ISA 2006 publish Exchange 2010 Outlook Anywhere with KCD/NTLM and IPSEC - Problem

Similar Messages

• ISA 2006 publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation

  Hi,
  I have two Exchange 2010 Sp1 CAS with Windows Network Loadbalancing. I set up an alternate Serviceaccount and mapped the http,ExchangeMDB,PRF and ExchangeAB SPNs.
  Then i published the Exchange Services via ISA 2006. OWA is working using Internet -> via NTLM -> ISA(webmail.domain.com) -> via KCD -> CAS-Array(ex2010.domain.com)
  I tried the same with Outlook Anywhere (RPC over HTTP) without success.
  Authentication to the ISA via NTLM works fine, but i think the isa server cannot delegate the Credentials successfully to the CAS-Server.
  The ISA Log looks like:
  Allowed Connection ISA 24.11.2011 15:50:40
  Log type: Web Proxy (Reverse)
  Status: 403 Forbidden
  Rule: Exchange 2010 RPC
  Source: Internal (172.16.251.33)
  Destination: (172.18.10.182:443)
  Request: RPC_OUT_DATA
  http://webmail.domain.com/rpc/rpcproxy.dll?ex2010.domain.com:6001
  Filter information: Req ID: 108b89d8; Compression: client=No, server=No, compress rate=0% decompress rate=0%
  Protocol: https
  So i always get a 403 Forbidden from the CAS.
  I the IIS logfile from the cas server i see this entry:
  2011-11-24 15:51:37 172.18.10.182 RPC_OUT_DATA /rpc/rpcproxy.dll ex2010.domain.com:6001 443 - <ISA IP> MSRPC 401 1 2148074254 203
  I use the same Listener for OWA and Outlook Anywhere. Authentication Methods are Basic and Integrated. I forward the request to a webfarm which exists of the two physical CAS. Internal Site Name is set to the NLB name ex2010.domain.com, SPN is set to http/ex2010.domain.com
  Thanks for your support

  Hi, i ran into the same Problem.
  the steps above solved mine too (Creating a custom AppPool which runs under LocalSystem).
  I wonder why they included only the Script: convertoabtovdir.ps1
  http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/dc24ccd3-378a-47cc-bbbf-48236f8fe5b0
  Ist this a supported configuration (changing AppPool of RPC)?

• Exchange 2010, Outlook Anywhere, Autodiscover, SAN Certs and ISA 2004

  Hi
  Everything I have read says that SAN certs do not work with ISA 2004.  However I have read through the "White Paper: Understanding the Exchange 2010 Autodiscover Service" document to understand my options (url below) and notice that the SAN
  cert option in the "Summary of supported scenarios for connecting to the Autodiscover service from the Internet" section implies that ISA 2004 may be able to work:
  "Requires additional configuration if used together with either ISA Server 2004 or ISA Server 2006"
  http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx
  Does anyone know if there is a supported ISA 2004 scenario where SAN certs can work?
  Thanks!

  It's highly doubtful, since ISA 2004 has been in extended support for two years.  See
  http://blogs.technet.com/b/isablog/archive/2009/10/05/mainstream-support-ending-for-isa-server-2004-standard-edition-sp3.aspx for details about ISA 2004 support - it goes totally out of support next year.

• Exchange 2010 - Outlook Anywhere trying to connect to internal server name first before connecting to proxy server

