3. Activesync - architecture
Security
• SSL for encryption and server ID validation
• AD credentials or client certificates for
authentication
• Activesync Mailbox policies
• Remote Wipe architecture connectivity
troubleshooting performance
4. Activesync - architecture
Security
• SSL for encryption and server ID validation
• AD credentials or client certificates for
authentication
• Activesync Mailbox policies
• Remote Wipe architecture connectivity
• Allow/Block/Quarantine
• Throttling
troubleshooting performance
5. Activesync – architecture -ABQ a c
t p
Logic Flow
• Is the mobile device authenticated? If not, challenge the mobile device for the correct credentials. Otherwise, go on to the next step.
• Is Exchange ActiveSync enabled for the current user? If not, return an "access restricted" error to the device. Otherwise, go on to the next step.
• Are the mobile policy enforcement criteria met by the current mobile device? If not, block access. Otherwise, go on to the next step.
• Is this mobile device blocked by a personal exemption for the user? If so, block access. Otherwise, go on to the next step.
• Is this mobile device allowed by a personal exemption for the user? If so, grant full access. Otherwise, go on to the next step.
• Is this mobile device blocked by a device access rule? If so, block access. Otherwise, go on to the next step.
• Is this mobile device quarantined by a device access rule? If so, quarantine the device. Otherwise, go on to the next step.
• Is this mobile device allowed by a device access rule? If so, grant full access. Otherwise, go on to the next step.
• Apply the default access state per the Exchange ActiveSync organizational settings. This grants access, blocks access, or quarantines the current device,
depending on the organizational settings.
18. Activesync – architecture -ABQ a c
t p
ABQ – Block - Cons
• Telling the Admins
• No auto email
• Can only allow the device by using Powershell
Get-ActiveSyncDevice -mailbox ceo | where{$_.devicemodel -eq "iPhone"} | Set-CASMailbox -id CEO -ActiveSyncAllowedDeviceIDs ($_.DeviceId)
20. Activesync – architecture -ABQ a c
t p
ABQ – Quarantine
• Account seems to sync fine
• At first nothing is synchronized
• GAL search fails
• No calendar or contact information synced to device from mailbox
• After the discovery process complete, the quarantine message is delivered to the device
21. Activesync – architecture -ABQ a c
t p
ABQ – Quarantine
IIS logs - Discovery
As:DeviceDiscoveryG
200
33. Activesync – architecture -ABQ a c
t p
ABQ – Limitations
• User Agent
• Zero day exploits
• Firmware level agnostic
• ISA / TMG / other firewall solutions
• manual powershell after the fact
34. Activesync - architecture a c
t p
Airsync Protocol
Activesync features available in Exchange 2007 sp3
http://msdn.microsoft.com/en-us/library/aa996303(v=EXCHG.80).aspx
Activesync feature available in Exchange 2010 sp2
http://technet.microsoft.com/en-us/library/bb123484
List of Activesync build / features and what mobile devices implement
http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients
51. Exchange ActiveSync Common Status Codes
Ping Command Status
Value Meaning
1 The heartbeat interval expired before any changes occurred
in the folders being monitored. The client should reissue the
Ping command request.
2 Changes occurred in at least one of the folders that were
being monitored. The response includes the folders in which
these changes have occurred.
3 The client Ping command request did not specify all of the
necessary parameters. The client is expected to issue a
Ping request that includes both the heartbeat interval and
the folder list.
4 There has been a general error in the Ping request issued
by the client, which can be caused by poorly formatted
WBXML.
5 The heartbeat interval specified by the client is outside the
range set by the server administrator. If the specified
interval was too great, the returned interval will be the
maximum allowable value. If the specified interval was too
low, the returned interval will be the minimum allowable
value.
6 The Ping command request specified more folders to
monitor for changes than is allowed by the limit configured
by the server administrator. The response specifies the limit
in the MaxFolders element.
7 The client specified a folder that has been moved or deleted
or the server that the client has been accessing has been
upgraded from Exchange Server 2003 SP1 to SP2. The
client should issue a FolderSync request.
