ActiveSync stop working after moving the mailbox to Exchange 2010

After moving the mailbox to Exchange 2010, the ActiveSync stop working. I get the following error in Windows mobile

0x85010014

I also noticed that the CAS server report the following error.

*********************************************************************************************************

Exchange ActiveSync device requests for your users are being blocked. This problem frequently occurs when the HTTP OPTIONS method request isn’t allowed by the firewall. Please check the firewall that filters requests in front of your Client Access server and the Microsoft-Server-ActiveSync virtual directory.

**********************************************************************************************************

I tried it internally from a local WiFi, with no success, so it is not a firewall problem.

Simply it was a permission issues. I found that the user facing this issue doesn’t inherit the permission from the parent folder. I checked this check box and that solved the problem totally.

Advertisements

Error when opening a message or AB in Exchange 2010

When client try to access any message using OWA, he will find the following error:

OWA Error

Request
Url: https://10.210.200.216:443/owa/forms/premium/ReadConversation.aspx?ae=Item&a=Preview&t=IPM.Conversation&id=CID.iQW4pDfDOHmRHbik%2f9RXhw%3d%3d.LgAAAADVeApGrDrtTKWSuPJu1y%2bRAQBcwg4%2b3LSWTbNIKKyb7dYhAAAANJVWAAAB.AQAAAAA0lVIAAAAA%2bAEAAAAAAAA%3d
User host address: 10.210.200.112
User: legacy
EX Address: /o=First Organization/ou=All Users/cn=Recipients/cn=legacy
SMTP Address: legacy@domian.com
OWA version: 14.0.682.1
Mailbox server: MBX-01.domain..local

Exception
Exception type: System.NullReferenceException
Exception message: Object reference not set to an instance of an object.

Call stack

Microsoft.Exchange.Security.Authorization.AuthzAuthorization.CheckExtendedRights(AuthzContextHandle authzContextHandle, RawSecurityDescriptor securityDescriptor, Guid[] extendedRightGuids, SecurityIdentifier principalSelfSid)
Microsoft.Exchange.Security.Authorization.ClientSecurityContext.HasExtendedRightOnObject(RawSecurityDescriptor securityDescriptor, Guid extendedRightGuid)
Microsoft.Exchange.Data.Directory.SystemConfiguration.AddressBookBase.d__d.MoveNext()
Microsoft.Exchange.Data.Directory.SystemConfiguration.AddressBookBase.GetGlobalAddressList(ClientSecurityContext clientSecurityContext, ADSystemConfigurationSession configurationSession, ADRecipientSession recipientSession)
Microsoft.Exchange.Clients.Owa.Core.UserContext.get_GlobalAddressList()
Microsoft.Exchange.Clients.Owa.Core.Utilities.CreateADRecipientSession(Int32 lcid, Boolean readOnly, ConsistencyMode consistencyMode, Boolean useDirectorySearchRoot, UserContext userContext, Boolean scopeToGal)
Microsoft.Exchange.Clients.Owa.Premium.RenderingUtilities.GetSenderSmtpAddress(UserContext userContext, Participant sender, String& smtpAddress, String& id, String& sipUri, Nullable`1& isDl, Boolean getDataFromAD)
Microsoft.Exchange.Clients.Owa.Premium.RenderingUtilities.GetSender(UserContext userContext, Participant sender, String id, String displayName, Boolean hasContextMenu, Participant from, Boolean hasJunkEmailContextMenu, String senderADObjectId, String senderSmtpAddress, String senderSipUri, Nullable`1 senderIsDl)
Microsoft.Exchange.Clients.Owa.Premium.RenderingUtilities.RenderSender(UserContext userContext, TextWriter output, Participant sender, Participant from)
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemPartWriter.ExpandedItemPartWriter.RenderHeader()
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemPartWriter.ExpandedItemPartWriter.Render(Boolean isVisible, Boolean isSelected)
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemPartWriter.RenderExpandedItemPart(Boolean isVisible, Boolean isSelected)
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemPartWriter.Render(String elementId, Boolean isExpanded, Boolean isBranched, Boolean isSelected)
Microsoft.Exchange.Clients.Owa.Premium.ConversationUtilities.RenderItemParts(TextWriter writer, UserContext userContext, OwaStoreObjectId owaConversationId, Conversation conversation, OwaStoreObjectId[] expandedIds, Int32[] expandedInternetMIds, List`1 localItemIds, String searchWords, Boolean shouldRenderSelected)
Microsoft.Exchange.Clients.Owa.Premium.ReadConversation.RenderItemParts()
ASP.forms_premium_readconversation_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
System.Web.UI.Page.Render(HtmlTextWriter writer)
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
*********************************************************************************************************************************************************************************************

