travis' brain dump

Probably one of the most common complaints when someone is deploying Exchange  and the organization has Windows Mobile Phones that they would like to sync up with the Exchange server is the puzzling “Why won’t this just work?” question that plagues system administrators. Usually this is following the flagging the option to use forms-based authentication. While the solution is out there, sometimes folks don’t know exactly why or where the problem is originating so they have a hard time finding it. Well, hopefully this little paragraph describing the problem will allow some search engine somewhere to allow someone, somewhere to locate this solution easier. That and it’s always good to just have this one handy in your local arsenal of tools that Myke and I are comprising. So. Adding to our list of ‘ oh yeah, that’s how I fixed that ‘ articles… here’s how to resolve why Microsoft ActiveSync will not work any Exchange installation where SSL and/or forms-based authentication has been enabled out of the box.  Keep in mind these changes should be made to the server with the mailboxes on them, not a front-end server. Also something worth noting is that if you have an SBS2003 installation, these options should already be set. If they are not or you are having problems with ActiveSync, run through these instructions to check and ensure that they are all present. If they are, perhaps your problem isn’t in authentication or contacting the server, but something a little easier to address. 🙂

**This method will involve creating a new virtual directory from a copy of the original to handle related requests. If you are not comfortable with registry changes or IIS settings, you may not want to try this.

Disable forms-based authentication on the Exchange server you are about to modify.

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Create a secondary virtual directory and configure ActiveSync to communicate with it.

1. Start Internet Information Services (IIS) Manager.
2. Locate the Exchange virtual directory. The default location is as follows:
   Web Sites\Default Web Site\Exchange
3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7. Under Select a configuration to import , click Exchange, and then click OK.A dialog box will appear that states that the “virtual directory already exists.”
8. Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10. Click the Directory Security tab.
11. Under Authentication and access control, click Edit.
12. Make sure that only the following authentication methods are enabled, and then click OK:
    • Integrated Windows authentication
    • Basic authentication
13. On the Directory Security tab, under IP address and domain name restrictions, click Edit.
14. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.
15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16. Click OK, and then close the IIS Manager.
17. Click Start, click Run, type regedit, and then click OK.
18. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
19. Right-click Parameters, click to New, and then click String Value.
20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22. Quit Registry Editor.
23. Restart the IIS Admin service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click IIS Admin service, and then click Restart.

To re-enable forms-based communcation, you may do the following:

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Hopefully this will help you out. If not, send your error along to one of us and we’ll see if we have a solution. If we do, we’ll post it up. 🙂

Mirrored on: http://techtalk.ihatemykereinhold.com/2009/03/30/exchange-2003-activesync-w-ssl-andor-forms-based-authentication/