52. Exchange ActiveSync Common Status Codes
Sync Command Status
Value Meaning
1 Success.
2 Protocol version mismatch.
3 Invalid sync key.
4 Protocol error.
5 Server error.
6 Error in client/server conversion.
7 Conflict matching the client and server object.
8 Object not found.
9 User account may be out of disk space.
10 An error occurred while setting the notification
GUID.
11 Device has not been provisioned for
notifications yet.
53. Exchange ActiveSync Common Status Codes
Search Command Status
Value Meaning
1 Success.
2 Protocol Error.
3 An error on the Exchange server occurred.
4 Bad Link.
5 Access Denied.
6 Not Found.
7 Connection Failed.
8 Too Complex.
9 Index not loaded.
10 TimeOut.
11 NeedToFolderSync.
12 EndOfRetrieveableRangeWarning.
54. Exchange ActiveSync Common Status Codes
FolderSync Command Status
Value Meaning
1 Success.
2 A folder with that name already exists.
3 Folder is a special folder.
4 Folder not found.
5 The specified parent folder was not found.
6 An error on the Exchange server occurred.
7 Access denied.
8 The request timed out.
9 Sync key mismatch or invalid sync key.
10 Misformatted request.
11 An unknown error occurred.
56. Activesync - troubleshooting
Scoping questions:
• Is the device reaching the Internet facing CAS?
• Are all mobile devices affected?
• Which CAS do we need to troubleshoot?
• Is this an issue that’s well known?
architecture connectivity
troubleshooting performance
57. Activesync - troubleshooting
Troubleshooting service
• the browser test
https://CAS.contoso.com/microsoft-server-
activesync/default.eas
https://mail.contoso.com/microsoft-server- architecture connectivity
activesync/default.eas
[501 method not implemented is the expected
response]
troubleshooting performance
62. W3SVC Log Example
_Fid:10_Ty:Em_Filt3_S
t:S_Sk:2063964464_SsCmt1_Srv:6a0c0d0s0e0r0A0sd_BR1_BPR0_
_LdapC23_RpcC116_RpcL203_Pk1087184048_S1_As:AllowedG_Mbx:E2K10M.x.ExchLab.loc
al_Throttle0_Budget:(
63. W3SVC Log Breakdown - Elements
Letter Element
identifier name Definition Possible values
V Protocol The protocol version the device is Value Meaning
version using to synchronize with the 120 Version 12
Exchange server. 25 Version 2.5
21 Version 2.1
20 Version 2.0
10 Version 1.0
Ty Type The type of folder that's being Value Meaning
synchronized. Em E-mail
Co Contacts
Ca Calendar
Ta Tasks
Fid Folder ID The ID of the folder that's being Positive Integer
synchronized.
Fc Folder count The number of folders that are Positive Integer
being synchronized.
Filt Filter type The data that the user requested. Value Meaning E-mail? Calendar?
Tasks?
0 No filter Yes Yes Yes
1 1 day back Yes No No
2 3 days back Yes No No
3 1 week back Yes No No
4 2 weeks back Yes Yes No
5 1 month back Yes Yes No
6 3 months back No Yes No
7 6 months back No Yes No
8 Incomplete No No Yes
64. W3SVC Log Breakdown - Elements
St Sync type The type of synchronization that's being performed. Value Meaning
F First sync
S Subsequent
R Recovery sync
I Invalid sync
Sk Sync key The actual sync key that's used between the mobile phone and Positive integer
the Exchange server.
Cli: Client Stores the count of each type of activity from the Client. Output Identifier value
statistics is in the form Cli: 0A0C3D1F0E. Meaning
A Adds
C Changes
D Deletes
F Fetches
E Errors
Svr: Server Stores the count of each type of activity from the server. Output Identifier Meaning
statistics is in the form Svr:2A0C2D1F1E. A Adds
C Changes
D Deletes
F Fetches
E Errors
E Number of The number of errors encountered in a request. Positive integer
errors
Io Items opened The number of items that were opened. This feature hasn't yet Positive integer
been implemented.
