Click to get started.Exchange 2003 ActiveSync / ExRCA Error HTTP 403 on FolderSync
2 comment(s)I had been beating my head a little lately on two recent ActiveSync/OMA setups in Exchange 2003. We always follow the same path, and since most of our work deals with Exchange 2007/2010 lately, it has been a while since we have had to set this up for Exchange 2003.
All of the basics where checked (ssl settings, file permissions, iis permissions, FBA/exchange-oma vdir, etc.) but the Exchange Remote Connectivity Analyzer still failed the FolderSync step with the error in ExRCA:
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
And in the IIS Log:
2010-07-19 21:20:01 W3SVC1 1.2.3.4 POST /Microsoft-Server-Activesync/ Cmd=FolderSync&User=username&DeviceId=120651982&DeviceType=TestActiveSyncConnectivity&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:1C1I463S1190R0S0L0H0P 443 domain\username 65.54.166.78 Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com) 403 0 0
All other tests were passing with flying colors, but this was causing the testing to fail. This all came down to the default Device Security settings. To temporarily work around this, to finish testing with the tool:
- Open up Exchange System Manager
- Expand Global Settings
- Open up Properties of Mobile Services
- Click Device Security
- Uncheck Enforce password on device
- Run iisreset from the command prompt
Retry your test with the ExRCA, and when everything passes, reverse the security setting and restart IIS again.
I wound up down this path based on a very useful troubleshooting article found at http://www.it-eye.co.uk/faqs/readQuestion.php?qid=1 *Update 1/19/2012* The referenced site is no longer available. A PDF snapshot of the site from archive.org is attached to this post.
As this is meant to be a note on a specific issue, the above site is very useful for troubleshooting, and the below steps are what steps are followed on a fresh Exchange environment
The quick path of our Exchange 2003 OWA/OMA/ActiveSync setups:
- Setup an SSL certificate from a valid authority
- Setup the requirement of SSL on /Exchange and /Public VDirs
- Add a default redirect to https & /exchange
- Enable FBA, high compression
- Create the /exchange-oma VDir, adjust SSL & security settings
- Add the /exchange-oma parameter to the registry
- Restart IIS Admin service
- Test via ExRCA
| Attachment | Size |
|---|---|
| it_eye_exchange_faq.pdf | 1.76 MB |
Comments
ActiveSync woes...
Hi Daniel, I have been working on an Exchange 2003 ActiveSync configuration project over the past few weeks and thought I finally had made it to the finish line. Unfortunately fate had other ideas. I am now stuck with the same error you ran into, but after following your steps I'm still getting the same message. I tried following the link you have to the UK site, but it no longer exists. If you have anything further you might be able to share, I'd appreciate it! -Bob
RE: ActiveSync woes...
Thanks for the heads up, I just attached a PDF snapshot of the article from http://web.archive.org/web/20100313013038/http://www.it-eye.co.uk/faqs/r...
Good luck with your troubleshooting. Another link that I've tried in the past is http://www.experts-exchange.com/Software/Server_Software/Email_Servers/E... some times the fixes can be tricky, but there's always a solution.