I have a multi-tennant Exchange environment and am working on a migration from Exchange 2007 to 2013. I am having trouble with ActiveSync for mailboxes on 2007, through my 2013 CAS. Here is what my environment looks like:
- Internet-facing Exchange 2007 CAS 2007cas1/10.1.1.2/204.228.1.2 (name/internal IP/external IP)
- Non-Internet-facing Exchange 2007 CAS 2007cas2/10.1.1.3 (name/internal IP)
- Internet-facing Exchange 2013 CAS/MBX 2013casmbx1/10.1.1.4/204.228.1.4 (name/internal IP/external IP)
- 2007 URL: webmail.hosteddomain.com
- 2013 URL: testmail.hosteddomain.com
- Certificate: Third-party CA wildcard cert
I have verified that OWA out OutlookAnywhere work. When I try to connect to my Exchange 2007 mailbox (and only 2007) through ActiveSync, my phone says "Can't connect to server" and I see the following entries in my IIS logs (2013casmbx1):
Front-end: 2015-06-15 16:28:32 10.147.0.34 OPTIONS /Microsoft-Server-ActiveSync/default.eas &CorrelationID=;&ClientId=PYSJZZTTUA9DOEHLZDW&cafeReqId=3b8bbbeb-f258-4f82-8ae2-85ddb58433f7; 443 [email protected] 10.2.1.2 Android/5.1.1-EAS-2.0 - 500 0 0 124
2015-06-15 16:47:44 10.147.0.34 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=;&ClientId=YGEGSFJYKEWUKETSAGG&cafeReqId=96b81a28-90ab-45cf-9d7d-c117c7cba7d9; 443 domain\mtest2_customerdomain 10.2.1.2 Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/43.0.2357.124+Safari/537.36 - 500 0 0 21612
Back-end: 2015-06-15 16:28:32 fe80::24f5:677f:e642:1b83%12 OPTIONS /Microsoft-Server-ActiveSync/Proxy/default.eas &Log=PrxTo:2007cas2.domain.local_PrxFrom:fe80%3a%3a24f5%3a677f%3ae642%3a1b83%2512_V0_HH:testmail.hosteddomain.com_SmtpAdrs:mtest2%40customerdomain.com_Error:SendFailure_Mbx:2007mbx1.domain.local_Dc:dc01.domain.local_SBkOffD:L%2f-470_TmRcv16:28:32.7702994_ActivityContextData:ActivityID%3d3b8bbbeb-f258-4f82-8ae2-85ddb58433f7%3bI32%3aADR.C%5bDC01%5d%3d1%3bF%3aADR.AL%5bDC01%5d%3d1.1509%3bI32%3aADS.C%5bDC01%5d%3d3%3bF%3aADS.AL%5bDC01%5d%3d2.216033%3bI32%3aADS.C%5bdc01%5d%3d1%3bF%3aADS.AL%5bdc01%5d%3d1.7718%3bI32%3aATE.C%5bdc01.domain.local%5d%3d1%3bF%3aATE.AL%5bdc01.domain.local%5d%3d0%3bI32%3aATE.C%5bDC01.domain.local%5d%3d3%3bF%3aATE.AL%5bDC01.domain.local%5d%3d5%3bS%3aWLM.Bal%3d480000%3bS%3aWLM.BT%3dEas_Budget:(D)Owner%3aSid%7eDOMAIN%5cMTest2%5Fcustomerdomain%7eEas%7efalse%2cConn%3a0%2
I verified that the AS virtual directories on our 2007 CAS server look like this:
- InternalURL: webmail.hosteddomain.com
- ExternalURL: $null
- BasicAuthEnabled: True
- WindowsAuthEnabled: False
Finally, I verified that my test user as inheritance enabled.
Since all the other mail clients work and ActiveSync works when I'm not trying to proxy through Exchange 2013, I'm not sure what else to check. Thoughts? Thanks.
Looks like enabling NTLM on the 2007 ActiveSync virtual directory fixed the problem.