• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ActiveSync Permission Issues - Not sure what to try next

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Mobility >> ActiveSync Permission Issues - Not sure what to try next Page: [1]
Login
Message << Older Topic   Newer Topic >>
ActiveSync Permission Issues - Not sure what to try next - 17.Jun.2008 5:27:33 AM   
rhough01

 

Posts: 11
Joined: 1.Mar.2006
Status: offline
Hi
 
Really hitting a brick wall now and would appreciate some ideas on what to try next.
 
Current setup is Exchange 2007 (Separate Mailbox and CAS) using IIS 7 on Server 2008.
Using properly issued Cybertrust certificate.
Link from external goes through ISA 2006.
 
OWA works fine internally and externally no problems at all.
 
ActiveSync gives the following error when I try to sync:
 
"Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator. 0x85010004"
 
Tried externally using a Dell x51v and internally using Microsoft’s emulator. Same error on both.
 
 
 
Things done:
 
 
1. Deleted and recreate the Exchange Activesync mailbox policy. Pointed the mailboxes manually to the policy. As a side not, what are the best settings for the ActiveSync mailbox policy ? I tend to leave it default, but this leaves the "require password" unticked.
 
2. Deleted and recreated the Virtual Directory in IIS. (via powershell commands)
 
3. Pointed all services to the proper certificate (Enable-exchangecertificate) - also making the internal and external URLs of Activesync match our certificate ie. (www.ourdomain.ac.uk/Microsoft-Server-Activesync)
(http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/)
 
4. Enabled ActiveSync on the test users mailbox, both in the console and via the powershell commands. Some people are indicating that even though it already is enabled, this proved a fix.
 
5. Disabled SSL - This gives the same 0x85010004 error.
 
6. Also tried the  Test-ActiveSyncConnectivity from Powershell. This gives the following error.
 
[System.Net.WebException]: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Inner error [System.Security.Authentication.
AuthenticationException]: The remote certificate is invalid according to the validation procedure.
[System.Security.Authentication.AuthenticationException]: The remote certificate is invalid according to the validation procedure
 
 
 
Really stuggling now. Please help !
 
Rob
Post #: 1
RE: ActiveSync Permission Issues - Not sure what to try... - 18.Jun.2008 11:49:13 AM   
John Weber

 

Posts: 1236
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
It looks like you have a cert issue.
Could also be UAC on the mbx server.

I have seen this on 2003 where the EAS did not like the public cert that was sitting on the CAS - especially when you have self-signed cert still in place.

Gettuing a SAN cert fixed that - use the the fqdn and the external URL as well as autodiscover.

YMMV.

_____________________________

John Weber [Lync MVP] http://tsoorad.blogspot.com

(in reply to rhough01)
Post #: 2
RE: ActiveSync Permission Issues - Not sure what to try... - 19.Jun.2008 5:14:19 AM   
rhough01

 

Posts: 11
Joined: 1.Mar.2006
Status: offline
The certificate is a bought one supplied by Cybertrust. It works fine for OWA giving no errors and a clean "green" IE address bar when accessing externally.

I have pointed the mail services at this certificate using "Enable-exchangecertificate" but the auto generated ones WMSvc etc are still there. Should I delete these ?

Also as CAS and the Mailbox server are two different physical servers, do I somehow have to install the certificate on the Mailbox server ??

Also the fqdn of the certificate is listed as the external and internal address on OWA and ActiveSync, and it resolves internally and externally.

UAC was indeed enabled on on all the mail servers ! (Didn't expect it to be on Server 2008) These has now been disabled and all servers rebooted - but the problem remains.

Thanks for taking the time to reply. Any other suggestions ?

Thanks
Rob

(in reply to John Weber)
Post #: 3
RE: ActiveSync Permission Issues - Not sure what to try... - 19.Jun.2008 6:48:50 AM   
rhough01

 

Posts: 11
Joined: 1.Mar.2006
Status: offline
FIXED !! 

Turned out to be the Authentication delegation rule on ISA, which is set differently on the OWA isa rule.

*phew*

(in reply to rhough01)
Post #: 4
RE: ActiveSync Permission Issues - Not sure what to try... - 17.Jul.2008 7:46:06 AM   
sipstate001

 

Posts: 67
Joined: 20.Jun.2008
Status: offline
I am having this same exact error... and seems to be pointing to my website or something.... I'm still not sure on how to fix it... I would appreciate any kind of assistance to do this!!!

Is this something to do and or correct on the exchange servers? On the CAS servers? 

< Message edited by sipstate001 -- 17.Jul.2008 7:55:05 AM >

(in reply to rhough01)
Post #: 5
RE: ActiveSync Permission Issues - Not sure what to try... - 17.Jul.2008 7:48:09 AM   
rhough01

 

Posts: 11
Joined: 1.Mar.2006
Status: offline
Hi

Are you finding that OWA works, just not activesync ?

Are you going through an ISA server ?

(in reply to sipstate001)
Post #: 6
RE: ActiveSync Permission Issues - Not sure what to try... - 17.Jul.2008 8:01:50 AM   
sipstate001

 

Posts: 67
Joined: 20.Jun.2008
Status: offline
Yes.  Exactly.  Not sure about the ISA server how do I check? 

(in reply to rhough01)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Mobility >> ActiveSync Permission Issues - Not sure what to try next Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter