If you are a Small Business customer, find additional troubleshooting and learning resources at the Support for Small Business
(http://smallbusiness.support.microsoft.com)
site.
Notice
The Exchange Remote Connectivity Analyzer tool helps troubleshoot connectivity issues in a Microsoft Exchange Server deployment. The tool simulates several client logon and mail flow scenarios. When a test fails, many of the errors show troubleshooting tips that can help the IT Administrator resolve the problem.
When you try to access a Microsoft Exchange Server 2003 computer by using Microsoft Office Outlook Mobile Access or Exchange ActiveSync, you experience connection or synchronization problems. Exchange Server ActiveSync and Exchange Outlook Mobile Access (OMA) use the /Exchange virtual directory to access OWA templates and DAV on the Exchange back-end servers on which the user's mailbox is located. Exchange Server ActiveSync and OMA cannot access this virtual directory if either of the following conditions is true:
The Exchange virtual directory on an Exchange back-end
server is configured to require SSL.
Forms-based authentication is enabled.
Collapse this imageExpand this image
Note: These issues do not occur if these same conditions are true on the Exchange virtual directory on a front-end server.
When this issue occurs, you may experience one of the following symptoms in either Exchange Server ActiveSync or Outlook Mobile Access.
Unable to connect to your mailbox on server
Servername. Please try again later. If the problem
persists contact your administrator.
Additionally, the following error message is logged in the Application log in Event Viewer on the computer that is running Exchange Server:
Date:
Date Source: MSExchangeOMA Time:
Time Category: (1000) Type: Error
Event ID: 1805 User: N/A Computer:
ServerName
Description: Request from user UserA@domain.com resulted in the Microsoft(R) Exchange back-end server <ServerName> returning an HTTP error with status code 403:Forbidden
Response: Content-Length: 1409 Content-Type: text/html
Server: Microsoft-IIS/6.0 MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET Date: Fri, 21 Feb 2003 02:25:34 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page must be viewed over a secure
channel</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html;
charset=Windows-1252">
You receive the following error message:
A System error has occurred while processing your
request. Please try again. If the problem persists, contact your administrator.
Additionally, the following error message is logged in the Application log in Event Viewer on the server that is running Exchange Server:
Date: Date Source: MSExchangeOMA
Time: Time Category: (1000) Type:
Error Event ID: 1507 User: N/A Computer:
ServerName
Description: An unknown
error occurred while processing the current request: Exception of type
Microsoft.Exchange.OMA.DataProviderInterface.ProviderException was thrown.
Stack trace: at
Microsoft.Exchange.OMA.UserInterface.Global.Session_Start(Object sender,
EventArgs e) at
System.Web.SessionState.SessionStateModule.CompleteAcquireState() at
System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source,
EventArgs e, AsyncCallback cb, Object extraData) at
System.Web.AsyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)
Inner Error: Exception has been
thrown by the target of an invocation.
Inner Error: The remote server returned an error: (440)
Login Timeout.
Stack trace: at
Microsoft.Exchange.OMA.ExchangeDataProvider.OmaWebRequest.GetRequestStream()
at
Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeServices.GetSpecialFolders()
at
Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeServices..ctor(UserInfo
user)
Synchronization failed due to an error on the server. Try again.
Error code: HTTP_500
Additionally, on a server that is
running Exchange Server 2003 Service Pack 2 (SP2), the following events are
logged in the Application log on the Exchange computer.
Event 1
Event Type: Error Event Source: Server
ActiveSync Event Category: None Event ID: 3029 Description: The
mailbox server [%1] has its [%2] virtual directory set to require SSL. Exchange
ActiveSync cannot access the server if SSL is set to be required.
For
information about how to correctly configure Exchange virtual directory
settings, click the following article number to view the article in the
Microsoft Knowledge Base:
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
Event 2
Event Type: Error Event Source: Server
ActiveSync Event Category: None Event ID: 3030 Description: The
mailbox server [%1] has forms based authentication enabled on its virtual
server. Exchange ActiveSync cannot access the server when Forms based
authentication is enabled.