  Hello,
  I have an Exchange 2010 question which I will post in the Exchange 2013 section since the Ask a question button in the legacy Exchange Servers section of technet takes me back to the part of Technet where I can only ask questions regarding Exchange 2013.
  If someone can point me to a part where I can place a question in an Exchange 2010 forum please let me know.
  We have Exchange 2010 setup with a CAS array listening to outlook.internaldomain.com
  We have TMG 2010 setup with a rule for Outlook Anywhere, the rule listens to mail.externaldomain.com and traffic that meets this rule is let through to outlook.internaldomain.com.
  When I fire up my laptop, which is connected to the internet, and start Outlook and let it configure my profile through autodiscover it sets it up correct and fills the Outlook profile with a servername stating outlook.internaldomain.com and a proxyserver
  to be used stating mail.externaldomain.com. After initial setup when my Outlook starts it almost immediatly prompts me for a username and a password so this is working fine.
  At the office we have an internal network segment where DHCP is servicing the connecting clients and giving them our internal DNS servers because they need connection to some other network segments which are not available to the internet. This network segment
  does not have access to our internal Exchange environment but has full access to the internet. Clients in this network segment do want to use Outlook so using Outlook Anywhere for them is the logical way to go. When I connect my laptop to this network segment
  I get handed an IP address and our internal DNS servers, when I start Outlook it takes about two minutes before a the credential prompt pops up and another 2 to 6 minutes after entering credentials before it says all folders are in sync. This is quite long
  and our clients find this unacceptable.
  I started testing what might be going on here and I have found that when I manually enter external DNS servers the Outlook password prompt will popup in seconds and all is working as expected so it seems Outlook is trying to connect to the internal servername
  when using our internal DNS servers (which can resolve outlook.internalnetwork.com) instead of directly going to the proxy server which is to be used for Outlook Anywhere.
  When I start a network monitor trace my thoughts are confirmed because when I am connected to the internal network segment OUTLOOK.EXE first tries to connect to outlook.internaldomain.com, it almost immediately gets a response stating that this route is
  inaccessible but OUTLOOK.EXE keeps on trying to connect untill some sort of time out is reached (somewhere around two minutes) after which it connects to mail.externaldomain.com and Outlook shows the credential prompt.
  So to round it up, when connected to DNS servers that can resolve the internal servername Outlook tries to connect to the internal servername in stead of the external name, Outlook does not reckognize the answer from the network that the internal route is
  not acessible (or it does but does nothing with this information).
  Has anybody experienced this behaviour in Outlook?
  Does anyone have a solution in where I can force Outlook to connect to it's proxyserver and disregard the internal servername?

  Thank you for your reply.
  The client computers that are experiencing the issues are not domain joined, the only reason I can think of why this is occurring is because the DNS servers are able to resolve the internal hostname of the server, but I would expect Outlook to always use
  the proxy server that has been set in the configuration of the Outlook profile. Or at least acknowledging the answer that the initially tried route is inaccessible and immediately continue to the proxy server.
  For setting the same hostname for internal and external use, we use different namespaces internally and externally, do you mean setting the external hostname on the CAS array for internal use ? Wouldn't that push all internal communication to the internet
  and to the outside interface of the TMG where the server is published with that hostname ?

• Exchange 2010+Outlook Anywhere+Windows XP not working together

  Hello,
  We have Exchange 2010 installed on Server 2008 R2. CAS/Hub/mailbox roles on same server. Outlook Anywhere is enabled and using a Go Daddy signed certificate for OWA. Now my problem is that Windows XP (w SP3) PC's that are not located inside domain and
  shoud use Outlook Anywhere cannot connect to that service. Outlook version is 2007 SP2. On the other hand, that same user can connect from a Windows 7 pc what is also located outside domain without problems. On XP pc windows keeps asking for password repeatedly,
  on W7 pc it asks it and accepts and logs the user in and connects it to his mailbox. I have read numerous posts about this kind of issue, put so far none of them helped me. The certificate is issued to mail.domainname.ee and autodiscover.domainname.ee. The
  internal name of the server is excha.domainname.ee, external name is mail.domainname.ee. Also I used the Set-OutlookProvider cmdlet to set EXPR to msstd:mail.domainname.ee and also tried msstd:excha.domainname.ee this change did not have any effect on XP pc.
  What is wrong in XP and Outlook 2007 combination not being able to connect to Echange 2010?

