RE: Activesync HTTP_500

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Ben Wolfe [MSFT] (benwolfe_at_online.microsoft.com)
Date: 03/23/04 

Date: Tue, 23 Mar 2004 22:46:09 GMT

Hi

One of the main causes of the HTTP_500 error is if Kerberos authentication
has been turned off in the metabase. To verify if Kerberos has been turned
off in the metabase perform the following steps.

1. From a command prompt on the Exchange 2000 computer, change to the
<WinDir>\Inetpub\AdminScripts folder.

2. Type the following, and then press ENTER:
                
"cscript adsutil.vbs get w3svc/NTAuthenticationProviders" (without the
quotation marks)

If Kerberos is enabled, the ""Negotiate,NTLM"" response appears

If the response is ""NTLM"" only, Kerberos is disabled. To enable
Kerberos, type the following, and then press ENTER:
                
"cscript adsutil.vbs set w3svc/NTAuthenticationProviders "Negotiate,NTLM""
(without the quotation mark)

IISRESET was what I wanted you to run. This is run from the command line.

Ben Wolfe
Microsoft PSS

This posting is provided 'AS IS' with no warranties and confers no rights.
Please do not send email directly to this alias. This alias is for
newsgroup purposes only.

--------------------

I have no problem doing a: http://servername/exchange .... have always
worked fine..

I have 2 senarios the first wored all fine
the first retuns a http/1.1 401 Unathorized under server response then
---start of body--- then again --server response --
http/1.200 ok

the sceond logfile is the one posted here earlier.

are you sure the problem is kerberos auth
and
when you write issreset, did you mean issrestart....

Thanks

     
     ----- Ben Wolfe [MSFT] wrote: -----
     
     When Windows Sharepoint Services is installed it does two things to
the
     default website.
     
     - It installs its own ISAPI filter and takes ownership of the default
     website, this ISAPI filter handles all incoming url requests. What
this
     means is that when you have WSS installed on an Exchange Server, and
you
     attempt to browse to http://servername/exchange the WSS ISAPI filter
looks
     for the folder called Exchange in its configuration database (which it
     can't locate because its not there) instead of redirecting the request
to
     the Exchange virutal directory. You can fix this by setting up
exlusions in
     WSS but its best not to have WSS installed on an Exchange Server.
     
     -The second thing it does to the default website is turn off Kerberos
     Authentication. ActiveSync usess Kerberos authentication when talking
to
     the Exchange virtual directory, if Kerberos has been turned off then
the
     Exchange Server returns a 401 error to ActiveSync Server, and this in
turn
     returns a http_500 error to the device.
     
     Your Pocket PC log files that you sent through show the Exchange
Server is
     returning "HTTP/1.1 401 Unauthorized" which indicates that Kerberos
     Autentication has been turned off on your default website.
     
     To turn Kerberos back on you need to do the following.
     
     Navigate to the C:\Inetpub\Adminscripts directory
     
     Run this command from command line.
     
     cscript adsutil.vbs set w3svc/1/NTAuthenticationProviders
"Negotiate,NTLM
     
     Run an issreset and then test ActiveSync again.
     
     Ben Wolfe
     Microsoft PSS
     
     This posting is provided 'AS IS' with no warranties and confers no
rights.
     Please do not send email directly to this alias. This alias is for
     newsgroup purposes only.
     
     

Relevant Pages

  • Re: Entourage 2008 and Kerberos Part 2
    ... Can you try using the Exchange Server's fully qualified domain name instead? ... Kerberos depends on DNS and reverse lookups. ... If this doesn't work then you need to work with some Exchange folks to troubleshoot Kerberos on the Exchange Server. ... Entourage Help Blog ...
    (microsoft.public.mac.office.entourage)
  • Re: Activesync HTTP_500
    ... Activesync in our test environment is working fine without these nodes set ... To verify if Kerberos has been turned ... > for the folder called Exchange in its configuration database (which ... > WSS but its best not to have WSS installed on an Exchange Server. ...
    (microsoft.public.exchange.clients)
  • RE: [fw-wiz] NTLM authentication from DMZ
    ... > that the OWA box needs to be in the same domain as the Exchange server ... its own domain with a one-way trust to the internal domain. ... You need to have NetBIOS (or Kerberos) enabled to the domain ...
    (Firewall-Wizards)
  • Re: SBS2003 - Active Sync - http_500
    ... 1.Make sure that Kerberos is enabled on the Exchange computer. ... Exchange Server ActiveSync will fail. ... |> use the /Exchange virtual directory to access OWA templates and DAV ...
    (microsoft.public.windows.server.sbs)
  • Re: services not starting
    ... Previously I have Sophos Anti Virurs installed but I was having problems with ... MVP - Exchange ... When I do that the Kerberos ... The security account manager or local security authority ...
    (microsoft.public.exchange.admin)