28 replies to this topic

[andyhud]

Ok, this I admit is a long shot, and I apologise now if people feel this isnt right for this forum due to its technical aspect. I also apologise for giving what seems a long story to a situation (I'm hoping) others have come across. I'm a sucker for providing every bit of information regardless of how useful it is.

Ok, situation...

I have at home 8Mb ADSL with static IP (x5), firewall and exchange 2003 sp2 server. I've had this running now for 4 years + and its worked brilliantly. I use OWA (via SSL) I host my own DNS and to cut a long story short, it all works.

Finally last week I got my hands (via ebay) on an M3100. I had it unlocked (as I'm with  T-mobile with the WnW package for £7.50) and it has worked fine since on the t-mobile network.

3G/GPRS/MMS all is working fine without issue.

Now, bearing in mind I used to own a T-mobile MDA Compact, I had activesync running on it, syncing with my server activesync (EAS) via SSL using a self-signed cert from my local CA authority on another of my servers. As you can imagine, I was longing to try DirectPush but lacked the WM5 with MSFP device I needed.

So, I got my M3100 and unlocked it. I then installed the latest HTC Tytn Rom (1.18.255.3) and again, all is well and has been since it was installed.

Unfortunately due to "restrictions" in the rom/wm5, self-signed certs that aren't 'trusted' were causing my activesync to fail. I spent a lot of time on Microsoft Knowledge base, google and groups trying to find out why it wasnt possible and if it could be fixed. The old solution on WM2003 devices was to use the DisableCertChk tool which lo and behold now does not work with WM5.

Ok, I'm dragging here, I did some more research and ended up buying a trusted cert from GoDaddy.com for $19.99 on my credit card (TurboSSL) for a single domain name. Fine for my needs of activesync and OWA/OMA. The root CA for this is www.valicert.com and this is already trusted on the device.

Once I got my cert, updated my IIS on my Exchange server with the new certificate and installed it on my device, activesync magically started working.... using a manual sync. Excellent I thought, step 1 complete. Activesync (via SSL - Port 443) works with my new certificate.

Ok, onto DirectPush.

I enabled mobile services in ESM (Exchange System Manager) and the direct push via Http(s) option. I even configured a password enforcement policy. I also made sure up-to date notifications was enabled on my 'user' in active directory. So far so good.

A couple of activesyncs later and my phone had acknowledged the password enforcement policy (excellent) and forced me to set a password to my phone and the timeout on locking the device was set to what I set in Exchange System Manager (ESM).

However, and you can prob see where this is going... DirectPush just seems to not work. I'm currently typing this to you on my laptop at work with my phone in front of me on the activesync screen with a valid 3G connection. I sent an email to my exchange server account from my work email and I checked via OWA that it has been received (though I havent 'read' it yet).

... that was 20 minutes ago.

DirectPush is definitely enabled in CommManager, and activesync is set (for peak and off peak) to "As items arrive"...

..please remember, forcing a manual sync works every time.

Now.. onto some more techie stuff.

This article: http://support.micro...om/?kbid=905013 explains about increasing the timeout on the SSL port on your firewall which I have checked.

I have also tried the registry keys its listed on my exchange server (and restarted the IIS admin service each time), but again, Direct push just seems to be a no go.

This article: http://msexchangetea.../03/424028.aspx explains the technical side of DirectPush and the only funny part I can find is that I dont have this in my event log on my exchange server this:

Event Source:     Server ActiveSync
Event Category:   None
Event ID:   3025
Date:       3/19/2006
Time:       12:44:19 PM
User:       N/A
Computer:   1B25A
Description:
IP-based AUTD has been initialized.

...I'm pointing my finger towards this, but I cant think why its not 'initializing' or at least logging that in my eventlog. I've increased diagnostic logging in my Exchange environment on the activesync parts but its still not logged. Right now, all I can think of doing is re-applying SP2.

Can anyone confirm they receive this 'informational' notification in the Application log on their exchange server? (normally as the server boots up...)


So... I'm just wondering what others had done, if anything, to get there direct push to work using their own exchange servers. I appreciate that people with hosted exchange accounts can't comment on the exchange server configuration they use.

Anyway, thats about it.. it boils down to directpush not working, but the phone receiving the password enforcements from my Exchange server.