Hb Heartbeat The Heartbeat interval that's used for the PING command. Positive integer
interval
65. W3SVC Log Breakdown - Elements
Ssp SharePoint The number of files that were accessed from Windows Positive integer
documents SharePoint Services.
Sspb SharePoint bytes The number of bytes that were accessed from Windows Positive integer
SharePoint Services.
Unc UNC files The number of files that were accessed through Windows Positive integer
file shares.
Uncb UNC bytes The number of bytes that were accessed through Windows Positive integer
file shares.
Att Attachments The number of attachments that were retrieved. Positive integer
Attb Attachment bytes The number of bytes that were retrieved for attachments. Positive integer
Pk Policy key The element that's used by the client and server to Not applicable
received correlate acknowledgements to a particular policy setting.
Pa Policy The element that indicates success if all the policy settings Value Meaning
acknowledge were applied correctly. 1Policy was
status successfully applied
2Policy was partially
applied
3Policy was not
applied
66. W3SVC Log Breakdown - Elements
Oof OOf action The action that is performed on the Out of Value Meaning
Office status stored on the Exchange GetRetrieves the OOF status and
server. message
SetSets the OOF status and
message
UserInfo User The parameter that specifies retrieval of Get
information the user information data.
action
DevModel Device model The device information that is supplied by Possible values include
the device manufacturer. manufacturer name, model
name, and model number.
DevIMEI IMEI The International Mobile Equipment String
Identity (IMEI). It is a 15-digit code that's
assigned to each device.
DevName Device friendly This element stores the user's description String
name of their device.
DevOS Device OS The operating system that is running on String
the device.
DevLang Device OS The localized language of the device String
language operating system.
Error Error The error section of the request. String
S Status This element returns the status of the String
device.
R Not Relevant This element returns a count of items that Positive integer
have changed but aren't relevant to the
mobile phone or device.
116. Activesync - performance a c
t p
Trending analysis
• using AD tools since partnership is kept in leaf object
Csvde –d “cn=users,DC=Contoso,DC=com” –r (objectclass=msexchactivesyncdevice) -l
dn,msExchDeviceUserAgent,whenChanged,whenCreated –f
c:allExchange2010mobiledevicepartnerships.csv
"CN=iPhone§Appl87831W4QY7H,CN=ExchangeActiveSyncDevices,CN=e14MobileTester,CN=Users,DC=Contoso,DC=com",20101111173928.0Z,20101111173948.0Z,Apple-iPhone1C2/802.117
"CN=PocketPC§BAD73E6E02156460E800185977C03182,CN=ExchangeActiveSyncDevices,CN=e14manager,CN=Users,DC=Contoso,DC=com",20101231183218.0Z,20101231183326.0Z,MSFT-
PPC/5.2.5001
"CN=WP§C01D49121ABAFAFD3C72924235668667,CN=ExchangeActiveSyncDevices,CN=wp7user,CN=Users,DC=Contoso,DC=com",20110421115008.0Z,20110421115100.0Z,MSFT-WP/7.0.7390
"CN=iPhone§Appl87831W4QY7H,CN=ExchangeActiveSyncDevices,CN=iuser01,CN=Users,DC=Contoso,DC=com",20110426120447.0Z,20110426120505.0Z,Apple-iPhone1C2/803.148
…
• Compare this to the shell approach. From Management Shell
Get-Mailbox alias | Get-ActivesyncDeviceStatistics | ft identity,DeviceType,DeviceModel
118. Performance Monitor a
t
c
p
http://technet.microsoft.com/en-us/library/ff367877.aspx
http://technet.microsoft.com/en-us/library/ff367871.aspx
Notes de l'éditeur
architecture tidbits and connectivity discussion to ensure the troubleshooting portion is well digestedwon’t be going into extreme depth, but there are some great blogs on Exchange API spottinghttp://blogs.msdn.com/b/exchangedev/archive/2011/08/19/provisioning-policies-remote-wipe-and-abq-in-exchange-activesync.aspxhttp://blogs.msdn.com/b/exchangedev/archive/2011/07/29/working-with-meeting-responses-in-exchange-activesync.aspxhttp://blogs.msdn.com/b/exchangedev/archive/2011/07/22/working-with-meeting-requests-in-exchange-activesync.aspxhttp://blogs.msdn.com/b/exchangedev/archive/2011/07/08/autodiscover-for-exchange-activesync-developers.aspx