Associated with this error, we found the following error in Exchange 2010 CAS server

CAS Error

Watson report about to be sent for process id: 1856, with parameters: E12IIS, c-RTL-AMD64, 14.00.0682.000, OWA, M.Exchange.Net, M.E.S.A.AuthzAuthorization.CheckExtendedRights, System.NullReferenceException, f1e0, 14.00.0682.000.
ErrorReportingEnabled: False
***************************************************************************************************************
After investigating, I found that “All Global Address List” and “Default Global Address List” containers are not inheriting the permissions from the upper level. The “include inheritable permissions from this object’s parent” check box was cleared

Exchange 2010 Proxying and Redirection in Mixed Exchange Environment

Exchange 2010 Proxying or Redirection includes many scenarios that have to be take into consideration during the Implementation; either in a clean Exchange 2010 environment or in a mixed mode environment (including Exchange 2003 or 2007).

Proxying or Redirection scenarios affect the following Exchange components:

  • OWA.
  • Outlook Anywhere.
  • Activesync.
  • Exchange Web Services.

Exchange 2010/2003 Environment

Outlook Web App

When deciding to switch the mail accessing from Exchange 2003 to Exchange 2010 CAS server, you have to create another A record on the Internet DNS to point to Exchange 2003 server, so the “mail.domain.com” A record should point to Exchange 2010 CAS server and another record “Legacy.domain.com” point to Exchange 2003 server.

If the user’s mailbox is on an Exchange 2003 server and the user tried to access Outlook Web App using https://mail.domain.com/owa, it will be automatically redirected to https:// Legacy.domain.com/exchange

After that you have to run the following Exchange PS command on  Exchange 2010 CAS server

Set-OWAVirtualDirectory <CAS2010>\OWA* -Exchange2003URL https://legacy.domain.com/exchange

Exchange ActiveSync

If the user’s mailbox is on an Exchange 2003 server, the incoming request is proxied to the Exchange 2003 server that hosts the user’s mailbox and the Exchange ActiveSync virtual directory. By default, in Exchange 2003, the Exchange ActiveSync virtual directory was installed on all mailbox servers. If the incoming request is to an Exchange 2010 Client Access server that’s in a different Active Directory site than the destination back-end server, the request will be proxied directly to the destination back-end server, even if there is an Exchange 2010 Client Access server within the destination Active Directory site. If the incoming request is to an Exchange 2010 Client Access server within the same Active Directory site as the destination back-end server, the request will be proxied directly to the destination back-end server.

Proxying isn’t supported between virtual directories that use Basic authentication. For client communications to be proxied between virtual directories on different servers, the virtual directories must use Integrated Windows authentication.

To configure the integrated authentication on Exchange 2003 ActiveSync virtual directory, Install http://support.microsoft.com/?kbid=937031 Front End server (or Back End) and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory.

Note

Proxying won’t work for Post Office Protocol version 3 (POP3) or Internet Message Access Protocol version 4rev1 (IMAP4) clients. A client who’s using POP3 or IMAP4 must connect to a Client Access server in the same Active Directory site as their Mailbox server.

Exchange 2010/2007 Environment

Outlook Web App

  • If the Exchange 2007 mailbox is in the same AD Site as Exchange 2010 CAS server, the user will be automatically redirected to the Internet-Facing Exchange 2007 CAS in that AD site.
  • If the Exchange 2007 mailbox is in another Internet facing AD Site, CAS2010 will manually redirect the user to the Exchange 2007 CAS.
  • If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS. Unfortunately this step doesn’t occur automatically as you have to copy the following folder from the Exchange 2007 CAS server (%ProgramFiles%\Microsoft\Exchange Server\Client Access\OWA\8.2.x.x ) to  Exchange 2010 CAS server (%ProgramFiles%\Microsoft\ExchangeServer\V14\ClientAccess\Owa\)

ActiveSync

  • If the Exchange 2007 mailbox is in the same AD Site as CAS2010 and the device supports Autodiscover, CAS2010 will notify the device to synchronize with CAS2007.
  • If the Exchange 2007 mailbox is in the same AD Site as CAS2010 and the device does not support Autodiscover, CAS2010 will proxy the connection to CAS2007.
  • If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS.


    Outlook Anywhere

    For Outlook Anywhere, you are going to move the Outlook Anywhere endpoint from the Exchange 2003 Front-End or Exchange 2007 CAS to the Exchange 2010 CAS.  Exchange 2010 CAS will always proxy the Outlook MAPI RPC data that is embedded in the RPC-HTTPS packet to the target legacy mailbox server (regardless of AD site or version) or to the appropriate Exchange 2010 CAS

    Hello world!

    Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!