  I was suffering from a very similar issue.  The one major difference for me is that I was using a wildcard ssl certificate for "*.contoso.com" which was not matching with the server name of owa.contoso.com.
  Behaviour definitely seemed to only manifest with Windows XP on the open internet (not domain joined or internal) trying to use either Outlook 2007 or 2010 to connect to our internal Exchange 2010 server via RPC over HTTPS.  Autodiscover was successful
  but user would be repeatedly prompted for their credentials but they would never match.
  The key changes that seemed to fix this for us were to make these updates -
  Set-OutlookProvider EXPR -CertPrincipalName msstd:*.contoso.com
  alternatively if you dont care whether the proxy server name exactly matches your ssl cert you can do this (not recommended) -
  Set-OutlookProvider EXPR -CertPrincipalName none
  These commands manipulate the Microsoft Exchange Proxy Settings under the Outlook Anywhere options under the connection tab of your mail profile.  In particular the field labeled "Only connect to proxy servers that have this principal name in their
  certificate"
  Also, to force RPC over HTTPS and never try and timeout on TCP/IP connection (which cannot work through the firewall) -
  Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
  This should click the checkbox for "On fast networks, connect using HTTP first, then connect using TCP/IP"
  This should then allow autoconfigure to work fine when setting up your mail profile.  If you want to check the settings page you should have something that looks like this -
  Finally, please note that Autodiscover settings are updated periodically not instantly. I believe it is something like every 15m or so.  As such, make the changes above and then wait for at least 15-30mins before making any other changes. 
  I ended up chasing my tail and then some complete red-herring *seemed* to fix the problem.  It was actually something that I had changed 20mins before!

• Exchange 2010 Outlook Anywhere issues

  I have an Exchange 2010 cas server that works fine with OWA internally and over the internet, and Outlook Anywhere works fine internally. When I try to access it outside the office though, the authentication prompt just keeps coming up for any user I try
  it on. I have used the connectivity analyzer, and it gives me what I've pasted below. I have disabled OA and uninstalled the RPC, rebooted and installed again and set it back up, with no luck. I've also tried both NTLM and Basic setups on the server side,
  and they both give the same error from outside the office. I also have checked my firewall settings, and everything is good. The only thing I can think of is that my reverse proxy is causing an issue. We have RHEL 5 with apache doing reverse proxy. Everything
  else works though, so I'm not sure why OA wouldn't?
  RPC Proxy can't be pinged.
  Additional Details
  An unexpected network-level exception was encountered. Exception details:
  Message: The remote server returned an error: (501) Not Implemented.
  Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
  Stack trace:
     at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
     at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
  Exception details:
  Message: The remote server returned an error: (501) Not Implemented.
  Type: System.Net.WebException
  Stack trace:
     at System.Net.HttpWebRequest.GetResponse()
     at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
     at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
  Elapsed Time: 198 ms.

  Hello
  501 is an internal server error.
  Please browse RPC virtual directory from outside, and see if you are getting a default response - Which should be a blank page.
  If you are not getting a blank page, then you need to troubleshoot that first - May be re-install RPC over HTTP.
  Let me know if you need any help
  AkashG || For any further queries, please mark an email to [email protected] ||

• Publishing Exchange 2013 Outlook Web App with Forefront TMG 2010

  Hello guys,
  I have published Exchange 2013 via TMG 2010 with pre-authentication. Since this is the first time I am doing it- I want to ask experts for the explanations:).
  When I configure Active Sync on mobile, I just type the password and  it's starts syncing after 20 sec.
  When I use browser and trying to login using TMG logon screen, after I enter credentials (if they were not wrong), I get exchange 2013 logon screen ( because my password was checked by DC's).
  I have customized TMG tamplate to Exchange 2013 tamplate, but it did not help- I have two logon screens.
  Is it possible to configure TMG for showing only one logon screen ( without disabling pre-authentication) ? Does it work this way?
  Did I miss something?

  Hi,
  Please try to enable FBA for external and internal OWA 2010 users by the methods in the blog below.
   There are several ways to accomplish this:
  Have internal users pointed to the internal interface of the Forefront TMG and utilize the forms-based authentication logon page offered by Forefront TMG. 
  Deploy Forefront UAG instead of Forefront TMG. Forefront UAG allows you to have FBA enabled on both the Exchange 2010 Client Access Servers and on the Forefront UAG solution itself. 
  Publish Exchange 2010 to the Internet using Forefront TMG but do not configure pre-authentication. This way the users need to go through the Forefront TMG solution, but will authenticate directly against the Exchange 2010 Client Access servers. 
  Configure an additional OWA and ECP virtual directory on the Exchange 2010 Client Access Servers.
  Reference:http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/enabling-forms-based-authentication-external-internal-owa-2010-users-exchange-2010-published-using-forefront-tmg-2010-part1.html
  Then check the blog
  - Creating a custom Forefront TMG 2010 OWA FBA logon page
  Note:
  Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Exchange 2010/Outlook 2010 Security Alert (...there is a problem with the site's security certificate.)

