.. i dunno..
Any other ideas would be greatly appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Extract from a Microsoft Forum which solved this for one user (http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/3825741a-4616-4da6-a0ac-add29dc3a65a):
Error 401, indicates and authentication issue. So we need to check if the authentications are correct.
1. Try to browse Outlook Web Access using the same credentials on the Windows Mobile Device and check if you get any errors?
2. On the device, Click on Start>Programs>ActiveSync>
3. Search your server for urlscan and search for all files and folder and also hidden items.
4. Under the registry editor, search for FAMv4 under this path, HKEY_LOCAL_MACHINE\SYSTEM\
Error 401, indicates and authentication issue. So we need to check if the authentications are correct.
1. Try to browse Outlook Web Access using the same credentials on the Windows Mobile Device and check if you get any errors?
2. On the device, Click on Start>Programs>ActiveSync>
3. Search your server for urlscan and search for all files and folder and also hidden items.
4. Under the registry editor, search for FAMv4 under this path, HKEY_LOCAL_MACHINE\SYSTEM\
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry I meant whatever URL you use for OWA should work in your iPhone but make sure it's just the servername no http or exchange in the end and then make sure you go back into the settings after you have configured it and check the use ssl check, if that doesn't work unchecked it and try again.
Works a treat without making any changes to SBS I gave 6 or 7 customers doing it and I have not had to change anything on their server
Works a treat without making any changes to SBS I gave 6 or 7 customers doing it and I have not had to change anything on their server
S mentioned above rerun the connect to Internet wizard on server manager and that should reconfigure all the directories for the right permissions
ASKER
Thank you all for your help, it is most appreciated.I
ran the internet conn wiz,i redid the ports on the firewall, (just for giggles), then i restarted the services one by one rather than using the iisreset /noforce ComputerName , doing that i found one service was hanging.. i disabled then re-enabled the service , after that https://mail.domainname.com/oma finally started to work, then 10 minutes later the I-phone began to sync. the i-phone settings for server were mail.domainname.com , SSL is turned on, i read alot of people say just turn off SSL , I dont know how good of an idea that is.. but thats just me
Hope this helps someone else in the future that maybe be trying to troubleshoot an issue like this one i would suggest
1. run the internet connection wizard
2.use this KB http://support.microsoft.com/kb/817379
(not this one) http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm) this one does not apply to server 2003.).
3. if its a stand alone server make sure form based is turned off
4. verify the directory security settings match up with the ones i posted up top ,
5. this is a good link to use http://www.howtonetworking.com/email/oma1.htm
6.this is a good link to use http://www.testexchangeconnectivity.com
Thanks again Guy's !
ran the internet conn wiz,i redid the ports on the firewall, (just for giggles), then i restarted the services one by one rather than using the iisreset /noforce ComputerName , doing that i found one service was hanging.. i disabled then re-enabled the service , after that https://mail.domainname.com/oma finally started to work, then 10 minutes later the I-phone began to sync. the i-phone settings for server were mail.domainname.com , SSL is turned on, i read alot of people say just turn off SSL , I dont know how good of an idea that is.. but thats just me
Hope this helps someone else in the future that maybe be trying to troubleshoot an issue like this one i would suggest
1. run the internet connection wizard
2.use this KB http://support.microsoft.com/kb/817379
(not this one) http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm) this one does not apply to server 2003.).
3. if its a stand alone server make sure form based is turned off
4. verify the directory security settings match up with the ones i posted up top ,
5. this is a good link to use http://www.howtonetworking.com/email/oma1.htm
6.this is a good link to use http://www.testexchangeconnectivity.com
Thanks again Guy's !
Thanks mikehunt18929. I had the same issue on my SBS 2003 box and none of the microsoft KB articles fixed the issue. Followed your instructions to the letter and it worked. Setting up permission on Exchange virtual directories is the key.
How did you create the exchange-oma virtual directory? Did you follow the KB article 817379 (http://support.microsoft.com/kb/817379) to create it? if not, then please follow it as you need to create a registry key as well.
Also FYI, https://server/oma has no relation with ActiveSync...both are different...as ActiveSync uses the /Microsoft-Server-ActiveSy
PS: The IIS authentication looks good.
Just follow the KB article 817379 and then let us know if you still have issues