ActiveSync - Setup; the server is not an Exchange Server

[CatiaL]

mm so you have a different error message: it seems to me that at least you get to reach the server: what have you done to get to that point?

a) which are your settings on the phone
b) are my listed server side settings enough?

Do you have any idea at least how to check where is it hanging: is it a server side config problem? Is it a connection problem (wrong ports/ports not reachable?)? Is it a client (telephone) setup problem?

I did not open any extra port too.
our port schemes are conceptually different but in practice similar:
1) requests on port 80 of webmail.domain.example are automatically connected by apache via mod_jk to the port where http zimbra is running and the following RewriteRule is active
RewriteRule ^/$ http://webmail.domain.example/zimbra

2) requests on port 443 of webmail.domain.example are automatically connected by apache via mod_jk to the port where https zimbra is running and the following RewriteRule is active
RewriteRule ^/$ https://webmail.domain.example/zimbra

At the beginning I was using the self generated certificate of zimbra but since the name with which we access the mail server is different from the private_name of the zimbra server (name under which the zimbra generated certificate was created) I was getting a sync error due to a certificate server name mismatch (error 0x80072f17). So I have generated with openssl a new certificate for the correct name. I have let zimbra, apache and the treo use it and I got back to the "original" error message:
0x85030022: "The server is not an exchange server or is not running a compatible software ........."
the same one that I got without SSL.

Sure I let you know if I get forward, but I am pretty much out of ideas now.

[Klug]

One rewriterule is missing !

As ZimbraMobile mimicks an Exchange server, it's URL is : http://webmail.domain.example/Micros...Sync?somestuff (or https). Check out the complete URL in previous sentense (cut by the forum) to understand my point.

You should add such a rewriterule for these URLs, just like you did for Zimbra (and Zimbra mobile maybe).

[CatiaL]

I was guessing that the problem could be something in that direction too so I like your guess: could you be more precise, please?
1) which URL does ActiveSync expect to find? could you specify the
"Micros...Sync?somestuff"?
2) I did non add any Rewrite Roule for ZimbraMobile, should I?
3) how should exaclty look like the rewrite roule the points to the "exchange server" such that BOTH the "native zimbra" rewrite roule (needed for web access) AND the faked "exchange server" roule work?

At the moment I have the following VirtualHost for zimbra in my ssl.conf file:

Code:

<VirtualHost *:443>

    ServerAdmin netmaster@domain.example    
    ServerName webmail.domain.example

    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteLog logs/webmail_rewrite.log
        RewriteLogLevel 0
        RewriteRule ^/$ https://webmail.domain.example/zimbra
    </IfModule>

    JkMount /zimbra         zimbraworker
    JkMount /zimbra/        zimbraworker
    JkMount /zimbra/*       zimbraworker
    JkMount /service        zimbraworker
    JkMount /service/       zimbraworker
    JkMount /service/*      zimbraworker
    JkMount /zimbraAdmin    zimbraworker
    JkMount /zimbraAdmin/   zimbraworker
    JkMount /zimbraAdmin/*  zimbraworker
    JkMount //zimbra        zimbraworker

  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLCertificateKeyFile /etc/httpd/conf/ssl-webmail/webmail.key
  SSLCertificateFile /etc/httpd/conf/ssl-webmail/webmail.crt

</VirtualHost>

how should I modify it?

[Klug]

Add a rewriterule for anything starting with : /Microsoft-Server-ActiveSync

[CatiaL]

I did it. I have added:

Code:

       RewriteRule ^/exchange$ https://webmail.domain.example/zimbra
        RewriteRule ^/Exchange$ https://webmail.domain.example/zimbra
        RewriteRule ^/Microsoft-Server-ActiveSync$ https://webmail.domain.example/zimbra
        RewriteRule ^/owa$ https://webmail.domain.example/zimbra
        RewriteRule ^/OWA$ https://webmail.domain.example/zimbra

and I got one step furter.
After the connection, on the telephone I get a white screen for quite a long time. Then the connection breaks up with the error (the test is done with SSL):

Code:

0x8500200c              Synchronization timed out waiting for user input

I entered the correct passwd in the server setup and I have checked the "save the passwd".

What's wrong now?

[Klug]

You should do all your testing in http if you can : https can be tricky (especially with self signed certificate).

[CatiaL]

I got one step forward. If I set my Rewrite Roule as

Code:

RewriteRule ^/Microsoft-Server-ActiveSync$ https://webmail.domain.example/Microsoft-Server-ActiveSync

I get further.
I get on the telephone a login screen. The problem is that whatever password I do set there it is not accepted "Wrong passwd" (or something similar).

Now in /opt/zimbra/log/sync.log I have connections but I get unauthorized
(I have tried with
User= USER_ALIAS_NAME
User= USER_ALIAS_NAME@domain.example
User=USER_NAME
User=USER_NAME@domain.example):

Code:

2007-06-19 09:24:58,930 INFO  [TP-Processor12] [] sync - OPTIONS Microsoft-Server-ActiveSync?User=USER_ALIAS_NAME&DeviceId=CF75358AE9B976E994D5BEE55ADE2392&De
viceType=PocketPC
2007-06-19 09:24:58,978 INFO  [TP-Processor12] [] sync - HTTP/1.1 401 Unauthorized
2007-06-19 09:27:39,382 INFO  [TP-Processor5] [] sync - OPTIONS Microsoft-Server-ActiveSync?User=USER_ALIAS_NAME@domane.example&DeviceId=CF75358AE9B976E994D5BEE55AD
E2392&DeviceType=PocketPC
2007-06-19 09:27:39,388 INFO  [TP-Processor5] [] sync - HTTP/1.1 401 Unauthorized
2007-06-19 09:34:02,148 INFO  [TP-Processor6] [] sync - OPTIONS Microsoft-Server-ActiveSync?User=USER_NAME@domane.example&DeviceId=CF75358AE9B976E994D5BEE55ADE2392&De
viceType=PocketPC
2007-06-19 09:34:02,154 INFO  [TP-Processor6] [] sync - HTTP/1.1 401 Unauthorized
2007-06-19 09:34:29,007 INFO  [TP-Processor7] [] sync - OPTIONS Microsoft-Server-ActiveSync?User=USER_NAME&DeviceId=CF75358AE9B976E994D5BEE55ADE2392&DeviceType=
PocketPC
2007-06-19 09:34:29,010 INFO  [TP-Processor7] [] sync - HTTP/1.1 401 Unauthorized

why?

[Klug]

I don't understand : what is this "login screen" you're getting ?

ZimbraMobile is meant to be used through "ActiveSync" on the phone (or whatever tools handle the sync on the phone, such as RoadSync).

You have to set up "ActiveSync" on the phone (server and user and password) then launch the sync. And voila.

This URL is not meant to be browsed.

Did you activate ZimbraMobile in the CoS (or user properties) ?

[CatiaL]

1) Zimbra Mobile is activated in both COS and user properties
2) question: how to check that zimbra sees that the licence contains the ZimbraMobile?
3) I do use ActiveSync. I start ActiveSync it starts to connect then on the phone appears a window where there is written:

"Correct your password for the Exchange Server"
and it is shown the domain, the user name and there is a field where you can tip the password.
The problem is that whatever password I tip I get back to this window (i.e. it is not accepted), till when I stop the connection.

In the server settings I have set the correct password and checked the "save the password" box.

I see that it gets the connection but it is not authorized from the /opt/zimbra/log/sync.log entries (posted before).

[CatiaL]

If I try the http connection instead of the https, as Klug was suggesting for testing purposes, I get the same error as M.Meijer 0x85010014.
So I keep on testing in https.