Exchange Active Sync Connectivity
This SAM application monitor template tests the configuration of Microsoft Exchange ActiveSync on Exchange 2010 and 2013 servers using a PowerShell script.
Prerequisites
- WMI access to the Exchange server.
- Exchange Management Tools installed on the target Exchange server.
- Enable Windows Authentication for PowerShell on the Exchange server. This can be configured in IIS mmc: Start > Administrative Tools > Internet Information Services (IIS) Manager.
- In the IIS console, expand Your Server, Sites, Default Web Site.
- Select the PowerShell application.
- On the central panel, open Authentication.
- Select Windows Authentication and enable it from the right panel
- Create an ActiveSync test user on the Mailbox Exchange server by running the following script:
<Installed_Exchange_Folder>\Scripts\new-TestCasConnectivityUser.ps1
Could not find or sign in with user <user>. If this task is being run without credentials, sign in as a Domain Administrator, and then run Scripts\new-TestCasConnectivityUser.ps1 to verify that the user exists on Mailbox server <server>
Credentials
Use credentials for an Exchange Administrator account (Organization Manager) with at least view-only permissions. Credentials should be provided with the domain part in the login field. For example: domain\user.
If you have trouble with template functionality, refer to Troubleshooting.
Component monitors
Active Sync Connectivity Testing
This component monitor performs ActiveSync tests and returns latency in milliseconds of the performed tests (if possible):
Possible returned values:
- -1 – Test failed. See message field for errors.
- 0 – Test is unavailable.
- 1 – Test successfully finished. Test latency is not available. (This occurs on Exchange 2013 servers).
- 2 and higher – Test latency in milliseconds.
This component returns the status of the following scenarios:
- Options – Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
- FolderSync – Issue a FolderSync command to retrieve the folder hierarchy.
- First Sync – Initialize the Sync partnership for the test folder and create a sync state on the server.
- GetItemEstimate – Issue a GetItemEstimate command to retrieve count of items waiting to sync.
- Sync Data – Sync all existing data in the test folder.
- Ping – Execute Ping command for testing DirectPush against a test folder. An item is created in the folder to trigger the Ping response.
- Sync Test Item – Sync the test item.
Troubleshooting
ERROR: Please check target server argument and credentials (should be domain\user). [192.168.1.206] Connecting to remote server failed with the following error message : Access is denied.
Resolution: This error could occur when you use the wrong credentials. Check the credentials and verify the credentials are in the following format: (domain\user). The user should be Exchange Organization Manager
.
ERROR: The operation couldn't be performed because object 'Mailbox Database 10580933221\*' couldn't be found on 'xchng2010.apmteam.sw'.
Resolution: Provide the correct database name.
ERROR: [192.xxx.1.206] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use Negotiate authentication mechanism, but the destination computer (192.xxx.1.206:443) returned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password.
Resolution: This error indicates that Windows Authentication is not enabled for the PowerShell application on IIS on the Exchange server.
ERROR:[192.168.1.206] Connecting to remote server failed with the following error message : The WinRM client received an HTTP status code of 403 from the remote WS-Management service.
Resolution: If you get this error, check SSL settings for the PowerShell application in IIS on the Exchange server, which should use one of the following configurations:
- Require SSL unchecked
- Require SSL checked and Client Certificates is set to Accept
- Require SSL checked and Client Certificates is set to Ignore
ERROR: Check the target server argument and credentials (should be domain\user). [xchng2010] Connecting to remote server failed with the following error message : The WS-Management service cannot process the request. This user allowed a maximum number of 5 concurrent shells, which has been exceeded. Close existing shells or raise the quota for this user.
Resolution: This error could occur when you use more than five remote PowerShell sessions (set by default) at the same time. If you get this error, it is recommended that you increase the number of concurrent shells on the Exchange server.
Open a Windows Command Line as Administrator and run the following command:
winrm set winrm/config/winrs @{MaxShellsPerUser="30"}