SBS2003 – ActiveSync Fun

I’ve had the same problem with Small Business Server 2003 and ActiveSync a few times now. Users get one of these new fangled phones, I go to set them up only to find it won’t quite work.

Exchange Connectivity Tester should be your first port of call. It runs through step by step to show you where it is failing. 9/10 times it is either a security certificate issue or….

FolderSync command test failed
Exchange Returned an HTTP 500 response

There are if you aren’t able to see any obvious problems I would recommend you save yourself some time and reset the IIS exchange virtual directories and then create a new one for Outlook Mobile Access. Its actually quite quick and simple although It does mean that no one can access OWA while you are doing it however  it shouldn’t take more than 15 minutes if you read through first. The following are two sections taken from Microsoft knowledge base articles.

Reseting the default virtual directories

 http://support.microsoft.com/kb/883380

Back up your IIS Metabase. To do this, follow these steps: Start IIS Manager. Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File. Delete the virtual directories for Outlook Web Access. To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yeswhen you are prompted with the question of whether you want to delete this item.Repeat this step for the following virtual directories:Quit IIS Manager. Exchange ExchWeb Microsoft-Server-ActiveSync OMA Public Click Start, click Run, type cmd, and then press ENTER. Change to the following folder. In this example, Driveis the hard disk drive where Windows is installed: Drive:\inetpub\adminscripts Type adsutil, and then press ENTER. Important By default, CScript is not the default scripting host for Windows Server 2003. To run the adsutil command, CScript must be configured as the default scripting host. To do this, click Yes if you are prompted to register CScript as you default host for VBscript, and then click OK.Note If you receive a list of adsutil command options, CScript is already configured as the default scripting host for VBscript. Type adsutil delete ds2mb, and then press ENTER. Note To set the default scripting host to WScript, type WScript //H:WScript at the command prompt, press ENTER, and then click OK. Click Start, point to All Programs, point to Administrative Tools, and then click Services. To restart the Microsoft Exchange System Attendant service, follow these steps: Click Start, click Run, type services.msc, and then click OK. Right-click Microsoft Exchange System Attendant, and then click Restart. When you are prompted to restart the dependant Exchange Server services, click Yes.NoteWhen you restart the Microsoft Exchange System Attendant service, the Microsoft Exchange Information Store service is also restarted. In this scenario, your Exchange Server users lose connectivity to their Exchange Server mailboxes.The virtual directories are re-created. To verify that the virtual directories are re-created, start IIS Manager, and then view the Default Web site folder.Important If the virtual directories are not re-created after 15 minutes, restart the computer. Reset the access permissions to Anonymous. To do this, follow these steps: Start IIS Manager, right-click ExchWeb, click Properties, and then click the Directory Security tab. Under Authentication and access control click Edit, and then verify that the Enable anonymous access check box is turned on. Click to select the Integrated Windows authentication check box, click OK, and then click Apply. If an Inheritance Overrides dialog box appears, click Select All, and then click OK. Under Authentication and access control, click Edit, and then click to clear the Integrated Windows authentication check box. Click OK two times, and then quit IIS Manager.

Creating a new OMA Virtual Directory

Copy Pasted from http://support.microsoft.com/?kbid=817379

Disable the forms-based authentication for the Exchange virtual directory // To create a secondary virtual directory for Exchange that is based on steps 1 through 7 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps: Open Exchange Manager. Expand Administrative Groups, expand the first administrative group, and then expand Servers. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK. Close Exchange Manager. Click Start, click Run, type IISRESET /NOFORCE, and then press ENTER to restart Internet Information Services (IIS). Create a secondary virtual directory for Exchange server // You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps: Start Internet Information Services (IIS) Manager. Locate the Exchange virtual directory. The default location is as follows: Web Sites\Default Web Site\Exchange Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File. In the File name box, type a name. For example, type ExchangeVDir. Click OK. (If you are doing this on SBS2003 Backup then and Delete the Exchange-OMA virtual folder, you will find out why in a second) Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file). In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File. Under Select a configuration to import , click Exchange, and then click OK.A dialog box will appear that states that the “virtual directory already exists.” Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK. (It must be called exchange-oma on sbs2003) Right-click the new virtual directory. In this example, click exchange-oma. Click Properties. Click the Directory Security tab. Under Authentication and access control, click Edit. Make sure that only the following authentication methods are enabled, and then click OK:On the Directory Security tab, under IP address and domain name restrictions, click Edit. Integrated Windows authentication Basic authentication Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK. Click OK, and then close the IIS Manager. Click Start, click Run, type regedit, and then click OK. Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters Right-click Parameters, click to New, and then click String Value. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK. Quit Registry Editor. Restart the IIS Admin service. To do this, follow these steps: Click Start, click Run, type services.msc, and then click OK. In the list of services, right-click IIS Admin service, and then click Restart. If you want to reuse Forms-based Authentication on the Exchange server, follow these steps to re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager. Open Exchange Manager. Expand Administrative Groups, expand the first administrative group, and then expand Servers. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties. Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK. Close Exchange Manager. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).