RE: Active Sync & OWA probelms



hi chace zhang
Thank for your reply, we manged to sort last night/ this morning before we
read your reply. so all is well again thanks.

"chace zhang" wrote:

Hi,

Thank you for posting here.

According to your description, I understand you encountered following
issue: ActiveSync HTTP_403 error and OWA loading. If I have misunderstood
your concerns, please feel free to let me know.

First, let's focus on the ActiveSync error. I understand that Activesync
does not work due to HTTP_403 error. Do you installed ISA server on your
SBS Server?
According to my experience, it most likely happens if the following
conditions are true:

- You have enabled Require SSL on the /Exchange virtual directory.
Or
- You have set IP restriction on the /Microsoft-Server-Activesync virtual
directory.

Hence, let's try the following steps to see if it helps:

Step 1
======
Since this is a SBS box, I strongly recommend you re-run CEICW wizard.
Please follow the steps below:

1. On the Small Business Server 2003 computer, click "Start", and then
click "Server Management".

2. Expand "Standard Management", and then click "To Do List".

3. In the right pane, click "Connect to the Internet", and then click
"Next".

4. On the "Connection Type" page, click "Do not change connection type",
and then click "Next".

5. On the "Firewall page", click "Enable firewall", and then click "Next".
Important Do not click the "Do not change firewall configuration" option.

6. If you receive the following message, click "OK":

To ensure the proper configuration of ISA Server, existing custom packet
filters will be disabled. For information on how to re-enable existing
packet filters, see Small Business Server Help.

7. On the "Services Configuration" page, click to select the check boxes of
the additional services that you want to make available from the Internet,
and then click "Next".

h. On the "Web Services Configuration" page, click "Allow access to only
the following Web site services from the Internet", click to select the
check boxes of the services and of the Web sites that you want to make
accessible from the Internet (i.e. Outlook Web Access, Remote Web
Workplace, Outlook Mobile Access, Outlook via the Internet, Business Web
site (wwwroot), etc.), and then click "Next".

8. On the "Web Server Certificate" page, click "Create a new Web server
certificate", type the Small Business Server computer's fully qualified
domain name in the "Web server" name box, and then click "Next".

[Important] The fully qualified domain name that you type in the "Web
server name" box must be the same name that you use to connect to the Web
site from the Internet. For example, if the URL that you use to connect to
a Microsoft Outlook Web Access Web site is
<<https://external.domain.com/exchange>>, type "external.domain.com"
(without the quotation marks) in the "Web server name" box.

Note: If you don't have your own registered fully qualified domain name
(FQDN), we can input the "Public IP Address" (As you mentioned the [valid
IP address]).

9. On the Internet E-mail page shows, select "Enable Internet e-mail" and
click Next.

10. Select either "Use DNS to route e-mail" or "Forward all e-mail to
e-mail server at your ISP". If you select the latter, enter the ISP SMTP
server. Click Next.

11. Specify to receive e-mail using one or both of the following methods:

- POP3 Mailboxes
- Exchange

Click Next.

12. Enter your e-mail domain name and click Next. The e-mail domain name
should match the mail exchanger (MX) resource record maintained at your
ISP. This must be a registered Internet domain name.

13. Go through the steps to finish the wizard.


14. On the "Completing the Configure E-mail and Internet Connection Wizard"
page, view the configuration information to make sure that it is correct,
and then click "Finish".

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

A step by step explanation of the CEICW:
http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm


Step 2:
======
If you require SSL on the /Exchange virtual directory, please refer to the
following steps to fix the issue by recreating a new /Exchange virtual
directory:
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or
forms-based authentication is required for Exchange Server 2003
http://support.microsoft.com/?id=817379


Step 3:
======
The issue happens when your mobile device is not in the IP Allow List of
ActiveSync and Exchange-OMA (or ExchangeVDir) virtual directory. Please
follow steps below to verify the IP Allow List.

1. Go into the IIS console.
2. Go to the properties of the Microsoft-Server-ActiveSync virtual
directory and exchange-oma (or ExchangeVDir) virtual directory.
3. Click on the Directory Security tab.
4. Click on the Edit button under "IP address and domain name restrictions".
5. Make sure that the proper IP addresses have access to it, and then
restart IIS.

Step 4:
======
The issue may happen when the authentication method is not configured
correctly in ActiveSync, OMA and Exchange-OMA (or ExchangeVDir) virtual
directory. Please verify it by the following steps.

