Friday, April 25, 2014

Active Sync HTTP 500 Error Explained With Potential Solutions

Solved: Exchange Active Sync Returning HTTP 500 Error

Devices attempting to access the Active Sync Feature often face the recurring issue of HTTP 500 Error. The main source of this problem is caused due to improper configuration of the device .The Error indicates that the device tried to establish a connection with the server, but the request was rejected with an error message by the Exchange server itself.
Now let’s examine the root cause for this problem here : -

 For the legacy Exchange server versions such as Exchange 2003, the error is caused due to the following circumstances:

The Server uses SSL or Secure Sockets Layer protocol or form based authentication.
  1.  Virtual Directory of the Exchange Server has disabled Windows Authentication: The Active Sync Service uses the virtual directory to access the Outlook Web Access Templates and the WebDav on the Exchange Server. Hence, If the Virtual Directory is not enabled then Active Sync returns error.
  2.   Members existing in too many groups might face the error as the tokens generated might be larger than the maximum size allotted to them.
  3. For Exchange 2010 and later versions, the user account might not have sufficient Permissions to access the mailbox in the Active Directory. 
How to Get Away With The Error:

>Create a separate virtual directory which doesn’t require SSL or any other authentication method to establish a connection with the server. In this way you could temporarily connect with the server but that might serve as a potential threat due to lack of authentication.

> Alternatively you can enable the settings on the root Exchange directory for the front end server using Microsoft utility “Metaedit.exe”.

> To determine the Maximum token size allotted to the user, use Microsoft provided tool : Tokensz.exe : By default the maximum token size- 8,000 bytes were allotted for the legacy versions; but for the later versions , token size was increased upto 12,000 bytes.

> Insufficient permissions problem might be raised due to broken Access Control List inheritance in the Active Directory. To resolve this follow these steps:
  •     Launch Active Directory Users and Computers
  •     Locate View->Advanced Features.
  •     Select the mailbox and right click to explore the properties.
  •     Navigate to Security->Advanced.
  •     Ensure that “Include inheritable permissions from this object's parent" is selected.
Active Directory Service Information
> Alternatively you can re-add the existing users and new users to the Exchange.
   For that you need to access Active Directory Service Information:
  1.     Open adsi edit.
  2.     Locate the user in your existing domain .
  3.     Expand the user details and remove the object “CN=ExchangeActiveSyncDevices”.
*  Tools that could be beneficial: http://test exchange helps to test the connectivity between the exchange server and the device.
Remote Content Analyzer

     Exchange Remote Content Analyzer: Helps to determine the connectivity issues between the exchange server and the deployments easily.


Post a Comment

Post a reply