Hi

SBS2003 Premium (inc Exchange 2003), ADSL Internet via 2nd nic connected to router. Motorola MPX220 Smartphone running Windows Mobile 2003, Vodafone GPRS (UK)

Just having bought a smartphone (MPX220), I'm trying to sync (emails &
contacts) with my server over GPRS. The Motorola manual does not help at all with this. I have installed active sync on the desktop & enabled Mobile access for my user account on the server. The settings I am using are servername in the form of the Exchange Internet IP address, username, password, domain, SSL is checked. The phone does have a working connection as I am able to use MSN Messenger.

I have applied disablecertchk to the device & rebooted the smartphone. I
have also applied the server Q886346 registry hack.

The best I can manage now if by using the Exchange Internet ip address. I can get the phone to connect, check for changes & then I get an error:

"Your account does not have permission to sync with your current settings. Contact your Microsoft Exchange administrator.
Error code HTTP_403"

As far as I can tell, I have set up my account on the server correctly &
enabled remote access. I'm also part of the mobile users security server group. I've disabled certchecking on the device.

Does anyone have any idea's please?

Regards
Nick

First off, I HATE SBS. You don' manage it the same way you manage their enterprise products.

In any case, you did not mention enabling all 5 Mobile Services as found on the Exchange System Manager, Mobile Services Properties sheet. Must do that. Test by seeing if you can reach your mailbox via OMA.

Also, some great info on this thread:
http://www.smartphonethoughts.com/forums/viewtopic.php?t=6684&postdays=0&postorder=asc&highlight=disable+certificates&start=0

HTH,

Hal

Thanks for your reply

I have checked Mobile services & all 5 options are checked. I have however not set up a mobile carrier in there.

I cannot get to my mailbox using http://internetdomain/oma if I try http://ipaddress/oma I get an error 403 forbidden.

I have tried the link you mention before my post. AFAIK I have tried all available tweaks without any luck.

Nick,

From INSIDE your network on a standard PC and browser (IE 6.0 is best), can you reach OMA via HTTP://Server_Name/OMA? Then from OUTSIDE the network try HTTP://IP_Address/OMA from a standard PC.

If you can't reach OMA in both of these fashions, Active Sync won't work.

Hal

Hal, I appreciate your help with this

From inside my network, I am able to get to http://servername/oma, I have to log in with my username & password.

From outside the network I cannot get to http://ipaddress/oma. Thinking about this, the ipaddress is going to my router & in fact removing "oma" just gets to the router config user & password page.

My Internet config is configured to SBS best practice (http://www.smallbizserver.net/Default.aspx?tabid=154). The server has 2 nics, the external nic has a separate ip range to the internal range. The external nic links to the router which is configured to use 2 Internet ips. The first Internet ip address is used for general access & I have applied a DMZ to (hopefully) allow through OMA. The 2nd ip address is used for SMTP mail collection.

I have in turn applied the DMZ to each Internet ip address & tested it with the Smartphone. On each occasion, the phone appears to connect & then I get the error that my account does not have permission to sync. I have administrator rights on my server.

Regards
Nick

Nick,

It is my understanding that you will have to be able to connect to OMA from outside the firewall. Keep working with the ISA component until you can connect. It "should" then allow Active Sync to work.

FWIW. I make my living as an independent MS geek. A long time ago I removed ISA from my network and went with a hardware firewall. Much easier to configure and probably more secure.

Hal

Thanks Hal

I'll keep trying with this as I have to get this thing going. It's hard to understand why I can't get one MS product to talk to another MS product that it was designed to talk to. I have noticed several instances of "allow" filters within ISA that must have been setup by the wizards. So I'm thinking that maybe it's more a hardware firewall issue where my router is not passing through the request as it should do.

Regards
Nick

Nick555, I think that HalM is correct. It is probably your ISA. I have SBS2003 and connect with my mpx220. It took a while to get everyghing set up. Keep trying.
You need to isolate your problem. Try connecting to the internet with your smartphone browser. You can try to connect to some of the default web sites that came with your phone. If you cannot connect to a web site with your phone, the problem is with your phone.
If you cannot connect to your SBS with www.myserver.com/oma, the problem is with you SBS.
Good luck.

Thanks Chiptransisto

I can use the smartphone to connect to regular Internet websites with little problem apart from the speed. I still suspect the router/firewall could be interfering somewhere.

Checking IIS last night, there was an SSL certificate half setup on the default web site. I deleted the certificate request. Is that ok?

Can you connect to your SBS with www.myserver.com/oma?

Sorry, oma should be https://myserver.com/oma, not http://www.myserver.com/oma.

No, I can't.

I think however there may be an issue with my domain. I currently have web requests for the domain, forwarded to my main web site. I have this morning asked my ISP to remove the redirect. I will try again after the redirect has been removed - probably in 24-48 hours.

Regards
Nick

If you are certain on the IP address, then the name is irrelevant. Con you do OWA from outside the network? What kind of broadband do you have, cable, DSL or T-1? What brand os router?

Hal

Hi Hal

What do you mean about the IP address?

I have ADSL 256/2000 mbps. The router is a Vigor 2600V. http://www.draytek.co.uk/products/vigor2600v.html
Within the router firewall I have activated a DMZ for TCP port 80 through to the server 2nd nic from the main Internet IP.

I have tested from a pc connected to the router & logging to the 2nd server nic. I get an ISA 403 error with OMA & OWA. I'm not sure I've allowed OWA in the firewall wizard.

My settings:
Server internal nic: 192.168.16.2
Server 2nd nic for Internet: 192.168.1.10
Router: 192.168.1.1
Pc connected to router: 192.168.1.8

Nick, As I said in my fist post, I hate SBS, but there are enough "wizards" in it that I would look first at the router / Adsl modem. Assuming it is like a Linksys or Netgear brand here in the US, you will have to "forward" all port 80 traffic to the appropriate NIC on the SBS box. Probably would not hurt to also forward SSL traffic (port 443) as well. If email is flowing into the Exchange server, these settings would where you setup the port 25 traffic redirection.

Feel free to PM me for my email address and that may be a better way to work on this.

Hal

Thanks Hal

I have already opened ports 80 & 443 & routed them to my server nic. I think I should now wait for the domain tweaks.

Nick, my email to you was returned: "The e-mail account does not exist at the organization this message was sent to." You may now have other issues to deal with?

Hi Hal

Sorry about the mail bounce.

You put my name in the subject line & that got picked out by my anti-spam software. You received a fake NDR, but I did get your mail. :)