travis' brain dump

Probably one of the most common complaints when someone is deploying Exchange  and the organization has Windows Mobile Phones that they would like to sync up with the Exchange server is the puzzling “Why won’t this just work?” question that plagues system administrators. Usually this is following the flagging the option to use forms-based authentication. While the solution is out there, sometimes folks don’t know exactly why or where the problem is originating so they have a hard time finding it. Well, hopefully this little paragraph describing the problem will allow some search engine somewhere to allow someone, somewhere to locate this solution easier. That and it’s always good to just have this one handy in your local arsenal of tools that Myke and I are comprising. So. Adding to our list of ‘ oh yeah, that’s how I fixed that ‘ articles… here’s how to resolve why Microsoft ActiveSync will not work any Exchange installation where SSL and/or forms-based authentication has been enabled out of the box.  Keep in mind these changes should be made to the server with the mailboxes on them, not a front-end server. Also something worth noting is that if you have an SBS2003 installation, these options should already be set. If they are not or you are having problems with ActiveSync, run through these instructions to check and ensure that they are all present. If they are, perhaps your problem isn’t in authentication or contacting the server, but something a little easier to address. 🙂

**This method will involve creating a new virtual directory from a copy of the original to handle related requests. If you are not comfortable with registry changes or IIS settings, you may not want to try this.

Disable forms-based authentication on the Exchange server you are about to modify.

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Create a secondary virtual directory and configure ActiveSync to communicate with it.

1. Start Internet Information Services (IIS) Manager.
2. Locate the Exchange virtual directory. The default location is as follows:
   Web Sites\Default Web Site\Exchange
3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7. Under Select a configuration to import , click Exchange, and then click OK.A dialog box will appear that states that the “virtual directory already exists.”
8. Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10. Click the Directory Security tab.
11. Under Authentication and access control, click Edit.
12. Make sure that only the following authentication methods are enabled, and then click OK:
    • Integrated Windows authentication
    • Basic authentication
13. On the Directory Security tab, under IP address and domain name restrictions, click Edit.
14. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.
15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16. Click OK, and then close the IIS Manager.
17. Click Start, click Run, type regedit, and then click OK.
18. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
19. Right-click Parameters, click to New, and then click String Value.
20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22. Quit Registry Editor.
23. Restart the IIS Admin service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click IIS Admin service, and then click Restart.

To re-enable forms-based communcation, you may do the following:

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Hopefully this will help you out. If not, send your error along to one of us and we’ll see if we have a solution. If we do, we’ll post it up. 🙂

Mirrored on: http://techtalk.ihatemykereinhold.com/2009/03/30/exchange-2003-activesync-w-ssl-andor-forms-based-authentication/

Anyone who has tried to set that up knows what I’m talking about. I actually got this all figured out a couple months ago but failed to make a post about how I did it, so today I found myself trying to remember what I did while trying to fix one of our other sites. So this time, I’m going to post it up.

The surprisingly common error you see when you setup ISA 2006 with Exchange 2007 and try to access ActiveSync manually is the following:

501 – Header values specify a method that is not implemented.

This is a good error actually, it means ActiveSync should be working fine, however, if your ISA server points to a EX2007 Client Access Server (CAS) which then proxies to other CAS servers in your environment, you may get a message like the following when trying to access a mailbox in another internal site:

405 – HTTP verb used to access this page is not allowed.

At that point you start to question your sanity and your skills on Google as you can’t seem to figure out for the life of you why after all that work of making sure the configurations matched up on all your servers did it now not work? You can access the local CAS server directly and pick up the 501 but whenever you try to hit ActiveSync through the CAS Proxy it seems to just bomb on you.

Assuming the above is true and you can indeed connect to it directly, try looking at a few settings. In IIS Manager, look at the properties for ‘ Microsoft-Server-ActiveSync ‘ under your Default Web Site (or non-Default) and check on your settings for Handler Mappings and Authentication. You should have the following:

• Handler Mappings – Make sure the OptionsVerbHandler is configure for ‘All verbs’ not just ‘OPTIONS’
• Authentication – Make sure all Authentication options are disabled except for ‘ Basic Authentication ‘ and ‘ Windows Authentication’

If you’ve configured those settings, make sure your Proxy CAS and Target CAS are both running the same Exchange rollup version and reboot them. It should be working now.

Hopefully this will help some poor soul out there.

Mirrored on http://techtalk.homerun-networks.com/2009/03/25/multiple-exchange-2007-servers-isa-2006-activesync/

You want to talk about an odd happening?

This morning I arrived at work to discover that my Exchange 2007 servers all had their ‘Microsoft Exchange Transport’ services offline. Now, this only occured with the systems running Forefront as well. This wasn’t limited to just the servers at my company but other Exchange 2007 servers I administer outside of the company as well. Very strange. If this has happened to you as well, comment or email me if you’ve discovered anything that could lead to the exact reason this occured. Again, this only happend on EX2007 systems running ForeFront for Exchange.

You know, so far so good is all I have to say.

I had some struggles with some of the media features at first (mainly due to my GPO (see vista x64 blogs)) but once I figured them out it was smooth sailing.

Overall I have to say that some of the immediate features do have some appeal. “Out of the box” installation was really painless and was ready to go in under 30 minutes. I’m sure the install times will vary for most people but I have to say this was a pretty good experience. I’m running a Dual Core 3.0 GHz w/ 4GB of RAM and two striped Seagate 400GB drives in 64bit mode if anyone wants to compare for install times.

Post installation and domain join the system was ready to go. Some of the features that jumped right out at me was the creative (or should I say not so creative) approach to the task bar. It reminded me heavily of the Mac OSX Dock, however it was a nice refreshing approach to the crap we’ve previously had since the inception of Windows 95. Good job there kids.

Aero peek was an interesting feature. Nothing like “looking through” your windows to see what’s below. Interesting but I haven’t found a real use for it yet. I’m sure with time.

Back to the task bar and start menu, something I kind of liked was the jump-list feature. It offers up a list of items based on the application, not just an encompassed “Recent Documents” approach. You hit the IE icon, you see lists of previous websites. You hit the Word icon and you get previously opened documents. Kinda cool if you’re into that sort of thing. 🙂

Windows Media Center and Windows Media Player actually gave me a double take. Similar to their previous versions in operation, but slightly different in presentation. WMP actually has some nice features to it and the library loads up exponentially faster. To those that know me and have seen my frustration when doing a library refresh that takes a few hours with WMP 11, you’ll be pleased to know my angry rants were solved here. WMP 12 loads up the entire collection from the SAN volume in under 10 minutes. LOL With that, WMC is just as responsive. The WMCE experience on the XBOX 360 was much improved and much more responsive. It was nice to actually see instant response to a movement request instead of the 2 second pause I keep seeing on my Vista MCE experience (despite moving to x64 which was a dramatic improvement over x32).

Something I hope to play with a little more is the Device Stage. It’s kind of a like a task center based on the devices you plug into your system. I would assume Zune users would see the most benefit here, but I haven’t had enough time to really test or play with it so I can’t really give a good review of this function right now.

Overall I would have to say that while Windows 7 has some really cool features at this point it’s not too different in function than Windows Vista. Yes, they have addressed a lot of the issues surrounding UAC and other annoying Vista “features” but there is still much to be done if they’re going to aesthetically please the masses. Performance however is greatly improved and I have to say that the backing off the resources is greatly appreciated. She’s still a beast, but a much more tamer beast now which I and my sanity greatly appreciate the effort.

Hopefully I will get some more test time in with this animal. Maybe I can find some more things to rant or rave about. 🙂

Till then…