Exchange 2003 Pushmail active sync Single Server

[blkj]

I posted this in the Windows Server 2003 area by mistake.

Pushmail works on 2 user accounts/mobile5 devices
Environment: Win2k3 Std Server, Exchange 2003, firewall ports 80,443 open.
No other global cat servers or AD replicas.

When I added another user it fails to sync:
“Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server Administrator.”
Support code:0x85010004

The new account and windows mobile5 device can browse the internet and login to OWA (credentials OK)

Exchange System manager --> mobile services --> has global allow user initiated sync and enable direct push over http(s) enabled
enforce device security is unchecked.

I figured it was a security/rights issue with group membership so I copied my user (admin rights) to a new user and that fails with the same error.
So it does not look like an active directory rights issue.

I am not forcing SSL (not using it for this test)

Then thought it could be denying rights to the Exchange virtual directory or the exchsvr folder, but administrator rights should cover that as my account works.

Any hints, tips or ideas would be great.

 

[markdmac]

You should require SSL and make sure you install a certificate on the device.

Verify all of your IIS security settings.

IIS Settings

Default Web site
    Enable Anonymous access
    Integrated Windows Authentication
(doesn’t really matter)

Exadmin
    Integrated Windows Authentication
    Require SSL
        Require 128 bit

Exchange
    Basic Authentication
        Default Domain \
    Require SSL
        Require 128 bit

Exchange-oma
    Integrated Windows Authentication
    Basic Authentication

ExchWeb
    Enable Anonymous access
    Require SSL
        Require 128 bit

Microsoft-Server-ActiveSync
    Scripts and Executables
    Exchange Application Pool
    Basic Authentication
        Default Domain DomainName

OMA
    Scripts Only
    ExchangeMobileBrowseApplicationPool
    Integrated Authentication
        Default Domain DomainName

Public
    Basic Authentication
        Default Domain DomainName
    Integrated Auth
    Require SSL
        Require 128 bit

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[blkj]

RESOLVED

Thanks mark, I tried all that no change
I kicked all the users off and:
Stop IIS & Exchange services including smtp
Remove IIS
Includes:
Active Server Pages
ASP.net

http://WWW Service

App Server Console
SMTP
NNTP

Reinstall IIS

It is all working now, only took 45mins.
(I must have screwed the config somewhere along the line)