For information about how to correctly
configure Exchange virtual directory settings, click the following article
number to view the article in the Microsoft Knowledge Base:
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
Event 3
Event Type: Error Event Source: Server
ActiveSync Event Category: None Event ID: 3031 Description: The
mailbox server [%1] does not allow "Negotiate" authentication to its [%2]
virtual directory. Exchange ActiveSync can only access the server using this
authentication scheme.
For information about how to configure Exchange
virtual directory settings, click the following article number to view the
article in the Microsoft Knowledge Base:
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
For information about how to correctly configure
Internet Information Services (IIS) to support Kerberos and NTLM
authentication, click the following article number to view the article in the
Microsoft Knowledge Base:
How to configure IIS to support both the Kerberos protocol and the NTLM protocol for network authentication
This issue may occur after you install Microsoft Windows SharePoint Services on a computer that is running Exchange Server 2003. For information about how to correctly configure a server to run both Windows SharePoint Services and Exchange Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services
To resolve this problem, use one of the following methods.
Collapse this imageExpand this image
Note You do not have to perform either of the methods that are described in the "Resolution" section to configure a front-end server to require SSL and to enable forms-based authentication on the front-end server.
Collapse this imageExpand this image
Note If you are running Microsoft Small Business Server 2003, the configurations that are described in Method 1 and in Method 2 in the "Resolution" section are automatically configured during setup. If you are receiving the errors that are described in the "Symptoms" section on Small Business Server 2003, run the Configure E-Mail and Internet Connection Wizard. The wizard should help you reconfigure the /Exchange virtual directory and forms-based authentication to work with Outlook Mobile Access and with Exchange ActiveSync. Method 1
Install and configure an Exchange Server 2003 computer as a
front-end server.
For more information, click the following article
number to view the article in the Microsoft Knowledge Base:
Important Method 2 should be used only in an environment that has no
Exchange Server 2003 front-end server. The registry changes should be made only
on the server on which the mailboxes are located.
Create a secondary
virtual directory for Exchange that does not require SSL, and then add a
registry value to point to the new virtual directory.
Collapse this imageExpand this image
Important This section, method, or task contains steps that tell you how to
modify the registry. However, serious problems might occur if you modify the
registry incorrectly. Therefore, make sure that you follow these steps
carefully. For added protection, back up the registry before you modify it.
Then, you can restore the registry if a problem occurs. For more information
about how to back up and restore the registry, click the following article
number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
Collapse this imageExpand this image
Note These steps affect both Outlook Mobile Access connections and
Exchange ActiveSync connections. After you follow these steps, both Outlook
Mobile Access and Exchange ActiveSync connections use the new virtual directory
that you create.
Disable the forms-based authentication for the Exchange virtual directory
To create a secondary virtual directory for Exchange that is
based on steps 1 through 7 of the following
procedure, make sure that forms-based authentication is disabled for the
Exchange virtual directory before you make the copy. Before you follow these
steps, disable forms-based authentication in Exchange System Manager. Then
restart Internet Information Services (IIS). To do this, follow these steps:
Open Exchange Manager.
Expand Administrative Groups, expand the
first administrative group, and then expand
Servers.
Expand the server container for the Exchange Server 2003
server that you will be configuring, expand Protocols, and
then expand HTTP.
Under the HTTP container, right-click the Exchange
Virtual Server container, and then click
Properties.
Click the Settings tab, clear the
Enable Forms Based Authentication check box, and then click
OK.
Close Exchange Manager.
Click Start, click Run,
type IISRESET/NOFORCE, and then press Enter to restart Internet Information Services (IIS).
Create a secondary virtual directory for Exchange server
You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:
Create the virtual directory
Start Internet Information Services (IIS)
Manager.
Locate the Exchange virtual directory. The default location
is as follows:
Web Sites\Default Web Site\Exchange
Right-click the Exchange virtual directory, click
All Tasks, and then click Save Configuration to a
File.
In the File name box, type a name. For
example, type ExchangeVDir. Click
OK.
