after an upgrade from 6.4R4 (build 14811) to 6.5R2 (build 14951) our ActiveSync configuration stopped working.
Whenever one accesses the dedicated ActiveSync URL the client gets an "HTTP/1.1 500 Internal Error" error and the user access log reports:
[...] - WebRequest Failed : Host: unknown, Request: /Microsoft-Server-ActiveSync?User=[...]
Reason Cannot resolve DNS
The "Backed URL" contains an IP Address, e.g. "http://192.168.1.2:80/*".
If I use a DNS name resolvable from the SA it is all the same. I checked with TCPdump: The SA does not make any DNS queries.
Can someone confirm the is problem or can definatly say she/has has seen it working on an 6.5R2 release?
PS: I don't know if it matters: The ActiveSync was/is defined within a virtual system, not within the root-IVE.
Do you have that "Allow only ActiveSync Traffic" checkbox set too? Does turning it on / off make a difference?
Definitely should open a ticket about this one... something's not right
no it makes no difference wether I enable "llow only ActiveSync Traffic"" or not.
I the neantime I have discovered that the problem exists only in virtual IVS but not in the root IVS.
I have an open ticket but no result so far. :-(
Having the same issue here. All iPhones stopped working after the upgrade (6.4R2 to 6.5R2). The ActiveSync in all of our IVS' has stopped working. I don't see anything in the logs. It's as if the Juniper is blocking Activesyc traffic and does't even log the activity. I have a ticket open as well but no solution as of yet.
Glad to see it's not just me. Please update the forum if they figure out the problem.
Pair of SA 4000 in an Active/Passive cluster.
Still no solution for this problem.
We've got a case open for this with JTAC and it has been escalated - ActiveSyc not working in an IVS after upgrade from 6.4R2 to 6.5R2.
What is really odd is that the DNS errors (when DNS is fine) appear in the root IVS but not the configured IVS. Tried creating a whole new IVS from scratch but no difference.
We are using a temporary workaround of moving ActiveSync to the root IVS, which works fine.
I'm trying your workaround but I'm having the same issue. Iphone gets rejected by the Juniper almost immediately (by the IVE or an IVS).
When you pass the users through the IVE do you have them authenticate with a Domain Controller or do you use the local USERS group with an * in the Role Mapping?
Any assistance is much appreciated.
Disregard the last post. It's working throgh the IVE now.
we also have moved the ActiveSync configurations of the IVSes to the Root.
For possible cross-link of the open cases: Our's is #2010-0104-0116.
Any update on this?
I have a new SA4500 we're getting ready to deploy running 6.5R2 - no legacy stuff from older configs, but having the same issue.
FWIW, for various reasons we're actually using the same Authorization Only URL for both EAS and external OWA access (don't ask...) and OWA via this path is broken as well. It seems to be the Authorization Only functionality that is broken, not specifically EAS.
I see the same thing descibred above when doing a TCPDump - I can se my client hit the IVE, but the IVE never sends any traffic to the internal resource - I've tried both hostname and IP for the internal resource, and no dice either way. Same thing happens for any other authorization only URL I configure.
The weird thing is, the very first time I configured the auth only URL, it worked for a period of time. Then it just stopped and started throwing the 500 errors. I've deleted it, recreated it, rebooted the device, created other auth only URL's pointing to the same as well as different internal resources, and nothing.
If no useful updates, I'll go ahead and contact JTAC as well and post ticket here for cross reference.