I hoping there is something else I haven't discovered yet, as I'm hoping to
market SBS bundled with hardware, devices and services to exiting & potential
clients. Any suggetions would be appreciated!

Is it possible to deploy a SBS2003 server with mobile devices without all
the headaches and problems?

--
Cris Hanna [SBS-MVP]
------------------------------
Please do not contact me directly, only respond in the Newsgroups
MVPs do not work for Microsoft
------------------------------
Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2

Yes - all three are enabled.

Thanks,
Matt Kiolbassa

When I ran into this I found that the exchange-oma and exchange-activesync
something or other directories were locked down to only allow access from the
LAN.  Not sure if you recreated all of them, but check the IP restrictions.  
I had the exact error you're running into and that fixed it.  Also make sure
exchange-oma is not requiring SSL.  I think I ran into the same error with
that as well.

Also, check out the Windows Mobile Device Emulator to use in testing.  When
setup with the virtual network adapter and ActiveSync, you can hammer away on
testing without having to deal with an actual physical mobile device.

Thanks for posting here.

From your post, my understanding on this issue is: You encountered error
code 0x85010004 during accessing mailbox by ActiveSync. If I'm off base,
please feel free to let me know.

Based on my knowledge, The error 0x85010004 happens when the authentication
method is not configured correctly in ActiveSync, OMA and
Exchange/Exchange-OMA virtual directory.

I.Please verify Authentication settings by the following steps.

For Exchange-oma virtual directory:

1. Open IIS Manager

2. Open properties of virtual directory Exchange-oma

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Enabled Basic authentication

Enabled Integrated Windows authentication

Disabled anonymous access

Note:If you need to use SSL on the Exchange virtual directory, you may
create the Exchange-OMA virtual directory for the OMA and ActiveSync and
don't use SSL on the  Exchange-OMA virtual directory.

For OMA virtual directory and Microsoft-Server-ActiveSync virtual directory:

1. Open IIS Manager

2. Open properties of OMA virtual directory and Microsoft-Server-ActiveSync
virtual directory respectively.

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Uncheck Enable anonymous access

Uncheck Integrated Windows authentication

Check Basic authentication

After that, please restart the IIS Admin Service (services.msc) and then
verify the issue.

II. if issue still occur, refer to the KB article 883380 to rebuild the
DS2MB of IIS server and manually create exchange-oma VD to see if the issue
resolved.

Step 1: Rebuild the DS2MB of IIS server. To do so:

1. Go to Internet Services Manager and delete the following virtual
directories:

Microsoft-Server-ActiveSync,

OMA,

Exchange,

Public,

ExchWeb.

2.  Open Metabase Explorer and expand LM > DS2MB > HighWaterMarks > GUID

3.  Double click the entry which has a 5-digit number in the data folder in
the right pane of the GUID folder.

4.  Replace the number in the Data field with 0 (zero) and then click OK.  
Close Metaedit

5. Run services.msc and right click IIS Admin Service, and then click
Restart to restart the service.

6. Restart the System Attendant. After that, these virtual directories can
be created.

7. Then please re-run CEICW to configure network connection.

More detailed information is addressed in the following article:

883380 How to reset the default virtual directories for Outlook Web Access
in Exchange Server 2003

http://support.microsoft.com/?id=883380

Step 2:  Then create exchange-oma VD in IIS manager console manually since
the VD can not be automatically created by re-building DS2MB. Please refer
to the following KB article method 2 to create the exchange-oma VD.

Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or
forms-based authentication is required for Exchange Server 2003

http://support.microsoft.com/default.aspx?kbid=817379

More information is addressed in the following article, please check into
the following document:

Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft
Exchange Server 2003 SP2

http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfp_2.mspx

III.I have one way to verify whether the issue is related to Firewall
server.

1. Disable SSL for Microsoft-Server-ActiveSync virtual directory.
2. Locate a workstation within LAN; download PC ActiveSync application as
below:

http://www.microsoft.com/windowsmobile/downloads/activesync45.mspx

3. Connect Pocket PC through cradle with this PC;
4. Specify the NetBIOS name of Exchange Server in order to avoid PPC
connecting Exchange Server from Internet; and then synchronize Exchange
Server mailbox by PC ActiveSync application.

