Friday, February 12, 2010

Fixing Exchange 2003 Permissions/Activesync

Part 1:

Method 2: Use Adsutil.vbs
  1. Back up your IIS Metabase. To do this, follow these steps:


    1. Start IIS Manager.
    2. Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File.

  1. Delete the virtual directories for Outlook Web Access. To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yes when you are prompted with the question of whether you want to delete this item.

    Repeat this step for the following virtual directories:


    1. Exchange
    2. ExchWeb
    3. Microsoft-Server-ActiveSync
    4. OMA
    5. Public

  1. Quit IIS Manager.
  2. Click Start, click Run, type cmd, and then press ENTER.
  3. Change to the following folder. In this example, Drive is the hard disk drive where Windows is installed:

Drive:\inetpub\adminscripts
  1. Type adsutil, and then press ENTER.

    Important By default, CScript is not the default scripting host for Windows Server 2003. To run the adsutil command, CScript must be configured as the default scripting host. To do this, click Yes if you are prompted to register CScript as you default host for VBscript, and then click OK.

    Note If you receive a list of adsutil command options, CScript is already configured as the default scripting host for VBscript.
  2. Type adsutil delete ds2mb, and then press ENTER.

    Note To set the default scripting host to WScript, type WScript //H:WScript at the command prompt, press ENTER, and then click OK.
  3. Click Start, point to All Programs, point to Administrative Tools, and then click Services.
  4. To restart the Microsoft Exchange System Attendant service, follow these steps:


    1. Click Start, click Run, type services.msc, and then click OK.
    2. Right-click Microsoft Exchange System Attendant, and then click Restart.
    3. When you are prompted to restart the dependant Exchange Server services, click Yes.

      Note When you restart the Microsoft Exchange System Attendant service, the Microsoft Exchange Information Store service is also restarted. In this scenario, your Exchange Server users lose connectivity to their Exchange Server mailboxes.

      The virtual directories are re-created. To verify that the virtual directories are re-created, start IIS Manager, and then view the Default Web site folder.

      Important If the virtual directories are not re-created after 15 minutes, restart the computer.

  1. Reset the access permissions to Anonymous. To do this, follow these steps:


    1. Start IIS Manager, right-click ExchWeb, click Properties, and then click the Directory Security tab.
    2. Under Authentication and access control click Edit, and then verify that the Enable anonymous access check box is turned on.
    3. Click to select the Integrated Windows authentication check box, click OK, and then click Apply.
    4. If an Inheritance Overrides dialog box appears, click Select All, and then click OK.
    5. Under Authentication and access control, click Edit, and then click to clear the Integrated Windows authentication check box.
    6. Click OK two times, and then quit IIS Manager.


Use a Web browser to verify that you can connect to your Outlook Web Access server. If you are also running other mobility services, verify that you can connect to these services by using an appropriate client.

Part 2:

Add/modify a registry value to point to the exchange-oma
1. Click Start, click Run, type regedit, and then click OK.
2. Locate the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
3. On the right panel, make sure ExchangeVDir points to /exchange-oma. If the value of ExchangeVDir is ExchDAV, you should change it to /exchange-oma.

Note: the ExchangeVDir and exchange-oma are case sensitive. In the Value data box, you must enter a forward slash (/) following by exchange-oma. Click OK.
4. If there is not ExchangeVDir, you need to create it. Right-click Parameters, click to New, and then click String Value.

Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.
5. Quit Registry Editor.
6. Restart the IIS Admin service. To do this, follow these steps:
a. Click Start, click Run, type services.msc, and then click OK.
b. In the list of services, right-click IIS Admin service, and then click Restart.


Part 3:

Creating a secondary virtual directory for ActiveSync and OMA access
1. Start Internet Information Services (IIS) Manager from Administrative Tools.
2. Locate the Exchange virtual directory, for example, Web Sites\Default Web Site\Exchange
3. Right-click the Exchange folder click All Tasks, and then click Save Configuration to a File.
4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7. Under Select a configuration to import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."
8. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. In our case, it is exchange-oma. Click OK.
9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10. Click the Directory Security tab.
11. Under Authentication and access control, click Edit.
12. Make sure that only the following authentication methods are enabled, and then click OK:


Integrated Windows authentication


Basic authentication

13. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
14. Click OK, and then close the IIS Manager.