When you try to access a Microsoft Exchange Server 2003 computer by using Microsoft Office Outlook Mobile Access or Exchange ActiveSync, you may experience connection or synchronization problems. These issues can occur if either of the following conditions is true:
•
The Exchange virtual directory on an Exchange back-end server is configured to require SSL.
•
Forms-based authentication is enabled.
However, these issues do not occur if these same conditions are true on the Exchange virtual directory on a front-end server.
When you try to access a Microsoft Exchange Server 2003
computer by using Microsoft Outlook Mobile Access or Exchange ActiveSync, you
may experience one of the following symptoms.
Unable to connect to your mailbox on server
Servername. Please try again later. If the problem
persists contact your administrator.
Additionally, the following
error message is logged in the Application log in Event Viewer on the Exchange
computer:
Date:
Date Source: MSExchangeOMA Time:
Time Category: (1000) Type: Error
Event ID: 1805 User: N/A Computer:
ServerName
Description: Request from user
UserA@domain.com resulted in the Microsoft(R) Exchange back-end server
<ServerName> returning an HTTP error with status code 403:Forbidden
Response: Content-Length: 1409 Content-Type: text/html
Server: Microsoft-IIS/6.0 MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET Date: Fri, 21 Feb 2003 02:25:34 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page must be viewed over a secure
channel</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html;
charset=Windows-1252">
•
You receive the following error message:
A System error has occurred while processing your
request. Please try again. If the problem persists, contact your administrator.
Additionally, the following error message is logged in the
Application log in Event Viewer on the Exchange computer:
Date: Date Source: MSExchangeOMA
Time: Time Category: (1000) Type:
Error Event ID: 1507 User: N/A Computer:
ServerName
Description: An unknown
error occurred while processing the current request: Exception of type
Microsoft.Exchange.OMA.DataProviderInterface.ProviderException was thrown.
Stack trace: at
Microsoft.Exchange.OMA.UserInterface.Global.Session_Start(Object sender,
EventArgs e) at
System.Web.SessionState.SessionStateModule.CompleteAcquireState() at
System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source,
EventArgs e, AsyncCallback cb, Object extraData) at
System.Web.AsyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)
Inner Error: Exception has been
thrown by the target of an invocation.
Inner Error: The remote server returned an error: (440)
Login Timeout.
Stack trace: at
Microsoft.Exchange.OMA.ExchangeDataProvider.OmaWebRequest.GetRequestStream()
at
Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeServices.GetSpecialFolders()
at
Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeServices..ctor(UserInfo
user)
Synchronization failed due to an error on the server. Try again.
Error code: HTTP_500
Additionally, on a server that is running Exchange Server 2003 Service Pack 2 (SP2), the following events are logged in the Application log on the Exchange computer.
Event 1
Event Type: Error Event Source: Server
ActiveSync Event Category: None Event ID: 3029 Description: The
mailbox server [%1] has its [%2] virtual directory set to require SSL. Exchange
ActiveSync cannot access the server if SSL is set to be required.
For
information about how to correctly configure Exchange virtual directory
settings, click the following article number to view the article in the
Microsoft Knowledge Base:
817379 (http://support.microsoft.com/kb/817379/) Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
Event 2
Event Type: Error Event Source: Server
ActiveSync Event Category: None Event ID: 3030 Description: The
mailbox server [%1] has forms based authentication enabled on its virtual
server. Exchange ActiveSync cannot access the server when Forms based
authentication is enabled.
For information about how to correctly
configure Exchange virtual directory settings, click the following article
number to view the article in the Microsoft Knowledge Base:
817379 (http://support.microsoft.com/kb/817379/) Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
Event 3
Event Type: Error Event Source: Server
ActiveSync Event Category: None Event ID: 3031 Description: The
mailbox server [%1] does not allow "Negotiate" authentication to its [%2]
virtual directory. Exchange ActiveSync can only access the server using this
authentication scheme.
For information about how to configure Exchange
virtual directory settings, click the following article number to view the
article in the Microsoft Knowledge Base:
817379 (http://support.microsoft.com/kb/817379/) Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
For information about how to correctly configure
Internet Information Services (IIS) to support Kerberos and NTLM
authentication, click the following article number to view the article in the
Microsoft Knowledge Base:
215383 (http://support.microsoft.com/kb/215383/) How to configure IIS to support both the Kerberos protocol and the NTLM protocol for network authentication
This issue may occur after you install Microsoft
Windows SharePoint Services on a server that is running Exchange Server 2003.
For information about how to correctly configure a server to run both Windows
SharePoint Services and Exchange Server 2003, click the following article
number to view the article in the Microsoft Knowledge Base:
823265 (http://support.microsoft.com/kb/823265/) You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services
Exchange Server ActiveSync and Exchange Outlook Mobile
Access (OMA) use the /Exchange virtual directory to access OWA templates and
DAV on Exchange back-end servers on which the user's mailbox is located. Server
ActiveSync and OMA cannot access this virtual directory if either of the
following conditions is true:
•
The /Exchange virtual directory on an Exchange back-end
server is configured to require SSL.
•
Forms-based authentication is enabled.
This issue does not occur when you enable these settings on the
/Exchange virtual directory on a front-end server.
Note You do not have to perform either of the methods that are
described in the "Resolution" section to configure a front-end server to
require SSL and to enable forms-based authentication on the front-end server.
Note If you are running Microsoft Small Business Server 2003, the
configurations that are described in Method 1 and in Method 2 in the
"Resolution" section are automatically configured during Setup. If you are
receiving the errors that are described in the "Symptoms" section on Small
Business Server 2003, run the Configure E-Mail and Internet Connection Wizard.
The wizard should help you reconfigure the /Exchange virtual directory and
forms-based authentication to work with Outlook Mobile Access and with Exchange
ActiveSync.
