I have implemented a Mobile Device Management system. The finall stage of this is restrict access to the ActiveySync virtual directory, only allowing access from the proxy server of the MDM system. This isn't too complicated. I have configured this in IIS(6) under the properties of the Microsoft-Server-ActiveSync virtual directory. This all works as expected. But after configuring this I get an error when opening ESM from the CAS server. I get the same error with the get-activesyncvirtualdirectory command _______________ Get-ActiveSyncVirtualDirectory : Unable to create Internet Information Services (IIS) directory entry. Error message is: Exception from HRESULT: 0x80005008. HResult = -2147463160. At line:1 char:31 + Get-ActiveSyncVirtualDirectory <<<< -server CAS01 + CategoryInfo : NotSpecified: (0:Int32) [Get-ActiveSyncVirtualDirectory], IISGeneralCOMException + FullyQualifiedErrorId : 881F3225,Microsoft.Exchange.Management.SystemConfigurationTasks.GetMobileSyncVirtualDirectory ----------------------------------- Everything is running and accessible but I am not able to manage activesync from ESM.

I would add your exchange servers and AD servers in the ACL list for grins.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

This appears to apply to my situation. http://support.microsoft.com/kb/939573

The scenario reminds of of when you restrict a computer to only log on to a specific system in ADUC, for example you want a call center agent to only log onto his machine, however by doing this you actually restrict the user from not being able to access any other services, sharepoint, exchange... by doing the ip restriction on the activesync vdir, you basically restricted the unforseen background proxy calls. I would try adding all your Exchange servers and DC's to the permit list.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

This appears to apply to my situation. http://support.microsoft.com/kb/939573

This appears to apply to my situation. http://support.microsoft.com/kb/939573 Hi The_Messager, Yes, please see this similar post: IIS IP restriction on CAS server destroys it http://social.technet.microsoft.com/forums/en-US/exchangesvrgeneral/thread/18fbfc64-eae5-4660-8f7e-b57f35dc862e/ Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Frank Wang TechNet Community Support

Thanks Frank, that's where I found the hotfix. The issue in that thread was a little different because there was an issue with services being down, mine was just the ESM not showing, powershell not "get"ing the activesyncvirtualdirectory. The fix did resolve my issue completely. I expect there will be more of this as MDM systems come in with a proxy for EAS.

This appears to apply to my situation. http://support.microsoft.com/kb/939573 Hi The_Messager, Yes, please see this similar post: IIS IP restriction on CAS server destroys it http://social.technet.microsoft.com/forums/en-US/exchangesvrgeneral/thread/18fbfc64-eae5-4660-8f7e-b57f35dc862e/ Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Frank Wang TechNet Community Support