Wednesday, August 30, 2006

Windows Mobile and ActiveSync - ActiveSync Encountered A Problem On The Server

For the past couple of days, a problem with Windows Mobile 5 and Exchange 2003 SP2 ActiveSync has been driving me up the wall. Single E2K3 SP2 server on W2K3 SP1 with an ISA Server 2004 acting as a reverse proxy. Forms Based Authentication (FBA) is enabled. In the past 3 months, I have configured ActiveSync on 4 other, almost identical servers and it worked fine.

However, each time, the device showed:
Result:
ActiveSync encountered a problem on the server.
Support code: 0x85010014


In the HTTP proocol logs, two interesting codes were showing up in the protocol status, substatus, and W32status:
401 2 2148074254 (that is error 401.2)
500 0 0 (error 500)

401.2 indicates an authentication problem and 500 indicates an internal server error.

I went through KB 817379: "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" at least 4 times trying to see if I had missed something. I went through a similar article on Daniel Petri's site. No luck.

I compared setting-by-setting the Exchange server, the ExchangeVDir virtual directory, and the ISA Server with other sites that were working. No luck.

I finally broke down and called Microsoft PSS. I really hate calling PSS since you spend the first hour going through the same things you have been troubleshooting for the past 2 or 3 days. And often end up teaching the front-line tech support guys a few things about Exchange.

At least the PSS guy had heard of KB 817379, though. Nonetheless, we went through it line-by-line once again. And again. No luck.

Then, he has me disable Forms Based Authentication on the Exchange Virtual Server, then wait for DS2MB to replicate the settings to IIS, THEN make an exported configuration of the /Exchange virtual directory, the re-enable Forms Based Authentication, then create the /Exchange-OMA virtual directory using the steps in KB 817379.

This time, it worked!!!!! Yay!!!! I'm just a little peeved that I had to use up a support incident to find this "double secret probation" technique out. Apparently it is something that PSS tries when it does not work the normal way. Why in the name of Siddhartha Gautama is this little tidbit not publicly documented somewhere!!!???

10 Comments:

At 12:33 PM, Anonymous Anonymous said...

So what exactly was the difference between 817379 and what he had you do? Sorry I am not clear on what you meant. I am having the same exact issue and 871379 didn't work for me either. I would greatly appreciate your help.

Thanks.

 
At 11:07 AM, Anonymous Anonymous said...

Hi,

That works perfectly for me too. I have been having the same issues and when I found 817379 I thought I was home and hosed, but no.

You are right though, disable to forms based access, THEN create the copy of the Exchange virtual directory, then turn back on fba. Works beautifully.

I now have a working Pocket PC.

Very Happy, good on ya!

Mark

 
At 7:00 AM, Anonymous Anonymous said...

Can you tell me, how do you know when it's been long enough for "the DS2MB to replicate the settings to IIS" (so it's ok to do the step of exporting the configuration after turning off the SSL and FBA)? Trying to get this to work in Minneapolis ...

 
At 7:00 AM, Anonymous Anonymous said...

Can you tell me, how do you know when it's been long enough for "the DS2MB to replicate the settings to IIS" (so it's ok to do the step of exporting the configuration after turning off the SSL and FBA)? Trying to get this to work in Minneapolis ...

 
At 12:56 AM, Anonymous Anonymous said...

Thanks a lot Jim! This solved my issue with Active Sync with our Qtek Windows Mobile 5.0 phones. Thanks, thanks!

 
At 12:23 PM, Blogger Mark Christensen said...

You Da-Man JIM!!!!

 
At 5:36 PM, Blogger Guy said...

Your a legend!!!! Thanks heaps, my head was starting to hurt belting it against the wall! :P

Cheers,
Nathan

 
At 7:40 AM, Blogger Unknown said...

Hi all,
I just want to let you know that I had the exact problem, but in a single server environment (no front end server) and I applied the instructions in the kb 817379(method 2) and it worked with no problem..thanks

 
At 7:41 AM, Blogger Unknown said...

This comment has been removed by the author.

 
At 7:20 PM, Blogger Jason said...

My client has an exchange 2003 SP2 system. They do not use SSL or forms authentication. There is no front end server. Until recently, no issues using active sync via wireless. However, now there is. I've done the methods mentioned in KB 817379; when I check the Exchange Virtual Server under \first administrative group\servers\{server name}\Protocols\HTTP\ forms authentication is NOT enabled. So the whole method is pointless in this case. I also followed another KB article where I deleted all the exchange virtual directories, then used IIS resource kit to delete the DS2MB key using the IIS Metabase Explorer. The virtual directories were re-created as the KB article said they should be, but still no luck. Anybody else experience this issue?

 

Post a Comment

<< Home