Right-click the root of this website. Typically, this is Default Web Site. Click New, and then click Virtual
Directory (from file).
In the Import Configuration dialog box,
click Browse, locate the file that you created in step 4,
click Open, and then click Read
File.
Under Select a configuration to import ,
click Exchange, and then click OK.
A dialog box will appear that states that the "virtual directory already
exists."
Select
the Create a new virtual directory option. In the
Alias box, type a name for the new virtual directory that you
want Exchange ActiveSync and Outlook Mobile Access to use. For example, type
exchange-oma. Click OK.
Collapse this imageExpand this image
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma. The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
Configure the virtual directory
Right-click the new virtual directory. In this example, click exchange-oma, and then click Properties.
Click the Directory Securitytab.
Under Authentication and access control,
click Edit.
Make sure that only the following authentication methods
are enabled, and then click OK:
Integrated Windows
authentication
Basic authentication
On the Directory Security tab, under
IP address and domain name restrictions, click
Edit.
Click the option for Denied access, click
Add, click Single computer, and then type the IP address of the server that you are configuring.
lick OK two times.
Under Secure communications, click
Edit. Make sure that Require secure channel
(SSL) is not enabled, and then click OK.
Click OK, and then close IIS Manager.
Click Start, click Run,
type regedit, and then click OK.
Right-click Parameters, click to
New, and then click String Value.
Type ExchangeVDir, and then press Enter. Right-click ExchangeVDir, and then click
Modify.
Collapse this imageExpand this image
Note ExchangeVDir is case-sensitive. If you do
not type ExchangeVDir exactly as it appears in this
article, ActiveSync does not find the key when it locates the exchange-oma folder.
In the Value data box, type the name of
the new virtual directory that you created in step 8. For example, type
/exchange-oma. Click OK.
Exit Registry Editor.
Restart the IIS Admin service. To do this, follow these
steps:
Click Start, click
Run, type services.msc, and then click
OK.
In the list of services, right-click IIS Admin
service, and then click Restart.
If you want to reuse Forms-based Authentication on the Exchange server, follow these steps to re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager.
Open Exchange Manager.
Expand Administrative Groups, expand the first administrative group, and then expand Servers.
Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
Close Exchange Manager.
Click Start, click Run, type IISRESET/NOFORCE, and then press Enter to restart Internet Information Services (IIS).WAZOO
To access the contents of a user's mailbox in Exchange
Server 2003, the Microsoft-Server-ActiveSync and the Outlook Mobile Access
virtual directories make an explicit DAV logon to the Exchange virtual
directory. The call is similar to the following:
The Microsoft-Server-ActiveSync and Outlook Mobile Access virtual
directories cannot access the contents of the user's mailbox if the Exchange
virtual directory is configured to require SSL. The Microsoft-Server-ActiveSync
and Outlook Mobile Access virtual directories only try to connect with the
Exchange virtual directory over TCP port 80 (HTTP), not over TCP Port 443
(HTTPS).
Outlook Mobile Access tries to connect to the Exchange
virtual directory by using all the following authentication methods:
Kerberos
NTLM
Basic
When you configure forms-based authentication on the Exchange Server 2003, the authentication method for the Exchange virtual directory is set to Basic authentication, and the default Domain is set to the backslash character. The Microsoft-Server-ActiveSync virtual directory can only connect to the Exchange virtual directory by using Kerberos authentication.
For information about issues related to Outlook Mobile
Access (OMA) error messages, click the article numbers in the following list to
view the article in the Microsoft Knowledge Base:
You receive an error message when you try to create an email message, try to add a new contact, try to add a new task, try to create a new appointment in Outlook Mobile Access with Exchange Server 2003
When you try to connect to an Outlook Mobile Access Web site on an Exchange 2003 computer, you may receive the "A System error has occurred while processing your request" error message
For information about issues that are related to
Exchange ActiveSync (EAS) errors, click the appropriate article number in the
following list to view the article in the Microsoft Knowledge
Base:
Back to the top