#mention SSL version and cipher strength#auth – password is saved, mailbox policy will help determine pin complexity for device login-client cert can eliminate need to change password on the device and also control what devices can be used#mailbox policies – wiki updated by community and individual vendors to announce what policies are supported#recommended RIM put their supported mailbox policies herehttp://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clientshttp://social.technet.microsoft.com/wiki/contents/articles/exchange-activesync-client-comparison-table.aspx#Remote wipe-device needs to connect successfully in order to wipe-mention sandbox behavior in Win8 CSP-From AD canonicalName is what we use for wiping
ABQ + remote wipewhat should be done first? block the id or wipe the devicewhat happens when unfortunately the -Characteristic option only accepts as possible entries “DeviceType or DeviceModel”
When you go to this portion of the ECP as an Exchange administrator you can specify the default Activesync connection settings by selecting the Edit link.From here I’ve set the default Activesync settings for the Organization to disabled [blocked]. All new users and all devices will be blocked. Even current users will be blocked. The only exception is migrated users who already have mobile device partnerships from Exchange 2003 or Exchange 2007 mailboxes. By default they have a 7 day grace period before those devices then become blocked. There are ways to deal with them however...Set-ActiveSyncOrganizationSettings
Custom message:-phone number?-published Internet site?-nastygram?
The actual experience from a mobile deviceIt appears that the device configuration is successful. After entering all the right server and user information required [depending on Autodiscover and the mobile device attempting to provision], it seems the device is ready to sync, however no data is synchronized. This makes sense, because if the device is approved later, the user doesn’t need to re-enter all that information again. Here’s sample screenshots from an iPhone running IOS 4.01
Folder hierarchy
No Calendar info
No Contact info
If anything further is attempted to synchronize, you get this error:
On the CAS, we find in the IIS logs that the initial provisioning was completed successfully, just far enough to get all the device and user information needed to allow an administrator to allow that device for that user if wanted. No calendar data or contact data is synced. No mailbox items whatsoever.
now we get blocked, but still have 200 HTTP status success
Telling the device user:From OWA or Outlook or another client, the user gets an email letting them know their device has been blocked. A custom message can be configured here to detail the process blocked users should follow in their organization.
First, no email is sent to the administrators configured above that a device was blocked. Depending on the custom message the user receives in their regular mail client, they need to initiate contact. Once they do, creating a personal exemption is tedious if you don’t like Powershell
received 1 message in the Inbox indicating it was quarantined with the same custom message configured from above. The difference between quarantine and block is that I can create calendar and contact items on my mobile device under the account I’ve attempted to provision and these items are indeed synchronized to the server 1-way. This doesn’t seem to be a security concern. However, the folder hierarchy of the mailbox is also synchronized to the device - this could inadvertently reveal sensitive information such as project codenames or whatever people name their folders.
received 1 message in the Inbox indicating it was quarantined with the same custom message configured from above. The difference between quarantine and block is that I can create calendar and contact items on my mobile device under the account I’ve attempted to provision and these items are indeed synchronized to the server 1-way. This doesn’t seem to be a security concern. However, the folder hierarchy of the mailbox is also synchronized to the device - this could inadvertently reveal sensitive information such as project codenames or whatever people name their folders.
After a period of time that relied on the DiscoveryMailbox, here’s the 1 message that is synced to the device.
GAL search fails still
Folder Hierarchy revealed, but not unread message count.