Thankyou for reading, and if anyone has any thoughts or comments on the above, they are greatly appreciated.

Regards

Andy

[JezB]

Just to let you know what config I've got that seems to be working:

in ESM, Mobile Services - All 6 tickboxes ticked.

in IIS manager.  Website with exchange VDir - Website tab -
  - HTTP keep-alives enabled, timeout 120

Home directory tab - App config - Options tab
  - Enable session state, ticked
  - Enable buffering, ticked


Just the most prominent settings that could affect directpush listed there.  If you want to know any other settings, let me know.

/J.


Know it's covering the obvious, but you have made sure you've got ur password saved for the activesync server connection on the phone?

Edited by JezB, 30 August 2006 - 05:24 PM.

[jimbouk]

silly question time...have you done a manual activesync on the device?

[andyhud]

jimbouk, on Aug 30 2006, 18:59, said:

silly question time...have you done a manual activesync on the device?

Gents, thankyou so far

Jez.  thanks for the info.. I'll check it against mine shortly...

Jim.. yes, manual activesync has always worked fine on my old MDA compact and on my M3100. Its just the directpush "feature" that is failing to work...

Can anyone check their APPLICATION event log on their exchange server for event ID 3025 (IP AUTD Initialized)... I'm not getting that on my (but I think a reboot is in order anyhow) server when IIS Admin and its dependencies start up...

Huff....

[andyhud]

Jez ok... checked all those settings in my IIS.. they all appear to be "defaults" in the default website and yes, mine are identical to the ones you listed...

I can only assume some major debugging is in order..

Another thought... if someone has their own exchange server they can access, can you go to a command prompt and do a "netstat -ano"

You need to look for UDP Port 2883 and see if its listed... it should be... (apparently MS reckon)

... Clutching at straws....

A.


p.s. Password is definitely saved in activesync on my M3100...

Edited by andyhud, 30 August 2006 - 09:24 PM.

[jimbouk]

1) You say that the security enforcement was passed down to the 3100. Was that over 3G/GPRS or via the USB to a pc connected to the web?

2) Should have explained myself better re manual sync. Can you now initiate an activesync over GPRS to the server ?

[randomelements]

As jimbo says can you do a manual wireless sync and then check your event log. The 3025 should be triggered after this.

It may be worth looking for an event 3005 "Unexpected Exchange mailbox Server error"

As you are using SSL have you been through http://support.micro...kb;en-us;817379 to prevent the SSL from causing EAS problems?

[greyt]

I know it's obvious but didn't see it mentioned, check that you hace activesync on the phone set to sync as new items arrive and that the schedule is valid.

Personally, I would now start by turning on verbose logging on Activesync on the phone, this will give you a good idea on what is going on.

Edited by greyt, 31 August 2006 - 07:07 AM.

[StGeorge]

andyhud, on Aug 30 2006, 15:35, said:

So... I'm just wondering what others had done, if anything, to get there direct push to work using their own exchange servers. I appreciate that people with hosted exchange accounts can't comment on the exchange server configuration they use.

Andy

I had a real nightmare getting direct push to work on my device!  My setup differs quite alot from yours as I am using SBS with Exchange and do not have a static IP.  I finally managed to get direct push working but not without several hours head scratching!!

From reading your post I am sure you have checked this BUT here goes....... the problem I had was that the configuration of OMA was wrong and as a result OMA wasnt working.  Once I fixed this everything fell into place.  The reason I ask is that you mention specifically you have sent an email via OWA, can you do the same via OMA?

Like I said sure this is a red herring but it was what was causing my sync to fail!!

Now if only I could find a way around the pesky 15min send and receive restriction on the POP3 Connector I would be really happy.

Good luck mate
Ed

[andyhud]

Good Morning Gents,

Currently back at work and no change on the directpush front, however I have noted that a sync was performed 'randomly' at 7am ish this morning while I was asleep. However, nothing relating to Event 3025 was logged in my Application Event Log on the server at that time....

Anyhow... back on track, I will now try to answer your comments/questions you guys posted last night/this morning.

