S
S
sinij2015-10-08 15:45:40
Active Directory
sinij, 2015-10-08 15:45:40

Stopped working ActiveSync on Exchsnge 2013?

Good afternoon,
structure
2 IIS-ARR in NLB on windows server 2012, DAG consisting of 3 windows server 2012r2 CU9 servers and DC also on wondows server 2012r2. Until recently, everything worked well, but after a network failure, IIS-ARR stopped passing requests to DAG, it was decided to change the DNS ip for mail.domain.ru from IIS-ARR to DAG (bypassing the balancer directly to exchange servers). Everything worked out, except for ActiveSync from the outside, everything is connected via wi-fi inside, not from the outside. mail.domain.ru and autodiscowery.domain.ru are configured directly on the DAG. Tested on testconnectivity.microsoft.com, it says
Trying to send an Autodiscover POST request to potential Autodiscover URLs.
Failed to get Autodiscover service settings when sending a POST request to this service.
The Microsoft Connectivity Analyzer tries to get an XML response from the Autodiscover service from the URL https://mail.domain.ru/owa/ for the user [email protected]
The Microsoft Connectivity Analyzer was unable to retrieve the XML response from the Autodiscover service.
Learn More
A Web site exception occurred because an HTTP 440 - 440 response was received from Unknown.
HTTP response headers:
request-id: a9aace8a-779b-415f-86e8-585638e9f2ab
X-FEServer: EXCH
Content-Length: 154
Content-Type: text/html; charset=utf-8
Set-Cookie: ClientId=CEHKPWA9KIBEGKL0BNG; expires=Fri, 07-Oct-2016 12:25:39 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET,ARR/2.5
Date: Thu, 08 Oct 2015 12:25:57 GMT
Elapsed time: 340ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs
The Microsoft Connectivity Analyzer was unable to receive the Autodiscover service XML response.
Learn More
A Web site exception occurred because an HTTP 440 - 440 response was received from Unknown.
HTTP response headers:
request-id: 64403e36-5227-4d30-bb13-bf38640ae44f
X-FEServer: EXCH
Content-Length: 154
Content-Type: text/html; charset=utf-8
Set-Cookie: ClientId=FXJNOKAYQUGIESRUEA; expires=Fri, 07-Oct-2016 12:25:42 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET,ARR/2.5
Date: Thu, 08 Oct 2015 12:26:01 GMT
Elapsed time: 337ms.
The Microsoft Connectivity Analyzer tries to get an XML response from the Autodiscover service from the URL https://mail.domain.ru:443/Autodiscover/Autodiscov... for the user [email protected]
The Microsoft Connectivity Analyzer was unable to retrieve the XML response from the Autodiscover service.
More
Information A Web site exception occurred because an HTTP 400 - BadRequest response was received from Unknown.
HTTP response headers:
Persistent-Auth: true
request-id: 57ae2e1f-cea5-4e8d-afa4-2f7b067d6b3b
X-CalculatedBETarget: srv-exchange-1.bt.local
X-FEServer: EXCH
Content-Length: 30
Cache-Control: private
Content-Type: text/html; charset=utf-8
Set-Cookie: ClientId=SENGUKZUCVRQGFZYG; expires=Fri, 07-Oct-2016 12:25:44 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET,ARR/2.5
Date: Thu, 08 Oct 2015 12:26:03 GMT
already broke his head, google for now that I could not help, I recreated the UpdateCas.ps1 directories according to the article
https://dirteam.com/sergio/2014/01/21/bad-request-...
save me, brothers, at least tell me where to dig

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
akelsey, 2015-10-09
@akelsey

Lots of detail, little needed.
1. Network behind some device - a router. In the description - no word about its configuration.
2. I admit that port 443, on which requests come from outside, still gets to NLB, as a version.
3. The phrase "it was decided to change the DNS ip for mail.domain.ru from IIS-ARR to DAG" is misleading, do you have all the computers inside the network have white IP addresses? Those. to them packets are routed directly?

S
sinij, 2015-10-10
@sinij

The problem is solved, it was in the certificate, which was wound on Exch. There are no problems with the network, port 433 was open, ip behind NAT.

S
sithius82, 2015-11-05
@sithius82

Colleagues, good afternoon.
Can you be a little more specific - what happened with the certificate? I have the same problem, but it's even more interesting - if one of the servers in the farm is disabled in ARR - everything works if both are enabled - the logs show an HTTP 440 error
. On the internal servers, certificates from the internal CA, on the IIS balancer - a certificate for an external name...
Problem solved. It was decided by installing an external certificate on the CAS servers.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question