Quarantine Device calendar
Actual Calendar
Quarantined Device Contacts
Actual Contacts
The real difference is how much easier it is to allow this device for full access or to completely block. Here’s the message that’s sent to administrators that contains information about how the device applies the default Activesync policy, the device user agent and a link that takes the administrator directly to the management UI in the Exchange Control Panel where they can allow or block the device.
simple ECP management
You can also choose to create a new device rule from here allowing any future devices like this or blocking the rest.
user agent - RFCshttp://www.w3.org/Protocols/rfc2616/rfc2616-sec14.htmlhttp://tools.ietf.org/html/rfc2616#section-14.43 [SHOULD, but don’t have to]user agent – how to block if it is givenIIS 7.x URL rewrite to block the user agent from each MSAS virtual directoryhttp://learn.iis.net/page.aspx/803/using-custom-rewrite-providers-with-url-rewrite-moduleExchange 2010 sp2 ru2 includes a fix to ensure user agent is updatedTMG/UAG signature to block the Touchdown user agent for OWA path rulecustom ISAPhttp://blogs.technet.com/b/exchange/archive/2008/09/05/3406212.aspx Understanding Mobility – mainly ABQhttp://technet.microsoft.com/en-us/library/ff959225.aspx#controllingNew-ActiveSyncDeviceAccessRulehttp://technet.microsoft.com/en-us/library/dd876923.aspx
Airsync Protocol versions2.x = Exchange 200312.0 = Exchange 2007 RTM12.1 = Exchange 2007 SP114.x = Exchange 2010 +open specificationsAll of the protocol documents describing this protocol in detail can be found on Microsoft’s Open Specifications site. Underneath the Exchange Server Protocols section, one will find every document describing this protocol to begin with [MS-AS (AS denoting ActiveSync). All of the documents in question are as follows:[MS-ASAIRS].pdf[MS-ASCAL].pdf[MS-ASCMD].pdf[MS-ASCNTC].pdf[MS-ASCON].pdf[MS-ASDOC].pdf[MS-ASDTYPE].pdf[MS-ASEMAIL].pdf[MS-ASHTTP].pdf[MS-ASMS].pdf[MS-ASNOTE].pdf[MS-ASPROV].pdf[MS-ASTASK].pdf[MS-ASWBXML].pdf
Outlook profile needs to be online mode not cached-E2k7 is different than E2k3 which was Root\\non_IPM_Subtree\\Microsoft-Server-Activesync\\<deviceID>-in Exchange 2010, partnership information located in same place in MBX but also located in AD leaf under user object
Outlook profile needs to be online mode not cached-E2k7 is different than E2k3 which was Root\\non_IPM_Subtree\\Microsoft-Server-Activesync\\<deviceID>-in Exchange 2010, partnership information located in same place in MBX but also located in AD leaf under user object
451 redirect when mailbox moves cross site or upgraded from E2k7 to E2k10 if device claims 12.1 AS protocol version.http://blogs.technet.com/b/exchange/archive/2009/12/08/3408985.aspx
OverviewMaintaining a connection, thus, is entirely the client’s responsibility. The client sets up the connection, chooses the appropriate heart beat timer, issues the periodic commands required to keep the connection open, and tears down and re-establishes the connection if and when it deems necessary.The configuration of this on the server and device end will be covered in the configuration section later in this documentation.At the highest level, the design works by the client establishing an HTTP connection with the server, and preventing it from being torn down by periodically sending traffic on it. The server uses this connection to issue notifications to the client.More specifically: The client establishes a connection with the server by issuing an HTTP AirSync PING command.The client optionally informs the server of the list of folders {F} that it expects to receive notifications on.Based on operator network requirements, the client chooses an appropriate heartbeat interval h that will ensure that the connection is not torn down. If no changes occur within h minutes, the server returns OK and the client reissues its original request, thereby keeping the connection open.When changes occur the server tells the client which folders changed, and the client syncs them The contract between the server and the client is, thus: “Inform me whenever changes occur on folders {F} in the next h minutes”
Here’s a great slide deck from Andrew Ehrensing:http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/EXL307http://media.ch9.ms/teched/na/2011/ppt/EXL307.pptxauthorization header is base64 encoded – easlily decrypted to reveal username/password treat with care!
