=====Exchange Activesync and Outlook Mobile Access Errors Occur When SSL or Forms-Based Authentication Is Required For Exchange Server 2003===== Reprinted below are portions of the Microsoft Support Article ID: 817379 - Last Review: October 31, 2008 - Revision: 19.0 The entire Microsoft support Article can be found here: [http://support.microsoft.com/kb/817379|http://support.microsoft.com/kb/817379] :: * * *:: Exchange Server ActiveSync and Exchange Outlook Mobile Access (OMA) use the /Exchange virtual directory to access OWA templates and DAV on Exchange back-end servers on which the user's mailbox is located. Server ActiveSync and OMA cannot access this virtual directory if either of the following conditions is true: The /Exchange virtual directory on an Exchange back-end server is configured to require SSL. Forms-based authentication is enabled. This issue does not occur when you enable these settings on the /Exchange virtual directory on a front-end server. Note You do not have to perform either of the methods that are described in the "Resolution" section to configure a front-end server to require SSL and to enable forms-based authentication on the front-end server. :: * * * :: **Important** Method 2 (per this Microsoft Support KB article) should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located. ====Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory.==== Note These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create. ====Disable the forms-based authentication for the Exchange virtual directory==== To create a secondary virtual directory for Exchange that is based on steps 1 through 7 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps: 1. Open __Exchange Manager__ (a/k/a Exchange System Manager). 2. Expand __Administrative Groups__, expand the first administrative group, and then expand __Servers__. 3. Expand the __server__ container (your server name) for the Exchange Server 2003 server that you will be configuring, expand __Protocols__, and then expand __HTTP__. 4. Under the HTTP container, right-click the __Exchange Virtual Server__ container, and then click __Properties__. 5. Click the __Settings__ tab, __clear__ the __Enable Forms Based Authentication__ check box, and then click OK. 6. Close Exchange Manager. 7. Click __Start__, click __Run__, type __IISRESET/NOFORCE__, and then press ENTER to restart Internet Information Services (IIS). __Create a secondary virtual directory for Exchange server__ ====You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work.==== If you are using Windows Server 2003, follow these steps: 1. Start __Internet Information Services (IIS) Manager__. 2. Locate the __Exchange virtual directory__. The default location is as follows: Web Sites\Default Web Site\Exchange 3. __Right-click the Exchange virtual directory__, click __All Tasks__, and then click __Save Configuration to a File__. 4. In the File name box, type a name. For example, type __ExchangeVDir__. Click __OK__. 5. __Right-click__ the root of this Web site. Typically, this is __Default Web Site__. Click __New__, and then click __Virtual Directory (from file)__. 6. In the Import Configuration dialog box, click __Browse__, __locate the file that you created in step 4__, click __Open__, and then click __Read File__. 7. Under __Select a configuration to import__, click __Exchange__, and then click __OK__. ::A dialog box will appear that states that the "virtual directory already exists.":: 8. Select the __Create a new virtual directory__ option. In the __Alias__ box, __type a name for the new virtual directory__ that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type __exchange-oma__. Click OK. 9. Right-click the new virtual directory. In this example, click __exchange-oma__. Click __Properties__. 10. Click the __Directory Security__ tab. 11. Under __Authentication and access control__, click __Edit__. 12. Make sure that only the following authentication methods are enabled, and then click OK: *a. __Integrated Windows authentication__ *b. __Basic authentication__ 13. On the __Directory Security__ tab, under __IP address and domain name restrictions__, click __Edit__. 14. Click the option for __Denied access__, click __Add__, click __Single computer__ and type __the IP address of the server that you are configuring__, and then click __OK__ twice. 15. Under __Secure communications__, click __Edit__. __Make sure__ that __Require secure channel (SSL)__ is __not enabled__, and then click __OK__. 16. Click __OK__, and then __close the IIS Manager__. 17. Click __Start__, click __Run__, type __regedit__, and then click __OK__. 18. Locate the following registry subkey: ::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters:: 19. Right-click __Parameters__, click to __New__, and then click __String Value__. 20. Type __ExchangeVDir__, and then press ENTER. Right-click __ExchangeVDir__, and then click __Modify__. ::__Note ExchangeVDir__ is case-sensitive. If you do not type __ExchangeVDir__ exactly as it appears in this article, ActiveSync does not find the key when it locates the __exchange-oma__ folder.:: 21. In the __Value data__ box, type the name of the new virtual directory that you created in step 8. For example, type __/exchange-oma__. Click __OK__. 22. __Quit Registry Editor__. 23. __Restart the IIS Admin service__. To do this, follow these steps: * a. Click __Start__, click __Run__, type __services.msc__, and then click __OK__. * b. In the list of services, right-click __IIS Admin service__, and then click __Restart__. 24. __If you want to reuse Forms-based Authentication on the Exchange server__, follow these steps to __re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager__. * a. Open __Exchange Manager__. * b. Expand __Administrative Groups__, expand the __first administrative group__, and then expand __Servers__. * c. Expand your particularly named __server container__ for the Exchange Server 2003 server that you will be configuring, expand __Protocols__, and then expand __HTTP__. * d. Under the HTTP container, right-click the __Exchange Virtual Server__ container (NOT the Exchange sub-container), and then click __Properties__. * e. Click the __Settings__ tab, click to select the __Enable Forms Based Authentication__ check box, and then click OK. * f. __Close Exchange Manager__. * g. Click __Start__, click __Run__, type __IISRESET/NOFORCE__, and then press ENTER to restart Internet Information Services (IIS). **Note** If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be __exchange-oma__. The integrated setup of Microsoft Windows Small Business Server 2003 creates the __exchange-oma__ virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to __/exchange-oma__ during the initial installation. Other SBS wizards, such as the __Configure E-mail__ and __Internet Connection Wizard (CEICW)__ also expect the virtual directory name in IIS to be __exchange-oma__.