Ugh. After two solid days of trying to sync my phone with Exchange, I finally was successful. Most of the time, I continued to get the dreaded 0×85010014 error message from ActiveSync – meaning a server error had occured. I have found a lot of sites that gave a lot of information about resolving this issue, but most of them were threads trying to solve the problem. Here is what I learned about getting this to work.

Players:

• Small Business Server 2003 SP1
• Exchange Server 2003 SP2 (single instance, no front-end/back-end combination)
• ActiveSync 4.1
• Verizon XV6700, Windows Mobile 5.0

Error messages:

• On ActiveSync & XV6700: 0×85010014

Quicks of my configuration:

• Multiple e-mail addresses: rick@domain1.com, rick@domain2.com, rickw@domain3.com …
• My Default e-mail address policy does not match my domain name, but does match my default e-mail address.
• Exchange server is hidden behind Linux firewall and front-ended with sendmail.
• Using a VPN connection to communicate directly to the exchange server from remote.
• I’m not using ISA or other firewall software on the Exchange box.
• The exchange box is the same box as the domain controller.
• This is a single instance Exchange server; there is no front-end/back-end.

Things I’ve read but don’t need to do or worry about:

• Since this is a server-side problem, I don’t think it’s necessary to uninstall/reinstall Outlook and/or ActiveSync.
• I didn’t need to add the MasSync\Parameters SMTPProxy string key to the registry since my default email address policy matches my default email address (Refer to Microsoft Knowledge Base Article 886346).
• Hard-reset of the handheld wasn’t necessary and can’t imagine it would be, unless of course…

Helpful (and probably necessary):

• Delete the mobile device from both ActiveSync on the PC and ActiveSync on WM5 and then re-add it on the PC.
• Configure IIS to support both Kerberos and NTLM authentication. Refer to Microsoft Knowledge Base Article 215383 for details.
• Installed the root certificate on the handheld, although not necessary if not using SSL. Refer to this thread on HowardForums (search for “not trusting your home-brew cert”) for details.
• Don’t worry about certificates is not using SSL.
• Make sure both /Exchange and /Exchange-OMA have the following authentication methods are enabled: Integrated Windows authentication, Basic authentication.
• Create the /Exchange-OMA Virtual Directory. If it already exists, delete it and recreate it according to the instructions provided by Method 2 in the Microsoft Knowledge Base Article 817379. This is the step that ultimately made this work for me.

Issues:

• Getting it to sync over VPN is a bit tricky. To make sure that the VPN is connected on WM5, but the server name in ActiveSync matches the certificate (if using SSL), an exception needs to be added on the Connections control applet (Settings–>Connections–>Connections–>Advanced) to tell WM5 to initiate the VPN connection for hosts ending with your domain, for example: *.yourdomain.com. This allows it to sync using SSL, both OTA (over the air) and through the USB connection.

Extremely useful:

• This Microsoft download: Troubleshooting Microsoft Exchange 2003 ActiveSync. This MS Word document contains a lot of helpful steps to troubleshoot the ActiveSync installation.

Notes:

• I often saw an error in my Application Event viewer (on the exchange server) for Source: Server ActiveSync, Event ID: 3031 about the mailbox server does not allow “Negotiate” authentication to its [/exchange-oma] virtual directory. This led me to configure IIS to support both Kerberos and NTLM authentication (as described above), although after doing so, I continued to see the error message. It finally went away when I recreated the /Exchange-OMA directory.

Next, I’ll configure it to work with an apache front end to eliminate the need for a VPN tunnel.

This entry was posted on Monday, March 20th, 2006 at 8:26 pm and is filed under Mobile, WILT. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.