Exchange 2007 Activesync with ISA 2006
Alright, I've got a weird occurence - I can't seem to get Activesync to work through the ISA 2006 server. When I VPN into our network, and then initiate a local connection, Activesync works just fine on iPhones. But trying to come in through the ISA 2006
server seems to be failing, although the ISA logs show connectivity.
-------------------------------
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name webmail.contoso.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host webmail.contoso.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://webmail.contoso.com/Microsoft-Server-Activesync/.
The HTTP authentication test failed.
Tell me more about this issue and how to resolve it
Additional Details
The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
-------------------------------
Any ideas what to try troubleshooting next? The webmail address is the OWA address published via ISA and not the exchange server name, which is not published outside the intranet.
May 26th, 2011 9:33pm
Have you published Activesyn in isa 2006?
For more information see this link:http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part6.html
Best regardsBest Regards Don't forget to mark it as answer if it helps
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2011 12:00am
Yes, I have walked through the Activesync publish process, and set it to listen using the same listener as OWA (which does work by going to http://webmail.contoso.com).
I'm sure I'm missing something basic on the ISA server - am I right in concluding that because I can setup a phone and sync properly when VPN'ed into the network (bypassing ISA), that the Exchange server is setup properly? I've setup 40 or so mobile devices
with VPN and they are all working properly. I'd just like to remove the VPN step and use activesync to manage/sync the mobile devices with our already published Web Access via ISA.
Thank you for your quick response and assistance.
May 27th, 2011 12:51am
Use the Exchange Remote connectivity analyzer in this link https://www.testexchangeconnectivity.com/
and then select activesync.Tell us the result
Good luck!Best Regards Don't forget to mark it as answer if it helps
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2011 1:47am
here are the results - thanks again for taking a look.
-------------------------------
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name webmail.contoso.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host webmail.contoso.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://webmail.contoso.com/Microsoft-Server-Activesync/.
The HTTP authentication test failed.
Tell me more about this issue and how to resolve it
Additional Details
The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
-------------------------------
May 27th, 2011 3:44am
Hi,
Try to see this thread it reports the same issue like you:
http://social.technet.microsoft.com/Forums/vi-VN/exchangesvrmobility/thread/75f749c8-271e-47bf-a71c-aa6a84646d1f
Try first to recreate the ActiveSync Virtual Directory by removing it and then create it again. Don't forget to restart IIS and test again with exchangeTestconnectivity.
Hope that work !!Best Regards Don't forget to mark it as answer if it helps
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2011 11:00am
Hi
Take properties on the publishing rule and test and verify it, it will give you an indication on what might be an issue
Make sure the authentication are matching each other, the Exchange authentication for EAS and the used method in the publishing rule.
I did a post about how to publish services using TMG for Exchange 2010, it's almost the same procedure, you can have a look and compare them
http://www.testlabs.se/blog/2010/07/27/how-to-publish-owaactivesyncoutlook-anywhere-exchange-2010-with-microsoft-forefront-tmg-2/
Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog:
http://www.testlabs.se/blog | Follow me on twitter:
jonand82
May 29th, 2011 8:33pm