Exchange Active Sync Connectivity

Version 2

    The components of this template test the configuration of Microsoft Exchange ActiveSync on Exchange 2010 and 2013 servers using PowerShell script.

     

    Prerequisites:

    • Exchange Management Tools must be installed on target Exchange server.
    • Windows Authentication should be enabled for PowerShell on the Exchange server. This can be configured in IIS mmc:
      Start > Administrative Tools > Internet Information Services (IIS) Manager.
    1. In the IIS console, expand Your Server, Sites, Default Web Site. Select PowerShell application. On the central panel, open Authentication.
    2. Select Windows Authentication and Enable it from the right panel
    • An ActiveSync test user should be created on the mailbox server. This can be done by running the following script on the Mailbox Exchange server:
      <Installed_Exchange_Folder>\Scripts\new-TestCasConnectivityUser.ps1
      otherwise you will receive the following error:
      Could not find or sign in with user <user>. If this task is being run without credentials, sign in as a Domain Administrator, and then run Scripts\new-TestCasConnectivityUser.ps1 to verify that the user exists on Mailbox server <server>

     

    Credentials: The credentials must be that of an Exchange Administrator account (Organization Manager) with at least view-only permissions. Credentials should be provided with the domain part in the login field. For example: domain\user.


    Note: If you have trouble with template functionality, refer to the troubleshooting section.


    Monitored Components

    Active Sync Connectivity Testing

    This component monitor performs ActiveSync tests and returns latency in milliseconds of the performed tests (if possible):

    Possible returned values:
    -1 – Test failed. See message field for errors.
      0 – Test is unavailable.
    1 – Test successfully finished. Test latency is not available. (This occurs on Exchange 2013 servers).
      2 and higher – Test latency in milliseconds.

    This component returns the status of the following scenarios:
      Options – Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
      FolderSync – Issue a FolderSync command to retrieve the folder hierarchy.
    First Sync – Initialize the Sync partnership for the test folder and create a sync state on the server.
    GetItemEstimate – Issue a GetItemEstimate command to retrieve count of items waiting to sync.
    Sync Data – Sync all existing data in the test folder.
    Ping – Execute Ping command for testing DirectPush against a test folder.  An item is created in the folder to trigger the Ping response.
    Sync Test Item – Sync the test item.

    Troubleshooting

    If you have a returned error similar to the following:

    Message: ERROR: Please check target server argument and credentials (should be domain\user). [192.168.1.206] Connecting to remote server failed with the following error message : Access is denied.

    Resolution: This error could occur when you use the wrong credentials. Check the credentials and verify the credentials are in the following format: (domain\user). The user should be Exchange Organization Manager.


    If you have a returned error similar to the following:

    ERROR: The operation couldn't be performed because object 'Mailbox Database 10580933221\*' couldn't be found on 'xchng2010.apmteam.sw'.

    Resolution: Provide the correct database name.


    If you have a returned error similar to the following:

    [192.168.1.206] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use Negotiate authentication mechanism, but the destination computer (192.168.1.206:443) returned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password.

    Resolution: This error indicates that Windows Authentication is not enabled for the PowerShell application on IIS on the Exchange server.


    If you have a returned error similar to the following:

    [192.168.1.206] Connecting to remote server failed with the following error message : The WinRM client received an HTTP status code of 403 from the remote WS-Management service.

    Resolution: If you get this error, you should check your SSL settings for the PowerShell application in IIS on the Exchange server.
      You should use one of the following configurations:
      - Require SSL unchecked;
      - Require SSL checked and Client Certificates is set to Accept;
      - Require SSL checked and Client Certificates is set to Ignore;


    If you have a returned error similar to the following:

    Message: ERROR: Please check target server argument and credentials (should be domain\user). [xchng2010] Connecting to remote server failed with the following error message : The WS-Management service cannot process the request. This user allowed a maximum number of 5 concurrent shells, which has been exceeded. Close existing shells or raise the quota for this user.

    Resolution: This error could occur when you use more than five remote PowerShell sessions (set by default) at the same time. If you get this error, it is recommended that you increase the number of concurrent shells on the Exchange server.


    Open a windows Command Line as Administrator and run the following command:
    winrm set winrm/config/winrs @{MaxShellsPerUser="30"}


    Portions of this document are provided courtesy of the following sources: Test-ActiveSyncConnectivity: http://technet.microsoft.com/en-us/library/bb123540(v=exchg.150).aspx

    Last update 1/16/2014