Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: "Cris Hanna [SBS - MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 10 Mar 2009 13:40:57 -0500
Check the ASP tab on your IIS websites and see what version of .NET is showing for the websites?
--
Cris Hanna [SBS - MVP]
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"Jay Barr" <JayBarr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A2FDC9AB-DDBA-4D97-AE2B-A31C30C70322@xxxxxxxxxxxxxxxx
I found a link suggesting a test of the OMA using a desktop browser by
accessing http://<server>/oma. I tried that URL, as http and https, from
browsers on my local pc, the server and from the phone. None worked. I
captured the tcp packets, and the server is not returning anything at all for
/oma requests, it's just finalizing the connection.
I then captured the packets between the phone and server for an ActiveSync
connection, and here is the sequence of what is sent:
Sent: Request for OPTIONS to /Microsoft-Server-ActiveSync
Received: Unauthorized with Basic auth realm information
Sent: Request for OPTIONS to /Microsoft-Server-ActiveSync with basic auth
Received: List of AS commands (Sync, SendMail, FolderSync, etc)
Sent: POST of FolderSync command (body was binary) with basic auth
Received: 403 - Request Forbidden
These are not using HTTPS (obviously, since I'm capturing the plaintext
packets), and it appears the basic authentication is working, since I got a
response with valid AS commands. The same basic auth header is used for the
FolderSync command, but that is forbidden. Any ideas of diagnostic data that
could be of further help?
Thanks,
Jay
"Cris Hanna [SBS - MVP]" wrote:
> While it probably wouldn't help...it probably wouldn't hurt.
>
> If you look at the specifics of the kb
> It mentions running Exchange 2003 on a Win2k machine and relates to windows Mobile 5
>
> specifically:
> In Exchange System Manager, you enable the Enforce password on device option. This option is in the Device Security Settings dialog box under Mobile Device Properties.
>
> In SBS 2008, the enforce password is enabled by default, but not in SBS 2003.
>
> Again, the hotfix is free, and not likely to hurt anything. Of course make sure you have good verifiable backups before applying.
>
> --
> Cris Hanna [SBS - MVP]
> Co-Contributor, Windows Small Business Server 2008 Unleashed
> http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
> Owner, CPU Services, Belleville, IL
> A Microsoft Registered Partner
> ------------------------------------
> MVPs do not work for Microsoft
> Please do not submit questions directly to me.
>
> "Jay Barr" <JayBarr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EE2C5D7E-31A9-41A8-B73F-DE748703E0C5@xxxxxxxxxxxxxxxx
> I saw a hotfix (http://support.microsoft.com/kb/919864) that may relate to
> this problem, but it was for Exhange Server 2003, not specifically SBS.
> Could this be related? Would it be safe to install this fix?
>
> Is there any logging (like a trace or similar) that can give more feedback
> than the 403 that IIS was returning? This seems to be the crux of the
> problem (IIS not authorizing access to the oma directory), but I don't know
> how to proceed.
>
> Thanks,
> Jay
>
> "Jay Barr" wrote:
>
> > I tried those steps, with and without SSL being required, and the error
> > remains the same. Just to check, I then deleted the cert again and tried
> > syncing, and I still received the same error message, which I found
> > interesting. I also tested OWA from PIE, and it gave me a certificate
> > warning. I then reinstalled the cert, and verified that the warning
> > disappeared for OWA. ActiveSync still fails, of course.
> >
> > "Cris Hanna [SBS-MVP]" wrote:
> >
> > > Ok, let me suggest the following
> > > 1. Delete the Cert on the phone.
> > > 2. Delete Exchange Server relationship on the phone.
> > > 2. Export the cert from with IE properties on a workstation accepting all defaults
> > > 3. Paste the file to the ROOT of the DEVICE using Active Sync (in my experience, no other location will work)
> > > 4. On the device, navigate to the root of the device, in file explorer
> > > 5. Double tap the .cer file and accept the prompts to install the cert
> > > 6. Run the active sync wizard on the phone to create the Exchange Relationship
> > >
> > > Let me know.
> > >
> > > --
> > > Cris Hanna [SBS - MVP]
> > > Co-Contributor, Windows Small Business Server 2008 Unleashed
> > > http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
> > > Owner, CPU Services, Belleville, IL
> > > A Microsoft Registered Partner
> > > ------------------------------------
> > > MVPs do not work for Microsoft
> > > Please do not submit questions directly to me.
> > >
> > >
> > > "Jay Barr" <JayBarr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A98E0D27-1317-456F-9349-D0EC845E54C8@xxxxxxxxxxxxxxxx
> > > I transfered the CER file from the server to the phone over ActiveSync and
> > > then opened the CER using File Explorer. Before installing the cert, I could
> > > not access OWA on that server without a certificate warning. After the
> > > installation, OWA worked without warning from Pocket IE. However, OMA did
> > > not work.
> > >
> > > I wish I had tried OMA before installing the cert, but I didn't even try it,
> > > as I knew it would fail, so I'm not sure if I'd have had the same error
> > > message without the cert on the phone. If it helps, I could hard reset and
> > > retry to confirm behavior without the cert installed.
