Learn Exchange the Guru way !!!


Deploying Exchange ActiveSync – kb 817379 explanation

Deploying Exchange ActiveSync to sync mobile devices is more of a cakewalk in Exchange 2007…The pre-requisites are outlined as:

  1. SSL certificate on the CAS role
  2. Enable ActiveSync for a user from EMC or shell

The scenario is a bit different in Exchange 2003 and admins who have deployed the same, will definitely be aware of kb: 817379. I would discuss the process in a nutshell.

  1. Disable Forms based authentication or FBA
  2. In IIS, take a copy of the Exchange Virtual Directory and call it ExchangeVDir
  3. Create a new virtual directory and name it as exchange-oma
  4. Change the authentication for exchange-oma:

a. Go to Properties

b. Directory Security tab

c. Authentication and access control, click Edit. Change the auth type to:

i.  Integrated Windows authentication

ii.  Basic authentication

d. Under Secure communications, click Edit. Make sure that “Require secure channel (SSL)” is not enabled, and then click OK.

5. In registry, got to–> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

6. Create a new String Value–> ExchangeVDir and modify it to–>/exchange-oma

7. Restart the IIS service

8. Enable FBA.

The kb article gives the symptom and resolution. The first time I did this, it was a mechanical job.

When we have a single exchange server and a mobile device tries to sync with the server over a WAN, the request is first directed to the Microsoft Server ActiveSync Virtual Directory. This behavior is by design. Once the request comes to the MSAS directory it would send and explicit logon request to Exchange virtual directory over port 80. Example http://servername/exchange/username Now, since exchange having SSL forced the request will no longer be proxied and will throw an error on the Mobile Device.

To bypass this, the recommended action is to introduce a front end server in the organization or we can also follow the steps in the kb article 817379 to create a copy of the Exchange Virtual Directory, name it appropriately and then redirect the request from the MSAS directory to the newly created Virtual Directory. In this scenario, we named it as exchange-oma.

Ratish Nair
MVP Exchange
Team @MSExchangeGuru

7 Responses to “Deploying Exchange ActiveSync – kb 817379 explanation”

  1. Joe Says:

    Great Post. Your’e good at what you do.

  2. Sai Prasad Says:

    Thank you Joe. Really appreciate it.

  3. Sunder Rajan Says:

    Good job Buddy 🙂

  4. Ratish Sekhar Says:

    Thanks Garrett.

  5. Garrett Carnell Says:

    Clearly stated! Just gratifying! This is really an awesome explanation.

  6. Shyam Madeti Says:

    Thanks… Mate

  7. jeffrey Says:

    perfect, this fixed my 0x5010014 error code

Leave a Reply

migrate exchange to office 365