Configure ActiveSync with a single Exchange server (Exchange sync for an iPhone)

I recently picked up a first-generation iPhone from a friend and after playing around with it for a while I decided that I needed to have my email synchronized on it. For my business I run my BES, Exchange with RPC over HTTPS and ISA on a Server 2003 virtual machine, so my infrastructure was almost ready.

Almost, but not quite. A typical ActiveSync deployment consists of a front-end Exchange server, an ISA server and a second Exchange server. I've only got a single VM (more for convenience than anything else), so I had to make a few changes.

Assumptions

I'm assuming that you've got Exchange and ISA working, either on a single box or two individual servers. You also have a valid SSL certificate and port 443 is open.

Exchange Configuration

Enable ActiveSync

Open the Exchange System Manager (ESM) and expand the Global Settings tree. Right click on Mobile Service, choose Properties and ensure that the ActiveSync options are all checked.

IIS Configuration

These steps are identical to the ones in Microsoft KB 817379 – Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003.

  1. Start Internet Information Services (IIS) Manager.
  2. Locate the Exchange virtual directory. The default location is as follows:
  3. Web Sites\Default Web Site\Exchange
  4. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
  5. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
  6. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
  7. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
  8. Under Select a configuration to import, click Exchange, and then click OK.
  9. A dialog box will appear that states that the "virtual directory already exists."
  10. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type ExchDAV. Click OK.
  11. Right-click the new virtual directory. In this example, click ExchDAV. Click Properties.
  12. Click the Directory Security tab.
  13. Under Authentication and access control, click Edit.
  14. Make sure that only the following authentication methods are enabled, and then click OK:

    • Integrated Windows authentication
    • Basic authentication
  15. On the Directory Security tab, under IP address and domain name restrictions, click Edit.
  16. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK.
  17. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
  18. Click OK, and then close the IIS Manager.
  19. Click Start, click Run, type regedit, and then click OK.
  20. Locate the following registry subkey: 
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
  21. Right-click Parameters, click to New, and then click String Value.
  22. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.
  23. Note ExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the ExchDAV folder.
  24. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /ExchDAV. Click OK.
  25. Quit Registry Editor.
  26. Restart the IIS Admin service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click IIS Admin service, and then click Restart.

ISA Configuration

You'll want to increase the heartbeat to 30 minutes per Microsoft KB 905013 – Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology. If you don't do this you'll receive Event ID 3033 in your Application event log with the message:

The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [540]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

  1. Open ISA Server Management and click Firewall Policy.
  2. On the Toolbox tab, click Network Objects.
  3. Expand the Web Listeners node, and then view the advanced properties of the applicable Web Listener.
  4. Click the Preferences tab, and then click Advanced.
  5. Modify the Connection Timeout from the default 120 seconds (2 minutes) to 1800 seconds (30 minutes).
  6. Click OK two times to accept these changes.
  7. Click Apply.

The End

That's really all there is to it. If you've got RPC over HTTPS working then your ISA server should be ready to handle traffic on port 443, and you're only a few steps away from ActiveSync glory.

 

Tags: , , , ,

Posted on Tuesday, August 5th, 2008 at 9:55 pm | Filed under iPhone, Technology
You can follow any responses to this entry through the Comments feed.
Post a Comment | Trackback URL | Permalink URL

35 Responses to “Configure ActiveSync with a single Exchange server (Exchange sync for an iPhone)”

  1. links for 2008-09-25 * Blog * RobMaurizi.com Says:
    September 25th, 2008 at 5:32 am

    [...] Configure ActiveSync with a single Exchange server (Exchange sync for an iPhone) | corey gilmore&#39… Attn IT Staff: Follow the directions. kthxbye (tags: iphone exchange sync) [...]

  2. mike Says:
    October 15th, 2008 at 10:58 pm

    AWESOME. it took me 2 weeks to find this article, and 2 mins to get it working. thanks a bunch dude.

  3. Chris Says:
    October 20th, 2008 at 4:05 pm

    Ah all was great until this broke Entourage (half of our users). Rats.

    For now, disabling Anonymous Authentication for the normal OWA virtual directory seems to be working. iPhones work, blackberries work, windows mobile devices work, OWA works, PCs work, Macs work, OMA works..

    *crossing fingers*

  4. Dan Says:
    November 8th, 2008 at 10:35 pm

    I tried the tips here, but my system broke as well. Where did you find these steps? What type of certifications do you have? I'm worried about other issues because of the changes you suggest here. Did anyone else have issues too?