For exchange-oma (or ExchangeVDir) virtual directory:

1. Open IIS Manager
2. Open properties of virtual directory exchange-oma (or ExchangeVDir)
3. Select Directory Security tab
4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods
Enabled Basic authentication
Enabled Integrated Windows authentication
Disabled anonymous access

For OMA virtual directory and Microsoft-Server-ActiveSync virtual directory:

1. Open IIS Manager
2. Open properties of OMA virtual directory and Microsoft-Server-ActiveSync
virtual directory respectively.
3. Select Directory Security tab
4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods
Uncheck Enable anonymous access
Uncheck Integrated Windows authentication
Check Basic authentication

After that, please restart the IIS Admin Service (services.msc) and then
verify the issue. If it persists, in order to have a more concrete idea
about the issue,
Please let me know the exact full HTTP_403 error happening during failing
to access mailbox by ActiveSync.


Regarding OWA keep loading issue, please refer to following article
Troubleshooting OWA when the contents frame displays Loading
http://support.microsoft.com/?id=280823
Also I want to know whether there is any Firewall in front of Exchange
Server and whether the Firewall offloads SSL.

1. Does the issue happen to specific user or all internal users? For
further test, please create a new mail-enabled user in Active Directory
Users and Computers (ADUC), and then access this new mailbox by specific
workstation with the issue before, verify whether the issue persists to
this new user. If the issue disappears here, the issue may be caused by the
corrupt attribute of specific user account.

2. Does the issue happen to specific workstation or all workstations? For
further test, in Exchange Server itself, please access this specific
mailbox with the issue by OWA, and then verify whether the issue occurs
then. This step will help us bypass front servers and access Exchange
directly. Detailed steps as below:

1). In Exchange itself, open Internet Explorer, click Tool menu, click
Internet Options.
2). In Connections tab, click LAN Settings tab.
3). Please ensure the box "Use a Proxy server for your LAN" is not checked.
4). Click OK twice to save the setting.
5). Input http://localhost/exchange to access the mailbox, when prompt for
credential, please input as Domain\User format.

Does the issue persist? If the issue disappears, we can consider the issue
may happen depending on setting of specific workstation or Firewall in
front of Exchange Server.

3. Does the issue happen during internal accessing or external accessing?
This will help us identify whether the issue happens due to Firewall
setting between internal LAN and Internet.

4. Collect the IIS metabase on Exchange Server by Metabase Explorer and
send to me for further analysis:

Metabase
=======
a. Install .NET Framework Version 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f589-4842-
8157-034d1e7cf3a3&DisplayLang=en.
b. Install MBExplorer by installing IIS 6 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en.
c. Once it is installed, access it from Start, Programs, IIS Resources,
Metabase Explorer.
d. In the left pane, right click ''LM'' (under your server computer name)
to choose ''Export to file'', and then save it as IIS.mbk.
e. Compress this mbk file and send it to me for analysis.


6). Send me the log files to my working email address
v-chacez@xxxxxxxxxxxxxx And please let me know the alias of the user who
encountered the issue.

7. For further test, please create a new test account and let me know the
following information.

- Credential of this test account
- The public URL of your Exchange Server
- Domain name

I will access the mailbox by OWA in my side to verify the issue. To keep
these confidential, please let me know by mail: v-chacez@xxxxxxxxxxxxxx

Please let me know the results so that I can provide further assistance on
this problem. I am looking forward to your reply. Thanks and have a nice
day!


Best Regards,

Chace Zhang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
| Thread-Topic: Active Sync & OWA probelms
| thread-index: AcbMgHv4ggDCBHqGQNesEJPstK20TQ==
| X-WBNR-Posting-Host: 81.137.242.223
| From: =?Utf-8?B?QnJhbmZvcmQgQXJtcyBQLkgu?=
<BranfordArmsPH@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Active Sync & OWA probelms
| Date: Wed, 30 Aug 2006 15:06:03 -0700
| Lines: 6
| Message-ID: <1419B38A-FCE9-4594-9CAD-3EE79C1B83E6@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:294244
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
.



Relevant Pages

  • RE: Active Sync & OWA probelms
    ... let's focus on the ActiveSync error. ... Do you installed ISA server on your ... You have enabled Require SSL on the /Exchange virtual directory. ... forms-based authentication is required for Exchange Server 2003 ...
    (microsoft.public.windows.server.sbs)
  • RE: Cant send or receive e-mail to POP3 users on same domain--HELP!
    ... Run the CEICW and go through the Internet and firewall option. ... If you choose to forward emails to the ISP's email server (smart ... Connector for POP3 Mailboxes' option, ... The Mailbox type is User Mailbox, and select the appropriate Exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange not receiving email from Internet
    ... Recieved email for that domain from internet. ... I understand that your exchange unable to ... permission to send to this recipient". ... The Exchange server Directory Access tab error may not related to ...
    (microsoft.public.windows.server.sbs)
  • RE: Catchall not working, EXTERNALLY?
    ... When I open the connection (over internet) to my exchange account, ... the data is stored on the Exchange server side. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: publications concerning port forwarding
    ... a postfix server in the DMZ and a MS Exchange ... services from the internet. ... The "OWA front-end in the DMZ using IPSec," comments were not on topic per ...
    (Pen-Test)