Jim,

1. Yes, the password enforcement was passed down to the phone via a 3G/GPRS connection. (I havent even configured USB activesync on the phone yet, I entered all the OTA (Over-the-air) sync information manually once I put the new Tytn ROM on it)...hmmm, thinking about that, perhaps I need to do a USB sync with my outlook on my pc/laptop first... but I would of thought that wouldnt of made any difference.

2. Yes, I have also been able to manually initiate a manual sync from the device (by pressing "sync" !!) on the device to the server over both 3G and GPRS. I've just done it now infact... all fine... 5 new emails.. but they didnt come down of their own accord as I want.

Randomelements,

1. I do indeed get the following error. This one was received at 20:43 last night, however I have done a manual sync since then without that error being generated.

Event ID 3005:

Unexpected Exchange mailbox Server error: Server: [SERVER.mydomain.co.uk] User: [[email protected]] HTTP status code: [501]. Verify that the Exchange mailbox Server is working correctly.

I have used www.eventid.net to try and troubleshoot this and found this article a couple of days ago: http://www.eventid.n...d...ync&phase=1

I wouldnt say I have "excessive calendar entries... perhaps 1 or 2 a day... hardly what I deem excessive. What I do note however is that this error wasnt ever logged when I was manually syncing (every 5 minutes) on my old WM2003SE device.

2. KB817379... Yes, I have done this yonks ago and its been fine every since MS released the correct version without the typo errors in it. My ExchDAV settings are correct. I've double checked them.

Greyt,

1. Yes, the phone is set to "As Items arrive" on both peak and off peak. Basically set 24/7. still no joy.

2. Verbose logging is enabled and I've been told to scour through the files in \windows\activesync on the device to look for the http "ping" command that hops back and forth between the server and the device to keep it in sync. I'm struggling to find that at the moment.

StGeorge,

Indeed, OMA does play an integrale part of activesync and I can confirm my OMA does work correctly and always has.

FYI, the 15min pop3 connector is hard coded by MS and cant be changed. I asked about this over a year ago. Your only bet is to use another pop3 connector (IGETMAIL works brilliantly), or get a static IP and SMTP feed.

.... so all in all a a bit bizarre still.. I think I'm going to reboot my exchange server (albeit remotely) shortly just for the sake of argument. I'm also going to hunt for those eventlog messages further and see if they crop up on boot up etc and during a sync... It is bizarre it successfully receives the password enforcement policies fine but not directpush...

If anyone has had time to see when Event ID 3025 is logged in there exchange server application log (either just as the server boots up/IIS Admin service is restarted) or during a 'directpush' I'd be grateful.. that way I know when to keep an eye out for it...

I may end up rebuilding my IIS.

Any other thoughts/comments/suggestions are always gratefully received... I hope I'm providing enough information.

Cheers

Andy

[andyhud]

WEIRD UPDATE

Ok... after posting that reply I checked my server event log , and at 7:07 am this morning I did get (for the first time as far as I can see) Event 3025 - IP Based AUTD Initialized

Also, doing a netstat -ano from the command line returns showing UDP Port 2883 running which it didnt yesterday.... thing is... I havent done anything yet!

That was the only time I got it though and I did receive a lot of email during the course of the night (as I always do)...

...its as if its 'sort of working' ....

Darn....

Edited by andyhud, 31 August 2006 - 09:02 AM.

[greyt]

There should be two activesync logs that are created, as you say these would normally show the ping and keep alive transactions etc.

If you sync the phone manually and then quickly send yourself an email does it work then? I am trying to see if push email is working but you have a timeout issue along the chain from Exchange to the phone.

There is a chance you may get some info from the IIS logs on the server, but since manual synching is working there is less chance this will be helpful

[andyhud]

greyt, on Aug 31 2006, 10:02, said:

If you sync the phone manually and then quickly send yourself an email does it work then? I am trying to see if push email is working but you have a timeout issue along the chain from Exchange to the phone.

There is a chance you may get some info from the IIS logs on the server, but since manual synching is working there is less chance this will be helpful

Greyt,

Indeed, If I sync the phone manually and send the email I get it on my phone. I've just done another now, from my work email to my home email (the activesync account) and I'm sitting here with the phone in my hands on the activesync screen begging for it to start a sync... but nothing... despite the 7am weird one...