  5. Lawernce Stevens Says:
    February 14th, 2009 at 5:51 pm

    Like Dan, I thought these steps would do it. Hate to report that they did not work. Back to searching.

  6. Corey Says:
    February 18th, 2009 at 12:22 am

    What version of Exchange are you running? I've tested it on Exchange 2003 in a few different configurations with no issues. As far as Dan's somewhat trolling comment, the steps are straight from Microsoft KB 817379, which I link to in the post.

  7. dan Says:
    May 7th, 2009 at 10:51 am

    there is no way this is correct

  8. Corey Says:
    May 12th, 2009 at 2:54 pm

    @dan – You're right, this is all bullshit. I went through the effort of posting it just to amuse myself. I guess the joke's on you.

  9. Lost In Texas Says:
    May 25th, 2009 at 12:44 am

    Ouch! Corey, your killing me! Nice graphics, but where did you come up with these steps.. One minute my OWA was working, now it is not! I suggest everyone to proceed at your own risk.. This is dangerous!

  10. Corey Says:
    May 26th, 2009 at 3:17 pm

    @Lost In Texas – the steps here are directly from Microsoft KB 817379, it's not something I threw together. I suggest you check your error logs (Windows and IIS) for more information.

  11. Jon Says:
    July 22nd, 2009 at 6:20 pm

    i'd say same results as dan. oddly this site says it works but no way working. tried multiple times. what type of device was this typed up for? Texas — did you mean your system is not working now. wow

  12. cokebaby Says:
    August 1st, 2009 at 6:34 am

    Corey – brilliant. I'd already got my Exchange2003 server set up correctly previously – but my iPhone suddenly stopped synching to it. Eventually – having run through your instuctions again checking things off one-by-one, I discovered my external IP had been changed by my provider. An update there, and happy days.

    I've bookmarked this page for the next time it goes tits up! Cheers.

  13. Tim Boxx Says:
    August 25th, 2009 at 5:24 pm

    Hi I have read this article and believe by following these steps,this should fix my problem but I do not use ISA. Could someone tell me how or where to increase the timeout value?

    What is most annoying is that 4 users are working using thier iphones(albeit with the error 3033 occuring) but one user cannot sync even though his account settings are identical to those that are working

    Can someone please help?

  14. Jens Says:
    November 8th, 2009 at 11:07 am

    Great article, thanks for this!

  15. Juan Z Says:
    November 21st, 2009 at 5:55 am

    Hi,
    I got the same problem. No ISA. Now mi HTC Tatoo connects to my server, but can't create an account.

  16. Mikee Says:
    December 29th, 2009 at 10:49 am

    I am using this method with all the iphones in the company. Works GREAT! – Problem is – We have a guy that just got an HTC Eris – he can Sync Mail, Contacts, and Calendar – Receive mail. He just cant send mail. It just stays in his outbox on his phone. Any suggestions?

  17. Dennis Says:
    January 5th, 2010 at 9:34 am

    Corey,
    Thanks for this article. Just a hint to all you people who are pissed off and say this does not work. Make sure you have SP2 for Exchange! Make sure you back up your IIS metabase. If it does not work then restore it. If you don't admin Exchange everyday then pay an exchange adimn to do it for you. Don't bitch and moan because you skipped or missed a step. I have used this on four diffrent clients and it has worked everytime.

  18. Corey Says:
    January 5th, 2010 at 10:43 am

    @Mikee – I've got no idea, I'm batting about 50% with my android phones. I think the ActiveSync implementation is crap.

    Thanks for the support Dennis, I've finally given up trying to convince people that this actually works. These steps are the same ones Microsoft recommends, and if you're not an Exchange administrator it's probably best you don't attempt this.

  19. Sam Says:
    January 21st, 2010 at 10:57 pm

    Hey retardos the info Corey has posted here is from an official MS KB article. If your server broke its not due to inaccuracy in this article. Works a treat.
    Corey nice to have the screens makes it a little bit quicker and easier to follow than the KB article. If Dennis is right about the peeps having issues because they dont have SP2 installed, maybe you could edit the assumptions part and put in prerequisite of Exchange SP2?

    Will be linking this to our internal KB great job!!

    I dont have ISA and works fine just skipped the ISA steps.

  20. Papy_Yosh Says:
    February 1st, 2010 at 10:59 pm

    Thank you,

    It worked like a charm for me.
    "Not all solutions work for every body" it did it for me ;)

  21. hu4mx Says:
    March 29th, 2010 at 11:50 am

    I had my windows mobile phone exchange server settings set to my old work.

