ActiveSync stop working after moving the mailbox to Exchange 2010

After moving the mailbox to Exchange 2010, the ActiveSync stop working. I get the following error in Windows mobile

0x85010014

I also noticed that the CAS server report the following error.

*********************************************************************************************************

Exchange ActiveSync device requests for your users are being blocked. This problem frequently occurs when the HTTP OPTIONS method request isn’t allowed by the firewall. Please check the firewall that filters requests in front of your Client Access server and the Microsoft-Server-ActiveSync virtual directory.

**********************************************************************************************************

I tried it internally from a local WiFi, with no success, so it is not a firewall problem.

Simply it was a permission issues. I found that the user facing this issue doesn’t inherit the permission from the parent folder. I checked this check box and that solved the problem totally.

Exchange 2010 Proxying and Redirection in Mixed Exchange Environment

Exchange 2010 Proxying or Redirection includes many scenarios that have to be take into consideration during the Implementation; either in a clean Exchange 2010 environment or in a mixed mode environment (including Exchange 2003 or 2007).

Proxying or Redirection scenarios affect the following Exchange components:

  • OWA.
  • Outlook Anywhere.
  • Activesync.
  • Exchange Web Services.

Exchange 2010/2003 Environment

Outlook Web App

When deciding to switch the mail accessing from Exchange 2003 to Exchange 2010 CAS server, you have to create another A record on the Internet DNS to point to Exchange 2003 server, so the “mail.domain.com” A record should point to Exchange 2010 CAS server and another record “Legacy.domain.com” point to Exchange 2003 server.

If the user’s mailbox is on an Exchange 2003 server and the user tried to access Outlook Web App using https://mail.domain.com/owa, it will be automatically redirected to https:// Legacy.domain.com/exchange

After that you have to run the following Exchange PS command on  Exchange 2010 CAS server

Set-OWAVirtualDirectory <CAS2010>\OWA* -Exchange2003URL https://legacy.domain.com/exchange

Exchange ActiveSync

If the user’s mailbox is on an Exchange 2003 server, the incoming request is proxied to the Exchange 2003 server that hosts the user’s mailbox and the Exchange ActiveSync virtual directory. By default, in Exchange 2003, the Exchange ActiveSync virtual directory was installed on all mailbox servers. If the incoming request is to an Exchange 2010 Client Access server that’s in a different Active Directory site than the destination back-end server, the request will be proxied directly to the destination back-end server, even if there is an Exchange 2010 Client Access server within the destination Active Directory site. If the incoming request is to an Exchange 2010 Client Access server within the same Active Directory site as the destination back-end server, the request will be proxied directly to the destination back-end server.

Proxying isn’t supported between virtual directories that use Basic authentication. For client communications to be proxied between virtual directories on different servers, the virtual directories must use Integrated Windows authentication.

To configure the integrated authentication on Exchange 2003 ActiveSync virtual directory, Install http://support.microsoft.com/?kbid=937031 Front End server (or Back End) and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory.

Note

Proxying won’t work for Post Office Protocol version 3 (POP3) or Internet Message Access Protocol version 4rev1 (IMAP4) clients. A client who’s using POP3 or IMAP4 must connect to a Client Access server in the same Active Directory site as their Mailbox server.

Exchange 2010/2007 Environment

Outlook Web App

  • If the Exchange 2007 mailbox is in the same AD Site as Exchange 2010 CAS server, the user will be automatically redirected to the Internet-Facing Exchange 2007 CAS in that AD site.
  • If the Exchange 2007 mailbox is in another Internet facing AD Site, CAS2010 will manually redirect the user to the Exchange 2007 CAS.
  • If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS. Unfortunately this step doesn’t occur automatically as you have to copy the following folder from the Exchange 2007 CAS server (%ProgramFiles%\Microsoft\Exchange Server\Client Access\OWA\8.2.x.x ) to  Exchange 2010 CAS server (%ProgramFiles%\Microsoft\ExchangeServer\V14\ClientAccess\Owa\)

ActiveSync

  • If the Exchange 2007 mailbox is in the same AD Site as CAS2010 and the device supports Autodiscover, CAS2010 will notify the device to synchronize with CAS2007.
  • If the Exchange 2007 mailbox is in the same AD Site as CAS2010 and the device does not support Autodiscover, CAS2010 will proxy the connection to CAS2007.
  • If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS.


    Outlook Anywhere

    For Outlook Anywhere, you are going to move the Outlook Anywhere endpoint from the Exchange 2003 Front-End or Exchange 2007 CAS to the Exchange 2010 CAS.  Exchange 2010 CAS will always proxy the Outlook MAPI RPC data that is embedded in the RPC-HTTPS packet to the target legacy mailbox server (regardless of AD site or version) or to the appropriate Exchange 2010 CAS