  I've been looking to resolve this issue for a while now and was hoping someone could help me understand my options.
  We have Exchange 2010 & Outlook 2010 in our environment. I've created a SSL cert for our ActiveSync from a reputable CA and unfortunately, as you may not be surprised, we are seeing an alert each time we open Outlook that states:
  "Security Alert; Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
  The name on the security certificate is invalid or does not match the name of the site."
  Of course my internal server name does not match my external server name. So the SSL I had created for use with OWA and ActiveSync is rejected by my internal Outlook clients.
  After doing some research I believe this is related to the Autodiscover service being configured with my internal server name and not my external name. 
  I've found some info about adding New-AutodiscoverVirtualDirectory and Set-ClientAccessServer commands and then found this article that might help.  (Configure
  Outlook Anywhere to Use Multiple SSL Certificates) but nothing is specific to my configuration and I'm concerned about what will happen to my existing configuration if this fails. 
  What happens when you run Set-ClientAccessServer? Does it retain and keep the old server config in place and add a new one or does it wipe it out? Will all of my devices need to be reconfigured?
  Same with New-AutodiscoverVirtualDirectory.  Does this simply add another virtual directory or is it going to overwrite my existing config?
  Then there is the question of whether or not any of this will actually address my issue at all.
  absolutezero273c

  Sorry.
  "[PS] C:\Windows\system32>Set-ClientAccessServer -Identity MailExt -AutoDiscoverServiceInternalUri "https://MailExt
  .contoso.com/autodiscover/autodiscover.xml"
  The operation couldn't be performed because object 'MailExt' couldn't be found on 'DomainController2.contoso.local'.
      + CategoryInfo          : NotSpecified: (0:Int32) [Set-ClientAccessServer], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 4D980455,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessServer"...is the error I get.
  I've created the split zones and populated the Forward Lookup Zones as follows:
  CONTOSO.COM
  MailExt(CNAME)MailInt.contoso.local
  _tcp _autodiscover(SRV)MailExt.contoso.com
  CONTOSO.LOCAL
  MailInt(A)192.168.1.10
  MailExt(CNAME)MailInt.contoso.com
  One thing I did notice is that there isn't a _tcp _autodiscover entry for MailInt in my Forward Lookup Zones.  It was recommended that I make that entry for _tcp _autodiscover(SRV)MailExt.contoso.com in another post I read somewhere.
  I believe what I am trying to do is create a new autodiscover object as is shown here:
  I see there is a Get-ClientAccessServer & Set-ClientAccessServer command but I need to add a CAS. Does the Set-ClientAccessServer add or simply modify?
  Or would that require the New-AutodiscoverVirtualDirectory command? I read
  this page that discussed creating new virtual directories but that seemed a little risky without knowing all the ins and outs of how this service functions and to what degree this would affect the existing configuration.
  I was able to use the Set-ClientAccessServer command and change the actual internal autodiscoverUri to https://MailExt.contoso.com/autodiscover/autodiscover.xml but the name still says MailInt and I continue to get the SSL cert warnings because it is looking
  at MailInt.contoso.local.
  absolutezero273c

• Exchange 2010 & Outlook 2010 - Cached Mode "okay" work well for you?

  Hi All,
  On our Client Laptops/PCs we disabled cache mode a long time due to issues experienced with a combination Delegates and Cached Mode occasionally affecting Calendaring.  We'd end up with vanishing appointments, etc.
  What I'd like to know from you is if you've had a positive experience with Exchange 2010 & Outlook 2010 32bit.  If you could impart any gotchas, etc.  Our environment is fairly vanilla with a total of 1500 Users.
  Thank you very much for your time,
  Mr Mister

  Hi,
  I am using myself outlook 2007 over than WAN (VPN) connection with Exchange 2010 SP2 with about 3 GB mailbox and i personally have not faced any issues. Also, we have about 600 usres with more than 2 GB mailboxes using Outlook 2010 in online mode and
  there are not many issues other than email with rich text format with screen shots attached in the mail body causing outlook hang. if we use the same email in html then no issues.
  It all depends on the sizing of your CAS and mailbox servers and also on the NIC speed configured on the server. I personally feel that we should have NIC card set to 1GB on the servers also the backup and replication should be on seperate dedicated LAN.

