Recently, we renumbered a client’s network to reduce broadcast traffic and introduced two new redundant internet connections. Everything seemed fine in the initial testing, and we all went home.
The next day, when we were sifting through the fallout tickets, there was a recurring theme–Windows Mobile devices were no longer synchronizing. During an ActiveSync over the air synchronization, they would receive error 85010014. It’s a dreaded error and is usually seen when using ActiveSync 4.1 on a desktop.
I had just set this Exchange server up a few weeks ago, and ActiveSync was previously working. It appeared to stop working after the IP address for the Exchange server changed.
The server was the only Exchange server in the environment and had an SSL cert bound to the default website for mail.[domain].com. OWA and RPC/HTTPS connections were working fine.
However, when browsing to mail.[domain].com/OMA, I received a server processing error. Once I got that response, I immediately knew where to look. I navigated to IIS Manager > Web Sites > Default Web Site > exchange-oma. What is exchange-oma you ask?
If you followed Microsoft KB 817379 for doing single-server deployments where you have Forms-based authentication and SSL enabled on your only Exchange server, you know what I’m talking about.
In Exchange scenarios where you have both front-end and back-end servers, this isn’t typically an issue. There are a number of HTTP calls that are made to the /exchange directory on the back end server, which execute normally. However, when you only have a single server deployment and apply Forms-based authentication, the /exchange directory is protected via SSL. The work-around that KB 817379 walks you through is to create a secondary virtual directory that ActiveSync devices will use for communication that does not have Forms-based authentication.
My problem was in steps 13-14 for re-creating the virtual directory under Method 2 of KB 817379. You are supposed to add an IP Address restriction for the newly created virtual directory for ActiveSync/OMA users so that all except the IP address of the server you’re configuring can connect.
Once I had updated that IP address entry to reflect my server’s new address. the errors went away.