I just configured activesync on my IVE (6.3R1-2)
My authorization only policy / virtual hostname is "syncmail.ivedomain.com" and the backend server is "bbb.backenddomain.com"
I get the following error:
"Access blocked after DNS lookup. Check Web ACL settings - Host: bbb.backenddomain.com, Request: OPTIONS /Microsoft-Server-ActiveSync?User=xxxxxDeviceId= etc..."
I know that this may indicate missing ACLs but I already have the ACL configured correctly (or at least I think I do?)
Under "resource policies > Web > rewriting > passthrough proxy policies >" there is an autopolicy made for the syncmail.ivedomain.com allowing access to https://bbb.backenddomain.com:443/* for hostname syncmail.ivedomain.com
Isn't this sufficient for the ACL? Do the policy also need the IP-address? Any ideas will be appreciated
I recommend you use policy tracing to find out what is happening. It should show you the URL which is being compared, and each rule it is being applied to. If you still can't figure it out, you might (a) paste the policy trace output into a query on this community or (b) open a JTAC case.
well do you have IVE and IVS? or just IVE? Also have you tried to do a grep on all your logs for "Access blocked after DNS lookup " string and see how many hits do you get?
I actually missed an access policy for the web URL,, (uh, like the error says, -but I misunderstood it, as I though it was enough having the rewriting policy (passthrough) as this is the one that's auto-generated. When I added the policy under WEB ACL as well, it worked.
Thanks for the input anyways.