Server Response Status Codes:Server informs the device that there is mail in specific folder(s). Device then syncs only those folders, (though it may choose to sync others as well). The status code is used to indicate success, failure, timeout and other error conditions.HTTP 200 OKContent-Type: ms.wbxmlPragma: no-cache <Status> 2 <\\Status><Folders><Folder> 1234 </Folder></Folders>
Some of the cases where we would get a status code error 2 are: Invalid Store name (anything other than GAL) Empty query string Invalid Range, example: (without a zero based index, exceeding range max value of 9999) Exceeding the search query string max length of 256 characters
Taking another look, we see that the Server responds to the device stating there are changes in Folder 1234
ExMon on the MBX server of the person having a problemhttp://technet.microsoft.com/en-us/library/bb508855(v=EXCHG.65).aspx#mention caveat with latest version Version: 14.2.247.5 Date published: 12/5/2011#run from command line if crashing but don’t start it in the directory the executable is in#for ex. c:\\> c:\\exmon\\exmon.exe userxyz.etlOWA breadcrumbstail powershell commandpoint device internally thru wifi to CAS fqdnget-logonstatistics – doesn’t work for EAS, but does work for MAPI, and EWS in E2k10HOSTs file?Current issues with Microsoft Exchange ActiveSync and third-party deviceshttp://support.microsoft.com/kb/2563324
Based on this, we see that ISA cannot authenticate the device with 403 Access is Denied. This is because this device type is sending the appended / after the Microsoft-Server-ActiveSync and the ISA server publishing rule path does not include the * after the trailing /Microsoft-Server-ActiveSync
Example of Successful Test using cmdlet
Example of Mailbox Server being too busy to accept the request. This could potentially be due to RPC Requests building up on the Mailbox Server. RPC Request Maximum is 500 for Exchange 2007 and 2010.This value should not average above 70.If the RPC Requests are climbing on the mailbox server, some questions to ask may be… Are there any iphone 4.0 devices (801.293) or is this mailbox server Exchange 2010 SP1 and do I have Outlook 2003 client connecting to it for Public Folders?
W3SVC Log example of WP7 syncing mail and calendar items
Now Can we break this down based on the elements we just reviewed???See next slide for details of breakdown
Break down of the highlighted elements earlier
Break this down. What does this mean?See next slide for details…
Example of Log Parser query and output
Example of Export-ActiveSyncLogcmdlet and output
The Users provides the devices, users, hits and sync requests for various mailbox itemsThe Hourly CSV shows unique devices and sync requests per hourThe Policy Compliance provides which devices are compliantThe Servers show which servers the device is connecting toThe StatusCodes show the number of times various HTTP codes were returnedThe UserAgents provides the User Agent and number of hits for each User AgentNOTE: The Users CSV Contains much more data, however unlike the Log parser, we do not have the User Agent field next to the device, therefore we do not know which User Agent is causing the behavior from this log. The UserAgent.csv is available, however it only contains the User Agents syncing to the Exchange server
Get-ActiveSyncDevicecmdlet and the output; We can now see that test-apple has a device user agent of 808.7
Example Mailbox logging for WP7:Here is a breakdown of the above:- Log Entry #- Request Time that the device request was madeExchange CAS ServerExchange Version (14.01.x) we see this is Exchange 2010 SP1Identifier is important and identifies the sync session of the device. It’s possible that other logs will occur, and we would then see a log with the same identifier that contains the Server response
Example Mailbox logging for WP7:Here is a breakdown of the above:RequestHeader contains the device sync information such as Command (in this case, it is Sync); DeviceID, DeviceType, Language, etc…And we see MS-ASProtocolVersion which is AirSync 14.1
Example Mailbox logging for WP7:Here is a breakdown of the above:Check out the heartbeat interval and hanging sync We see the RequestBody which contains the xml version and Sync body.The Sync Body contains the Collections which is the Collection of Collection ID and SyncKey along with WindowSize for each.The CollectionID identifies the folder attempting to be synchronizedThe HeartbeatInterval specifies the time in Seconds the device would like to keep the sync open forWasPending:[Response was pending] -> This identifies that we have sent a sync request with heartbeat for various folders and will wait for the server to respond with changes or not. This can be considered the text that identifies the hanging sync
Example Mailbox logging for WP7:Here is a breakdown of the above:And the server now completes the hanging sync by pushing the change directly to the device.In this case, we are Adding CollectionID 5 with a specific identified item as 11, therefore the ServerID 5:11 is the Folder:Item being added.And it finishes with the Response Time.The way to identify the Server AirSync traffic compared to the Device AirSync traffic is that it begins with a Server Response Header.