This is doing my nutt in... I need to methodically work through where it might be failing...

I mean, does "Event ID 3025 - IP Based AUTO Initialised" get logged EVERY time the server does a directpush? or is it just once as it loads for the first time after a boot/reboot. I need to ascertain this so it doesnt send my on a wild goose chase...

Cheers

A.

[greyt]

andyhud, on Aug 31 2006, 10:12, said:

I mean, does "Event ID 3025 - IP Based AUTO Initialised" get logged EVERY time the server does a directpush? or is it just once as it loads for the first time after a boot/reboot. I need to ascertain this so it doesnt send my on a wild goose chase...

Cheers

A.

3025 is a one off entry on Exchange startup

[colossusuk]

I suggest starting off with the basics first.

Can you get Push email working over the default IIS configuration , NO SSL over port 80 http ?

If you can get that working then we can go from here.

Edited by colossusuk, 31 August 2006 - 10:08 AM.

[randomelements]

Andy,

The 3025 just gets triggered once to set things up and as far as I could see from my logs this happens on the first manual sync or heartbeat.

While looking at this I broke my own direct push by mucking about with the Min/MaxHeartbeatInterval keys LOL

I removed both keys and rebooted, did a manual sync and then re-added the MinHeartbeatInterval key only (as the Max is normally hard coded to 59 minutes) and it started working again. The value I used was Hex 30 (Dec 48).

Don't know if it's worth having another look at your heartbeat.

Colin.

[andyhud]

Ok.. further update as of midday - thursday...

I decided to reboot the server (remotely as I'm at work).. so yeah.. I did that and it came back up fine... amazingly my phone started a sync by itself once the server rebooted... I was a little suprised but didnt assume it was fixed.

So I've sent another test email to my activesync account and lo and behold.. no directpush... Its just sitting there saying "Synchronized: Today 11:55" (when it came back up from a reboot)

Indeed I have looked at the registry keys, applied them (some) , restarted the IIS Admin service and tested, but still to no avail.... I havent tried this again since the reboot just now (as in adding the reg keys) but I think it maybe something I will try....)

Colossusuk, while I agree that is a sensible approach I just dont want to go switching off the SSL to test it via port 80 when I know all other functions via SSL 443 are working fine. I admit however, that is push comes to shove, then that is what I'll do.

I'm running out of options... fast

A.

[M@rkC]

andyhud, on Aug 31 2006, 12:06, said:

I'm running out of options... fast

A.

I've just posted some links to documents various to do with "Direct Push" - see http://www.modaco.co...il-t245158.html for all the gory details - and I was wondering if yours might be a firewall issue??  Your original post says "blah, blah, firewall, blah, blah", but you don't elaborate any more than that (and I don't blame you for being security conscious in that respect!!).  If you are using ISA2000 (some of us still do because their boss is too mean to upgrade!!!), one of the links I listed in the above post has some information about that....

Good luck in your quest to get this working!!

Cheers,

Mark.

[jimbouk]

If you think the server (and any proxy en route) is set up correctly, then I would hard reset the device, then set it up to sync with the exchange server via a new partnership on a pc, then after it has sync'd, disconnect it and turn on directpush and see if that sorts it.

( you could try deleting the partnership and then setting it back up without hard resetting it first).

[andyhud]

jimbouk, on Sep 1 2006, 16:44, said:

If you think the server (and any proxy en route) is set up correctly, then I would hard reset the device, then set it up to sync with the exchange server via a new partnership on a pc, then after it has sync'd, disconnect it and turn on directpush and see if that sorts it.

( you could try deleting the partnership and then setting it back up without hard resetting it first).

Jim, I think I may be heading along those lines to be honest.... I actually met up with 'randomelements' early today to discuss (and see his Vario II) as we both work in Canary Wharf... its bizarre to say the least and I think I'm heading that direction...

Mark... yes, you are correct in both respects. I'm actually running ISA 2004 and I have checked the MS articles relating to SSL timeouts etc but that again doesnt appear to be working.

I do have a spare ADSL router/hardware firewall, so I'm thinking of configuring that up  for my internet access and testing it through that to rule out my ISA 2004 server.

Question is... what do I do first....

More food for thought...

Thanks again for everyones assistance in this.

Andy