Install and configure an Exchange Server 2003 computer as a
front-end server.
For more information, click the following article
number to view the article in the Microsoft Knowledge Base:
818476 (http://support.microsoft.com/kb/818476/)
You can configure either Exchange Server 2003 Standard Edition or Exchange Server 2003 Enterprise Edition as a front-end server
Important Method 2 should be used only in an environment that has no
Exchange Server 2003 front-end server. The registry changes should be made only
on the server on which the mailboxes are located.
Create a secondary
virtual directory for Exchange that does not require SSL, and then add a
registry value to point to the new virtual directory.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows
Note These steps affect both Outlook Mobile Access connections and
Exchange ActiveSync connections. After you follow these steps, both Outlook
Mobile Access and Exchange ActiveSync connections use the new virtual directory
that you create.
Before you begin
To create a secondary virtual directory for Exchange that is based on steps 1 through 4 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps:
1.
Open Exchange Manager.
2.
Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3.
Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4.
Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5.
Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
6.
Close Exchange Manager.
7.
Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).
Additionally, you must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:
1.
Start Internet Information Services (IIS)
Manager.
2.
Locate the Exchange virtual directory. The default location
is as follows:
Web Sites\Default Web Site\Exchange
3.
Right-click the Exchange virtual directory, click
All Tasks, and then click Save Configuration to a
File.
4.
In the File name box, type a name. For
example, type ExchangeVDir. Click
OK.
5.
Right-click the root of this Web site. Typically, this is
Default Web Site. Click New, and then click Virtual
Directory (from file).
6.
In the Import Configuration dialog box,
click Browse, locate the file that you created in step 4,
click Open, and then click Read
File.
7.
Under Select a configuration to import ,
click Exchange, and then click OK.
A dialog box will appear that states that the "virtual directory already
exists."
8.
In the Alias box, type a name for the new
virtual directory that you want Exchange ActiveSync and Outlook Mobile Access
to use. For example, type exchange-oma. Click
OK.
9.
Right-click the new virtual directory. In this example,
click exchange-oma. Click
Properties.
10.
Click the Directory Security
tab.
11.
Under Authentication and access control,
click Edit.
12.
Make sure that only the following authentication methods
are enabled, and then click OK:
•
Integrated Windows
authentication
•
Basic authentication
13.
On the Directory Security tab, under IP address and domain name
restrictions, click Edit.
14.
Click the option for Denied access, click
Add, click Single computer and type the IP
address of the server that you are configuring, and then click
OK.
15.
Under Secure communications, click
Edit. Make sure that Require secure channel
(SSL) is not enabled, and then click OK.
16.
Click OK, and then close the IIS Manager.
17.
Click Start, click Run,
type regedit, and then click OK.
Right-click Parameters, click to
New, and then click String Value.
20.
Type ExchangeVDir, and then press
ENTER. Right-click ExchangeVDir, and then click
Modify.
NoteExchangeVDir is case-sensitive. If you do
not type ExchangeVDir exactly as it appears in this
article, ActiveSync does not find the key when it locates the exchange-oma folder.
21.
In the Value data box, type the name of
the new virtual directory that you created in step 8. For example, type
/exchange-oma.
Click OK.
22.
Quit Registry Editor.
23.
Restart the IIS Admin service. To do this, follow these
steps:
a.
Click Start, click
Run, type services.msc, and then click
OK.
b.
In the list of services, right-click IIS Admin
service, and then click Restart.
Note If the server is Microsoft Windows Small Business Server 2003
(SBS), the name of the Exchange OMA virtual directory must be exchange-oma.
The integrated setup of Microsoft Windows Small Business
Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the
ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
To access the contents of a user's mailbox in Exchange
Server 2003, the Microsoft-Server-ActiveSync and the Outlook Mobile Access
virtual directories make an explicit DAV logon to the Exchange virtual
directory. The call is similar to the following:
The Microsoft-Server-ActiveSync and Outlook Mobile Access virtual
directories cannot access the contents of the user's mailbox if the Exchange
virtual directory is configured to require SSL. The Microsoft-Server-ActiveSync
and Outlook Mobile Access virtual directories only try to connect with the
Exchange virtual directory over TCP port 80 (HTTP), not over TCP Port 443
(HTTPS).
Outlook Mobile Access tries to connect to the Exchange
virtual directory by using all the following authentication methods:
•
Kerberos
•
NTLM
•
Basic
When you configure forms-based authentication on the Exchange
Server 2003, the authentication method for the Exchange virtual directory is
set to Basic authentication, and the default Domain is set to the backslash
character. The Microsoft-Server-ActiveSync virtual directory can only connect
to the Exchange virtual directory by using Kerberos authentication.
For information about issues related to Outlook Mobile Access (OMA) error messages, click the article numbers in the following list to view the article in the Microsoft Knowledge Base:
842023 (http://support.microsoft.com/kb/842023/) You receive an error message when you try to create an e-mail message, try to add a new contact, try to add a new task, try to create a new appointment in Outlook Mobile Access with Exchange Server 2003
898131 (http://support.microsoft.com/kb/898131/) When you try to connect to an Outlook Mobile Access Web site on an Exchange 2003 computer, you may receive the "A System error has occurred while processing your request" error message
For information about issues that are related to Exchange ActiveSync (EAS) errors, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:
886346 (http://support.microsoft.com/kb/886346/) You receive an HTTP 500 error message when you synchronize your mobile device with Microsoft Exchange Server 2003
826974 (http://support.microsoft.com/kb/826974/) "Synchronization failed due to an error on the server" error message when you try to synchronize a mobile device with a Exchange 2000 server
Need More Help? Contact a Support professional by Email, Online or Phone.
Customer Service For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
Newsgroups Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.
Back to the top
