OMA fails with Event ID: 1503
Recently I was dealing with an error with a windows mobile device that was trying to connect to an Exchange server on SBS 2003. The error is pretty misleading with Support Code:0×85010014. If you search the web you’ll find out about problems with Exchange activesync if you have forms based authentication and SSL required for your OWA page. Well, running SBS this is the default configuration. What I also found out, is the changes that are mentioned in Microsoft Knowledgebase 817379 are already done as part of a standard SBS installation. So if you are working in SBS, you already have the changes that you would need to do to get this to work. But I still have the error, so what do I do. Well here is part of the actual error from the event log:
The remote server returned an error: (403) Forbidden.
Source: Microsoft.Exchange.OMA.ExchangeDataProvider
Searching the web for that string will turn up a nice blog by Mark Wilson regarding that specific error. He mentions problems encountered if you performed a swing migration to new hardware. Well on this particular server we had done exactly that. But none of the fixes he mentions were needed as our HomeMTA settings were correct. What could it be? I was pulling my hair out.
One of the ways to test problems with SBS/OWA/Exchange is to try to access the directories and such through Internet Explorer, directly. We were getting a 403 forbidden error. Thats pretty important. So, armed with my new knowledge from the above KB articles, I tried to log directly into the ‘exchange-oma’ virtual directory from the actual server itself. I mean after all, that is what it does when you connect to OMA. Well, what do you know. I received a “You are not authorized to view this page”. And deeper in the page you get to see the actual full error:
HTTP Error 403.6 – Forbidden: IP address of the client has been rejected.
Internet Information Services (IIS)
AH HA!!!! Now I actually have a better idea of what is going on. So the server has been denied by IP access to the virtual directory. Now we’re getting somewhere. So I open up the properties on the ‘exchange-oma’ virtual directory, and go into directory security, and in the middle of the page you have the option to ‘Grant or Deny access to this resource using IP addresses or Internet domain names’. I entered that and low and behold, the IP address was wrong. It was the address that we used on the server during migration. We ended up putting the new server at the address of the old server when we were done. So made that small adjustment and viola it was all up and running and the mobile phone was syncing.
So I took the opportunity to checkother virtual directories, and there are several that had the wrong info. So I then re-ran the ‘connect to the internet’ wizard, which repaired the IP address on all the other virtual directories. So the moral of the story is, if you change the IP address of your server, be sure to run the connect to internet wizard so that everything will be re-setup correctly, or you could be in a world of hurt later.