Now the device completing another Partial hanging sync for just the Collection (Folder) it previously pushed changes forWe can identify the Partial Sync by the XML tag as seen above.
Now the iPhone… this is the difference of when an iphone syncing new changes from the server… the next few slides show the ping with Was Pending… then the server responding with Status 2 – Changes… then the device Getting Estimate, the server responding and then the device fetching the changes and the server responding with the additions
Server responds stating there are changes to sync (Folder 5)In this case, Folder 5 is the same as our CollectionID 5 seen in the earlier slides
Device then requests the changes for CollectionID 5
The Server responds with what changes are available to Sync. In this case, we can see that The change is ServerID 5.10
And finally, the phone Fetches (using cmd=sync) ServerID 5:10 (specific item in folder 5)
And the Server responds with a successful sync (or fetch from iphone in this case) and the item is successfully synced to the device.
Here is a common exception you will see in logs when syncing with the iPhoneThis is the beginning of the request, see next slide…
Then this happens… and the device continues to send a new sync request like nothing happened. It’s common; It seems we are attempting to find and sync something that has already been synchronized from the server.
The next few logs show how the iPhone increases, then decreases the heartbeat interval during the ping attempts to the server. And in addition, the iphone is not receiving any response from the server once the heartbeat is reached.This could indicate a potential problem with the device sync request or the server not being able to respond to the sync request.Here, we see the HB is 700 seconds
The next few logs show how the iPhone increases, then decreases the heartbeat interval during the ping attempts to the server. And in addition, the iphone is not receiving any response from the server once the heartbeat is reached.This could indicate a potential problem with the device sync request or the server not being able to respond to the sync request.No response from the server, yet theiphone increases the HB to 801 seconds
Once the trace has been stopped, the ETL file must be uploaded to Microsoft for review. These files contain code level information in the traces and Microsoft is unable to share this information.
This is the best way to capture data using network capture and Exchange ActiveSync… otherwise, the data is all SSL and cannot be read
This shows the initial portion of the log from FREB logging; notice the 401.3 and the Application Pool which we are attempting to process the request
Event before the Error Event is thrown and we can see that we were accessing default.eas (Sync Directory)
Based on this data, we see that there is a problem with accessing the default.eas <Sync Directory>; there seems to be an underlying permissions issue there
New in sp1 – we delay instead of reject – better experience for the device userhttp://msexchangeteam.com/archive/2010/08/27/456040.aspx
with Exchange 2010 we started storing the Activesync device partnerships in AD under the user object [which is why we have the new EAS throttling policies EASMaxDevices and EASMaxDeviceDeletesPerMonth by the way]. Sooo, we can use other AD tools instead of just powershell commands to get to this information. Here’s an example getting just the deviceID combined with the user DN, last logon from the device, when the partnership was created, and the useragent of the device…
On Mailbox: http://technet.microsoft.com/en-us/library/bb201689(EXCHG.80).aspxFor Mailbox, see http://technet.microsoft.com/en-us/library/ff367871.aspx Exchange 2007: On CAS: http://technet.microsoft.com/en-us/library/bb201674(EXCHG.80).aspxFor CAS: http://technet.microsoft.com/en-us/library/ff367877.aspxOne great example of what you might run into is where all the RPC Requests have been consumed on the mailbox server and the Server is too busy to receive any new RPC traffic. For Exchange 2007 and 2010, the Maximum RPC Requests is 500 therefore no Exchange ActiveSync traffic will be able to get through if that threshold is being reached.The iPhone 4.0 exposed this and requests continued to build up on the server until the limit was reached. There are other issues that may cause this behavior as well, such as in .NET if the handle is not released after making a RPC Operation to Public Folders. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;2535105