Exchange 2010 Active Sync issues (coexist with 2003) (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Mobility


symbian -> Exchange 2010 Active Sync issues (coexist with 2003) (22.Sep.2011 11:46:29 AM)

I have an Exchange 2003 org that I have added an Exchange 2010 CAS to.
I have configured an external DNS record for and port 443 is allowed through the firewall to the CAS server. I am trying to test AS connectivity via the tool.

I am getting this error:

An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.

Test Steps

Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.

Additional Details
An HTTP 401 Unauthorized response was received from the remote IIS7 server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

Any ideas?

symbian -> RE: Exchange 2010 Active Sync issues (coexist with 2003) (22.Sep.2011 2:08:52 PM)

Solved it myself.

What are the configuration changes I must make on the Exchange 2003 Front-End servers to support ActiveSync?

In order to introduce Exchange 2010 into your "Internet Facing AD Site" and support your Exchange 2003 mailboxes, you will move the primary EAS namespace that is associated with the Exchange 2003 Front-End servers and associate it with the Exchange 2010 CAS array. For more information on the detailed steps required to support coexistence process see my first blog article in the series, TechNet, or within the Deployment Assistant.

What are the configuration changes I must make on the Exchange 2003 mailbox servers?

Users with mailboxes on an Exchange 2003 server who try to use Exchange ActiveSync through an Exchange 2010 Client Access server will receive an error and be unable to synchronize unless Integrated Windows authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server. This allows the Exchange 2010 Client Access server and the Exchange 2003 back end server to communicate using Kerberos authentication.

To enable this authentication change on Exchange 2003 you need to either:

1. Install and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory.
2. Or, set the msExchAuthenticationFlags attribute to a value of 6 on the Microsoft-Server-ActiveSync object within the configuration container on each Exchange 2003 mailbox server. An example script is provided at

Note: It is important that you do not use IIS Manager to change the authentication setting on the ActiveSync virtual directory as the DS2MB process within the System Attendant will overwrite the settings that are stored in Active Directory.

What scenarios involve proxying and what scenarios involve redirection for Exchange ActiveSync (Exchange 2003)?

Hopefully the Exchange 2003 coexistence diagram is self-explanatory, but if it is not, the key thing here is that regardless of the location of the Exchange 2003 mailbox (remember Exchange 2003 is not site aware), CAS2010 will always proxy the request to the Exchange 2003 mailbox server. Also, since Exchange 2003 does not support Autodiscover, the device version does not matter.

1. User's device is already configured to use the namespace
2. User's device attempts to synchronize.
3. CAS2010 will authenticate the user, determine the mailbox version is Exchange 2003 by performing a service discovery lookup in Active Directory, and retrieve the Exchange 2003 mailbox server FQDN.
4. CAS2010 will proxy the connection to the Exchange 2003 mailbox server's Microsoft-Server-ActiveSync virtual directory. In the IIS logs, you will see a response similar to:

POST /Microsoft-Server-ActiveSync/default.eas User=user5&DeviceId=foo&DeviceType=PocketPC&Cmd=FolderSync&Log=PrxTo:mail.contoso.com_LdapC2_ 443 contoso\user5 MSFT-PPC/5.1.2301 200 0 0 189

5. The mailbox server will authenticate the user and retrieve and render the mailbox data and will provide the rendered data back to the CAS2010 server.
6. CAS2010 will expose the data to the end user.

You need to install the hotfix on ALL exchange 2003 servers, and check the intergrated authentication setting on each Active Sync Virtual Directory

shanmarsh1 -> RE: Exchange 2010 Active Sync issues (coexist with 2003) (28.Oct.2011 8:13:28 AM)

I understand that if you co-exist Exchange 2003 and 2010 that 2003 will ... What I want to know is - at what point does Active Sync "
Body Armour | Safeguard Clothing

Page: [1]