Since switching to Fedora Core 5, and more precisely, Apache 2.2, I’ve been getting intermittent issues when trying to sync my WM5 device and also using OWA. For me, the solution was not to reinstall Outlook or to upgrade to ActiveSync 4.2; the problem is with the proxy server that front-ends the Exchange/IIS server. I’ve blogged about this issue before and even though the ActiveSync error codes are the same, the causes are different.
My environment is still the same as the previous posting with the exception of an Apache 2.2 front-end instead of the VPN tunnel. Here’s a link to setting up the Apache server. (NOTE: I’m not experiencing the same problems with a percent in the subject so I have not applied the workaround.)
The problem surfaced as errors during ActiveSync-ing. I would see an error code of 85010014. I discovered the real problems were with Apache returning 502 errors. The error logs were filled with lines of the following form:
[Wed Aug 02 14:58:38 2006] [error] [client 192.168.86.111] proxy: error reading status line from remote server
[Wed Aug 02 14:58:38 2006] [error] [client 192.168.86.111] proxy: Error reading from remote server returned by /Microsoft-Server-ActiveSync
I believe the error has to do with timeouts from HTTP KeepAlives and mod_proxy reading from a closed pipe/handle. I have adjusted the timeouts on both ends and still received the same errors. I even disabled HTTP KeepAlives on the IIS error: that resulted in a whole new problem: error code 85010016. As soon as I re-enabled the HTTP KeepAlives on the IIS error, the 85010016 error went away (no need to restart the IIS server). I've also tried the SetEnv proxy-nokeepalive 1 workaround and that did not solve my problem.
I realized I had a configuration problem when checking netstat results and looking at the packets from Ethereal (now Wireshark). Turns out I had an SSL connection to the apache server but a plain old HTTP (port 80) connection to the IIS server! By adjusting my ProxyPass parameters in httpd.conf to point to https, my 85010014 error has gone away and I no longer see the error messages in my httpd logs.
For reference, my entry in httpd.conf:
ServerName owa.backend.server
ServerAdmin hostmaster@backend.server
ErrorLog logs/owa_error_log
CustomLog logs/owa_access_log combined
LogLevel warn
SSLEngine on
SSLProxyEngine on
SSLProtocol +all
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLProxyProtocol SSLv3
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
RequestHeader set Front-End-Https “On”
#ProxyPreserveHost On
ProxyPass / https://owa.backend.server/
ProxyPassReverse / https://owa.backend.server/
ProxyPass /rpc https://owa.backend.server/rpc/
ProxyPassReverse /rpc https://owa.backend.server/rpc/
ProxyPass /exchange https://owa.backend.server/exchange/
ProxyPassReverse /exchange https://owa.backend.server/exchange/
ProxyPass /exchweb https://owa.backend.server/exchweb/
ProxyPassReverse /exchweb https://owa.backend.server/exchweb/
ProxyPass /public https://owa.backend.server/public/
ProxyPassReverse /public https://owa.backend.server/public/
ProxyPass /iisadmpwd https://owa.backend.server/iisadmpwd/
ProxyPassReverse /iisadmpwd https://owa.backend.server/iisadmpwd/
ProxyPass /exchange-oma https://owa.backend.server/exchange-oma/
ProxyPassReverse /exchange-oma https://owa.backend.server/exchange-oma/
ProxyPass /Microsoft-Server-ActiveSync https://owa.backend.server/Microsoft-Server-ActiveSync/
ProxyPassReverse /Microsoft-Server-ActiveSync https://owa.backend.server/Microsoft-Server-ActiveSync/
CacheDisable *
Order allow,deny
allow from all
RedirectMatch ^/$ /exchange
