Exchange Active Sync – Troubleshooting
A little brief about Exchange Active Sync. Exchange Active Sync is an XML-based protocol is used to mobile phone access an mailbox in the organization that run Exchange Server. The most part of smartphones already know this protocol.
Also, Exchange ActiveSync is optimized to work over high-latence network and low-bandwidth networks, such as GPRS or EDGE. With EAS (Exchange Active Sync), you will be able to sync your emails, calendar, contacts, tasks and notes at your mobile device.
Nowadays, people who use hotmail.com, outlook.com, Office 365 or Exchange Server can benefit of this feature.Users are used to using smartphones to connect to organizations’ email. After that you configure your e-mail account, the information will be keep in offline mode – if you not be connected at the internet, you can see the messages that already been downloaded. From your Exchange Server or Office 365 tenant, you can manage some things for the mobile that already been connected, like wipe the data, block to receive new e-mails, etc…
When you try to configure your mobile device, the first step that device will do, is search for autodiscover register. Autodiscover is not Activesync. Autodiscover is a protocol provided by Exchange Server to find easy the server’s configuration. After autodiscover be configured, the Exchange Active Sync now know what to do, because the autodiscover delivery the server configs. EAS go through CAS server and ask to start the sync process. EAS is enabled by default for all users when you create the mailbox. And yes, IMAP and Exchange Active Sync are differents. So, lets check some kinds of troubleshooting to do when we have a problem in EAS.
- First of all, check if EAS is enabled to the user that is facing the problem.
- Get-CASMailbox -Identity user | fl *Sync*
- Check Get-ActiveSyncOrganizationSettings;
- The DNS that your smartphone will check to start the config is autodiscover.domain.com. This A record needs to point to your public IP that need to forward to the Reverse Proxy (more secure way). The link below will check it;
- Test the configs on https://testconnectivity.microsoft.com
- Test-ActiveSyncConnectivity -URL “https://owa_url” -MailboxCredential (Get-Credential user@domain.com)
- Test-ActiveSyncConnectivity -ClientAccessServer contoso\CAS01 -URL “http://owa_url” -MailboxCredential (get-credential user@domain.com)
- Test-ActiveSyncConnectivity -UseAutodiscoverForClientAccessServer $true -URL “http://owa_url” -MailboxCredential (get-credential user@domain.com)
- Test-ActiveSyncConnectivity -AllowUnsecureAccess $true -URL “http://owa_url” -MailboxCredential (get-credential domain\user)
Check Active Sync virtual directorie:
- In IIS, check the Default settings for Exchange virtual directories
- Check the IIS Logs to make sure that the device is arriving on IIS (C:\inetpub\logs\logsfiles\);
- Check the event viewer – This can show you important things;
Re-create the Exchange Active Sync virtual directory:
- Remove-ActiveSyncVirtualDirectory -Identity “Contoso.com\Microsoft-Server-ActiveSync”
- New-ActiveSyncVirtualDirectory -Server servername -WebSiteName “Default Web Site” -ExternalUrl https://owa_url/Microsoft-Server-ActiveSync -InternalUrl https://owa_url/Microsoft-Server-ActiveSync
If the error is in one user, at Active Directory, open the user proprerties, security tab and check if the inheritance is enabled.
- Open Active Directory Users and Computers, activate Advanced Features. Go to the user object, open properties, select the Security tab and click Advanced. If not Enabled, Enable the inheritance
- Get-CASMailbox | select name, ActiveSyncAllowedDeviceIDs
Another important thing is .Net Framework Matrix for Exchange Server:
- https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019
You can check for the devices older than 30 days from the last sync:
- Get-ActiveSyncDevice -ResultSize unlimited | Get-ActiveSyncDeviceStatistics | where {$_.LastSyncAttemptTime -lt (get-date).adddays(-30)
Check the steps on Troubleshooting Microsoft website:
Check other tip here:
Reference:
https://eightwone.com/2011/08/31/exchange-activesync-and-inheritable-permissions-issue/