If the issue disappears here, I am sure it is caused by Firewall settings.
If possible,temporarily disable ISA firewall.

If the issue persists after steps above, in order to have a more concrete
idea about the issue, please let me know the following info.

1. Does issue happen to accessing mailbox by OMA? For further test, please
login Exchange Server itself, and access URL: http://Exchange_Server/OMA,
verify whether you can access the mailbox successfully.

2. Do all the users have such issue or just specific users?  this error
could also occur because of corrupt exchange attributes for the mailbox.
So, I would like to suggest that you create a new mail enabled user account
and see if the activesync/OMA can work for the new account.

3. Collect the IIS metabase on Exchange Server and send to
me:v-ja...@microsoft.com. for further analysis:

1). On Exchange Server, install .NET Framework Version 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f58...
8157-034d1e7cf3a3&DisplayLang=en.  

2). Install MBExplorer by installing IIS 6 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71...
B628-ADE629C89499&displaylang=en.  

3). Once it is installed, access it from Start, Programs, IIS Resources,
Metabase Explorer.

4). In the left pane, right click ''LM'' (under your server computer name)
to choose ''Export to file'', and then save it as IIS.mbk.

5). Compress this mbk file and send it to me for analysis. Please let me
know the password if you set on this iis mbk file.

4. Please collect the IIS log on Exchange Server so that I can perform
further research:

1). On Exchange Serves, open IIS MMC, right click Default Web Site and then
click Properties.

2). Click Website tab and then check Enable logging.

3). Stop the Default Website and RENAME the existing IIS log files under
C:\WINDOWS\system32\LogFiles\W3SVC1.

4). Restart the Default Website and reproduce the problem, which will
generate new IIS log file with the exact error.

5). Wait for a while so that IIS Log can be synced. And then go to the
following folder on Exchange Server: C:\WINDOWS\system32\LogFiles\W3SVC1.

6). Send me the log files to my working email address
v-ja...@microsoft.com. And please let me know the alias of the user who
encountered the issue.

Hope this helps! If you have further concern, feel free to let me know.
Have a great day!

Have a nice day!

Best regards,

Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
====================================================
PLEASE NOTE:  The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.  
We also love to hear your product feedback!  Let us know what you think by
posting

from the web interface: Partner Feedback
from your newsreader:  microsoft.private.directaccess.partnerfeedback.

Thanks to everyone who posted! I really appreciate it!!

Here's the solution that worked for me:

I checked the IP restrictions in the exchange-oma as matt suggested in his
post and found that my public IP was allowed access and the default 127.0.0.1
was allowed access. I use 2 NIC's and the IP for the internal NIC comes from
SBS's DHCP server, so I added the IP used by the internal NIC and oma started
working!

Then, I followed Jacky's post and found the anonymous access was enabled in
the exchange-oma virtual directory after I recreated those in a prior step.
Disabled that and my PPC started syncing right away.

Seems the set-up wizards in SBS2003 add some settings a little outside of
normal, but I'm ready to try another server install/set-up.

Thanks again everyone!
Matt Kiolbassa

Thanks for posting back.

I am glad to hear that my informaiton is helpful to resolve your problem,
If you have any questions in the future, please feel free to post in the
newsgroup. We''ll try our best to assist you.

We are looking forward to working with you here again.

Here is the summary of your issue:

Symptom:OMA and activesync donot work

Cause:exchange-oma virtual directory setting is incorrect

Resolution:change the Ip restriction and disable anonymous access in
exchange-oma VD

Have a nice day!

Best regards,

Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
====================================================
PLEASE NOTE:  The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.  
We also love to hear your product feedback!  Let us know what you think by
posting

from the web interface: Partner Feedback
from your newsreader:  microsoft.private.directaccess.partnerfeedback.

Hi,
I am having difficulty to configure exchange 2003 (ON a SBS server) for
Activesync. My requirement is to synchronise exchange emails and contact
with iphones.
I installed godaddy certificate in the IIS default website and OWA
works fine.
I followed your site instructions which is similar to MS article ID
817379.
When I tried to sync iphone, it says user authentication failed. I
tested it with Exchange Remote Connectivity analyzer and got following
result.

Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting to resolve the host name mail.cygresearch.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 24.215.43.226

Testing TCP Port 443 on host mail.cygresearch.com to ensure it is
listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname mail.cygresearch.com in Certificate Subject Common name

Validating certificate trust for Windows Mobile Devices
The test passed with some warnings encountered. Please expand
additional details.
Additional Details
Certificate is only trusted on Windows Mobile 6.0 and later. Windows
Mobile 5.0 and 5.0 + MSFP devices will not be able to sync. Root = OU=Go
Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.",
C=US

Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 10/26/2009 1:00:08 PM, NotAfter =
10/26/2012 1:00:08 PM"

Testing Http Authentication Methods for URL
https://mail.cygresearch.com/Microsoft-Server-Activesync/
Http Authentication Test failed
Additional Details
An HTTP 403 forbidden response was received. The response appears to
have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML
4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html;
charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses
that are not allowed to access the Web site, and the IP address of your
browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be
able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been
rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a
href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product
Support Services</a> and perform a title search for the words
<b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager
(inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access
by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About
Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Can you please tell me where the problem is.

Thanks in advanced.

Charles

--
charles_nana
------------------------------------------------------------------------
charles_nana's Profile: http://forums.techarena.in/members/150242.htm
View this thread: http://forums.techarena.in/small-business-server/753574.htm

Hello Charles,

Thanks for your post.

Before we go further, I would like to confirm that:

1.      Has it ever worked before? Did the issue only occur to the specific iPhone mobile or all iPhone devices?
2.      Have you tried using other mobile device like Windows Mobile device to have a try?

From the Exchange Remote Connectivity analyzer report, we can see error message " HTTP Error 403.6 - Forbidden: IP address of the client has been rejected", so please
first rerun the CEICW wizard to enable ActiveSync reset your Exchange default configurations as well as related network communications. Also, I still suggest you temporarily
disable all 3rd party anti-virus/anti-spam programs for test purpose.

How To Set Up iPhone Exchange ActiveSync
<http://blog.fosketts.net/2008/07/10/how-to-set-up-iphone-exchange-act...>

Now, try again with Exchange Server ActiveSync Web Administration Tool:

Microsoft Exchange Server ActiveSync Web Administration Tool
<http://www.microsoft.com/downloads/details.aspx?FamilyID=e6851d23-d14...>

More information:

iPhone 3G won't Sync with Exchange in Windows Small Business Server General
<http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?&q...
us&dg=microsoft.public.windows.server.sbs&p=1&tid=f66d2c49-2cae-426b-9c64-2 e3a2c0bd267>

Hope this helps.

Best regards,
Robbin Meng(MSFT)
Microsoft Online Newsgroup Support

==================================================================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect website:
https://connect.microsoft.com/sbs08/community/discussion/richui/defau...

Please post your EBS related questions to the EBS newsgroup on Connect website:
https://connect.microsoft.com/ebs08/community/discussion/richui/defau...

Hi Robbin,
Thanks for your suggestions.
This was a old installation, but activesync never worked, but OWA
worked.
Last Saturday I was able to make it work with iphones after giving
permision to Microsoft-server-Activesync folder under IIS.
IIS --->Microsoft-server-ActiveSync-->properties-->Directory
Security-->IP address and domain name restrictions --> Grant access.( it
was set only to local IP address)

But I have a different issue now with OWA. It works internally with
https:\\127.0.0.1\exchange, but when try to access from outside, it ask
for the user name and password and trying to load the page without
success. I think OWA page is directing to exchange-oma folder. Could you
tell me how to resolve this issue.

Thanks
Charles

--
charles_nana
------------------------------------------------------------------------
charles_nana's Profile: http://forums.techarena.in/members/150242.htm
View this thread: http://forums.techarena.in/small-business-server/753574.htm

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

Hi Ace,
yes I am using https://mail.mydomain.com/exchange to connect. When I
try with Firefox it works. I think this behaviour explained in
http://support.microsoft.com/kb/280823  some thing to do with HTTP-DAV

Thanks for your help.