    Now that I don't work there anymore I want to change the server settings but the USER and DOMAIN fields are highlighed in blue and READ ONLY.

    How do I change the read only settings in order for me to type the new username and domain?

    Thank you

    Hu4mx

  22. RJ Says:
    April 20th, 2010 at 2:50 pm

    Thanks for the article – but it's not goign so well for me. Using an Activesync Remote Connectivity Anyalizer, it keeps coming back that "The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list." I tested removing the authorized IPs you suggested (step 16) and received a connection with exceptions.

    Any advice?

  23. BFree Says:
    April 30th, 2010 at 11:26 am

    This worked perfectly! Thank you very much.

  24. LJ Says:
    June 16th, 2010 at 12:20 am

    Followed these steps three times. still not working. Now I can not determine why my public folders continue to prompt for a password and my exchange web page says loading but no email ever appears — anyone have any good ideas how tosolve these? I did nt have these issues before. I am in a pinch and the pressure is minting from my owner. I guess you see my panic.

  25. Bo Says:
    June 18th, 2010 at 10:37 am

    I have been looking for how to setup a Iphone forever and this is the first I found complete instructions.

    Windows 2003, Exchange 2003 SP2 with Checkpoint Firewall.

    We use Blackberry but upper management use Iphones. All is now working.

    Works like a charm. Thanks for posting it!

  26. Stanley Thomas Says:
    July 9th, 2010 at 10:56 pm

    bo — ive got a checkpoint opened 993, 443, 80, 143 .. followed the above steps. still no go. my phone says that same connection error. appears some have luck others not. thank god my system didnot stop working. still searching for a better solution. there sure a lot of pretty ads on this site…

  27. Dan Says:
    July 15th, 2010 at 12:33 pm

    Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you! Thank you!

  28. Rob-in-NC Says:
    August 26th, 2010 at 7:05 am

    Outlook, Exchange 2003, OWA via port 443 and Blackberry Server all working well. "Microsoft KB 817379" was the fixed that allowed me to add OMA support for Droids. Nice.

  29. mike Says:
    September 12th, 2010 at 9:24 am

    Great work. Thank you. Like many others, I had been looking for this configuration and it worked perfectly for me. Make me laugh to see these posts. "What certifications do you have". What a joke. The ONLY reason I ever got the MCSE was because my company offered a bonus to those that completed it. I am not knocking certifcations per se but I tend to believe experience is worth much more. Either way, if it did not work for someone for some reason, there are two routes.
    1 – undo everything you did.
    2 – troubleshoot the problem.

    Again, thank you.

  30. mike Says:
    September 12th, 2010 at 9:24 am

    Great work. Thank you. Like many others, I had been looking for this configuration and it worked perfectly for me. Makes me laugh to see some of these posts. "What certifications do you have". What a joke. The ONLY reason I ever got the MCSE was because my company offered a bonus to those that completed it. I am not knocking certifcations per se but I tend to believe experience is worth much more. Either way, if it did not work for someone for some reason, there are two routes.
    1 – undo everything you did.
    2 – troubleshoot the problem.

    Again, thank you.

  31. wjlabs Says:
    September 21st, 2010 at 8:33 am

    This procedure worked for me. I don't have an ISA, so I just skipped that section. Thanks for putting this together.

  32. Ed Mah Says:
    October 2nd, 2010 at 1:05 am

    I like to thank you for the detailed instructions. I setup the Exchange sync from my iPhone 4 to a Windows Exchange 2003 first round. It was fantastic. Much appreciated.

    -Ed

  33. opmotu Says:
    October 4th, 2010 at 11:09 am

    nice translation of microsoft's instructions. five minutes reading through and i had the info i needed to get it working correctly.

    I had owa and rpc/https. now activesync is working and my android users are happy!

    Thanks!

  34. g-boy Says:
    November 10th, 2010 at 2:44 am

    thanks for this. it took me 2 weeks to find how to configure..

    it works for me..tnx much.

  35. Happy Guy Says:
    April 8th, 2011 at 1:25 pm

    Worked for me.

    Exchange 2003 enviornment, iphone 4.

    Tested OWA after this and it works fine!

    THANK YOU!

Leave a Reply


© 2007-2012, Corey Gilmore | Posts RSS Feed | Comments RSS Feed | Contact

 

The views expressed on these pages are mine alone and not those of any past or present employer. All information presented on this site was obtained lawfully and not through disclosure under the terms of an NDA.