> > >
> > >
> > > "Cris Hanna [SBS-MVP]" wrote:
> > >
> > > > Perhaps you could describe how you got the SBS Self signed cert on to the phone and how you installed it on the phone?
> > > >
> > > > --
> > > > Cris Hanna [SBS - MVP]
> > > > Co-Contributor, Windows Small Business Server 2008 Unleashed
> > > > http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
> > > > Owner, CPU Services, Belleville, IL
> > > > A Microsoft Registered Partner
> > > > ------------------------------------
> > > > MVPs do not work for Microsoft
> > > > Please do not submit questions directly to me.
> > > >
> > > >
> > > > "Jay Barr" <JayBarr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A17E5816-815A-401A-9758-2A46B135A1C3@xxxxxxxxxxxxxxxx
> > > > I tried that, and it still fails with the same error.
> > > >
> > > > "Cris Hanna [SBS-MVP]" wrote:
> > > >
> > > > > If you go back through the Exchange setup on the device and uncheck the box for SSL, do you get in?
> > > > >
> > > > > --
> > > > > Cris Hanna [SBS - MVP]
> > > > > Co-Contributor, Windows Small Business Server 2008 Unleashed
> > > > > http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
> > > > > Owner, CPU Services, Belleville, IL
> > > > > A Microsoft Registered Partner
> > > > > ------------------------------------
> > > > > MVPs do not work for Microsoft
> > > > > Please do not submit questions directly to me.
> > > > >
> > > > >
> > > > > "Jay Barr" <JayBarr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:958B424F-FD8F-4AAB-B443-9D1364C1CACA@xxxxxxxxxxxxxxxx
> > > > > I should have mentioned in my first post, but I did confirm that I could get
> > > > > to OWA from IE on my mobile device with no certificate issues after
> > > > > installing the certificate on the device. Before doing that, I was getting a
> > > > > different error, although I've forgotten what it was.
> > > > >
> > > > > Thanks,
> > > > > Jay
> > > > >
> > > > > "Cris Hanna [SBS-MVP]" wrote:
> > > > >
> > > > > > This sounds like a certificate issue.
> > > > > > Have you exported the SBS self signed certificate from a desktop machine and installed it on the Windows Mobile device?
> > > > > >
> > > > > > --
> > > > > > Cris Hanna [SBS - MVP]
> > > > > > Co-Contributor, Windows Small Business Server 2008 Unleashed
> > > > > > http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
> > > > > > Owner, CPU Services, Belleville, IL
> > > > > > A Microsoft Registered Partner
> > > > > > ------------------------------------
> > > > > > MVPs do not work for Microsoft
> > > > > > Please do not submit questions directly to me.
> > > > > >
> > > > > >
> > > > > > "Jay Barr" <Jay Barr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:5D62517B-1C83-4E98-ADA4-AAFB51009BA8@xxxxxxxxxxxxxxxx
> > > > > > I am trying to configure mobile access and have been encountering error
> > > > > > 0x85010004. I looked at another thread on here regarding the same error, and
> > > > > > have verified the directory security settings for all the IIS virtual
> > > > > > directories. I have also verified that the accounts tested have mobile
> > > > > > access permitted. I did see in the IIS log pairs of entries to
> > > > > > /exchange-oma/ that are always like the following:
> > > > > >
> > > > > > 2009-03-09 14:43:18 W3SVC1 192.168.0.10 DELETE
> > > > > > /exchange-oma/Jay.Barr/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/PocketPC/CDFF4539C6CADB0A9CA04A934E9669D7/FolderSyncFile
> > > > > > - 80 - 192.168.0.10 Microsoft-Server-ActiveSync/3.0.4215.0 403 6 0
> > > > > > 2009-03-09 14:43:18 W3SVC1 192.168.0.10 MKCOL
> > > > > > /exchange-oma/Jay.Barr/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync - 80 -
> > > > > > 192.168.0.10 Microsoft-Server-ActiveSync/3.0.4215.0 403 6 0
> > > > > >
> > > > > > If I'm reading the log correctly, the requests to /exchange-oma/ appear to
> > > > > > be forbidden (403), which is consistent with the error message on the device
> > > > > > "Your account in Microsoft Exchange Server does not have permission to
> > > > > > synchronize with your current setttings."
> > > > > >
> > > > > > Thank you for your assistance,
> > > > > > Jay
- Follow-Ups:
- References:
- ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003 SP2
- From: Jay Barr
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003 SP2
- From: Cris Hanna [SBS-MVP]
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Jay Barr
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Cris Hanna [SBS-MVP]
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Jay Barr
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Cris Hanna [SBS-MVP]
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Jay Barr
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Cris Hanna [SBS-MVP]
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Jay Barr
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Jay Barr
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Cris Hanna [SBS - MVP]
- Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- From: Jay Barr
- ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003 SP2
- Prev by Date: Re: adding a 2003 server as a DC to a sbs 2008 networik
- Next by Date: Re: adding a 2003 server as a DC to a sbs 2008 networik
- Previous by thread: Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- Next by thread: Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
- Index(es):
Relevant Pages
|
