BICTT

 

The other day I was talking to a friend with a problem using Activesync from several devices to a SBS 2003 server. He had gone through several KB articles and could not find the solution.

So full of hope I started out on the server and checking the settings. Hmmmmm, seemed OK. In most cases changing SSL or the permissions settings (like anonymous) are the culprit. Such can be found through:

http://support.microsoft.com/kb/817379
http://support.microsoft.com/kb/330463
http://support.microsoft.com/kb/916958/en-us

Whenever somebody synced we could see an error 3005 on the SBS server generated by Server ActiveSync. the error was

Unexpected Exchange mailbox Server error: Server: [bla.bla.local] User: [user@domein.com] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.

So I went to the IIS logging and found a few entries each time somebody was trying to sync. This included 401 and 403 status codes and that 409 code.

Alright, so lets start to dig deeper.
Try to access the OWA site from the device (http://server/exchange).
Works.
Try to access the OMA page from the mobile device (http://server/oma).
Does not work.

So it is telling you that the server is not available.
Tried to do the same from an internet explorer from the server and same result. Contact your system administrator

But we are still digging.
While I was doing that I found a great resource for exchange errors relating to activesync and whatever. Big list here
http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php

Through what I learned during this troubleshooting there are several things to keep in mind and check.
When installing SBS the install wizard already creates an IIS virtual directory for you with name Exhange-OMA. After you have completed setup you would run the Internet Connection wizard. ALWAYS run the wizards while working with SBS. This wizard does a lot of things actually, but email settings are also set here and setting some stuff on the actuvesync, oma and exchange-oma folders also belong to this.

I tried to re-run the internet connection wizard and run through the email stuff as well with this wizard. Always run IISRESET after this wizard. This did not help. Strange as this should correct most errors you might have made while playing around with the settings to make things work

So back to OMA. As Activesync and OMA are linked I thought this one would be the best to troubleshoot first to get things running.

In the end I found this link to a KB article giving me the solution.
http://support.microsoft.com/kb/937635/en-us.
Yes, some of the checkboxes were not correctly set on the Virtual Directory tab of the Exchange-OMA folder in IIS. The link above shows the checkboxes that need to be ticked. Seems somebody played around with this after the installation and before passing the server on into the care of my friend. I am betting these boxes get ticked by the sbs install wizard and not the Internet connectio wizard (as it didn't change after running that second wizard).

Changed the settings and ran an IISRESET.
OMA was accessible! There we go.

The next step was resolving a certificate error we got on the mobile device, but that was just because the intermediate certificate (mail.domain.com) was installed on the mobile device and not the root cert used to sign that one. Took the trusted root cert off the server (of course you do not export the private key!) and installed it on the mobile device.

Sync! sweet

Bob Cornelissen