Charles

--
charles_nana
------------------------------------------------------------------------
charles_nana's Profile: http://forums.techarena.in/members/150242.htm
View this thread: http://forums.techarena.in/small-business-server/753574.htm

1. You are using ISA where the OWA wasn't published correctly,
2. The system was upgraded from 2000 (which I assume you had migrated, not
upgraded from if you did have 2000)
3. SSL is enabled on every sub web in IIS under the default website
4. Permissions were altered.

Keep in mind, OWA works 'out of the box' for IE clients. If it doesn't,
something was altered or may be corrupted. Based on what I mentioned, as
well as the article, can you pinpoint which of them apply to what may have
caused this?

Have you re-ran the wizard to reset the settings?

Hi Ace,
Thanks for your suggestions.
1. There is no ISA server in the environment
2.It was not upgraded from 2000. OWA was working until I tried to
configure Active Sync.
3. I checked the SSL certificate for evry web site under default. it
was like this
Exchange-OMA  - No
ExAdmin - Yes
Exchange - Yes
Public -Yes
RPC - Yes
RPC withCert -No
tsweb -No
4. This might be true. How can I check the proper permission?

I did not run the wizard to reset the configuration. That would be my
last resort.

Thank you
Charles

--
charles_nana
------------------------------------------------------------------------
charles_nana's Profile: http://forums.techarena.in/members/150242.htm
View this thread: http://forums.techarena.in/small-business-server/753574.htm

Hi Charles,

Sorry for my late response.

If other web browser works fine and issue only occurs when using IE to access OWA website externally, then you may go ahead to follow KB280823 to troubleshoot this issue.

As Ace indicated, if you have not tried rerun CEICW, please give it a try first. Meanwhile, just for your reference, here are some articles about how to reset the Exchange OWA
virtual directories on SBS:

Virtual Internet Information Services (IIS) Directories That Are Used by Outlook Web Access in Exchange Server 2003
<http://support.microsoft.com/kb/821898/en-us>

How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange 2003
<http://support.microsoft.com/kb/883380/en-us>

Hope this helps.

Do you have IP restrictions set in the Default Web Site? Look at the error
from the Microsoft Exchange Test site:
========
<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses
that are not allowed to access the Web site, and the IP address of your
browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be
able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been
rejected.<br>Internet Information Services (IIS)</h2>
========

If you followed 817379, then that means you have Forms Based Authentication.
Is that correct?
If you have Forms Based Authentication set, I believe the wizard will
configure all of this for you and there's no need to do it this way.

The steps in 817379 are to create an additional subweb for ActiveSync so it
bypasses the Forms authentication. The steps in the article must be followed
step for step, including checking your spelling and case sensitivity when
creating the registry entries. If you do not follow all of the steps as
indicated, then it won't work.

Getting back to the wizard, You do know the wizard will set all this up for
you?
http://www.msexchange.org/tutorials/Configuring-Incoming-Outgoing-Ema...

Take a look at this, too, to see if it applies:

You receive an error message when you try to perform any editing tasks, or
you must click to enable the compose frame in Outlook Web Access:
http://support.microsoft.com/default.aspx/kb/911829/

""Robbin Meng [MSFT]"" <v-rob...@online.microsoft.com> wrote in message
news:abO4o6cXKHA.1512@TK2MSFTNGHUB02.phx.gbl...

I posted before seeing your post, but glad you posted KB280823. I actually
meant to post KB280823  instead of KB911829. I was looking at both of them,
but posted the wrong one.

That should be the one that will fix it, but I honestly think the re-running
the wizard will straighten out everything, unless of course something was
changed that the wizard can't address.

Hi Ace and Robbin,
I followed KB280823 and it fixed the issue. Thank both of you for
valuable help. this is a great forum.

Thanks and have a nice day.

Charles

--
charles_nana
------------------------------------------------------------------------
charles_nana's Profile: http://forums.techarena.in/members/150242.htm
View this thread: http://forums.techarena.in/small-business-server/753574.htm

Hi Charles,

Glad to know the information was helpful. You are welcome.

Please do not hesitate to post in SBS newsgroup if you need any assistance in the future.

Cheers.