• "Resend" option is not working for specific user. "The Operation Failed" Exchange 2010 Outlook 2013

  Hi Everybody. I have a weird one for you.
  I have a user that gets an "operation failed" message whenever trying to use the "resend" option on any email (It's the one right under recall). I had tested up and down on her machine. Exchange 2010 Outlook 2013
  Ran in safe mode, recreated her profile, disabled virus scanning, repaired office. (weird, the font just changed sizes on me)
  After all of this I tested on other computers, other users seem to be able to "resend" just fine. However her account does not work on any computer I try, internal or external to the network.
  It looks more like a profile issue.
  She's a very active archivist, so she only has 486MB of space used by her mailbox.
  It's well under quota.
  It's been really puzzling me.
  MCSE 2003, Exchange. MCTS Vista, 7. Administrator of awful, neglected website http://timssims.net

  Hi Timssims,
  Since there is only one user in the org has this issue, it seems an issue on the Outlook client side.
  I suggest asking Outlook Forum for help so that we can get more professional suggestions.
  For your convenience:
  https://social.technet.microsoft.com/Forums/office/en-US/home?forum=outlook
  However I also have some suggestions for your reference:
  1. If this issue occur on Cached Mode, I suggest turning to Online Mode for testing.
  2. Please also paste the detailed error message if "operation failed" is not the
  complete information.
  3. If still not works after perform operations above (including suggestions from Outlook Forum), I suggest re-creating a new mailbox for the specific user just as Martin suggested.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username

  How can i get the following done:
  Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username?
  i nmust do this for 16 users TODAY, SO PLEASE HELP ME OUT HERE.
  Thanks in advance!!
  kind regards,
  Rene Veldman
  System Administrator Teidem bv, The Netherlands.

  Rene,
  Why are you not changing the username of the existing account, instead of deleting the existing one and creating a new one?
  If you truly need to delete and create new, you can save the GUID for the mailbox (Get-MailboxStatistics <mailbox alias> | Fl MailboxGuid), mail disable the existing account (Disable-Mailbox <mailbox alias>
  will work), clean the mailbox database it was hosted on (Clean-MailboxDatabase
  <database name>), then create your new account and recover the existing mailbox to that new account (Connect-Mailbox -Identity <Guid from before> -Database <Database name> -User <SAM account name of new account> -Alias
  <what you wish to set the alias to>).  In PowerShell, for all steps, you would do the following:
  $MbxAlias = <mailbox alias>
  $NewMbxAcct = <SAM Account Name for new account>
  $NewMbxAlias = <new alias for mailbox>
  $DomCtrl = (dir env:\LOGONSERVER).Value.Substring(2)
  $MbxGuid = (Get-MailboxStatistics $MbxAlias -DomainController $DomCtrl).MailboxGuid
  $MbxDb = (Get-Mailbox $MbxAlias -DomainController $DomCtrl).Database
  Disable-Mailbox $MbxAlias
  Clean-MailboxDatabase $MbxDb
  Connect-Mailbox -Identity $MbxGuid -Database $MbxDb -User $NewMbxAcct -Alias $NewMbxAlias -DomainController $DomCtrl
  You will need to supply the information in bold in the above commands, and you will need to create the new account before you run the above commands.  I include direct use of a specific domain controller so you won't need to worry about replication. 
  If you are changing the account from one domain to another, this will not help, and you will need to wait for replication throughout the process, running the commands individually.

• Hello! How can i setup and what to enable that my secretary has my shared calendar on her Iphone and that she can edit it? We are on Exchange 2010, Outlook 2010, Iphone 4s. Can it be done through some app? Thank you!

  Hello! How can i setup and what to enable that my secretary has my shared calendar on her Iphone and that she can edit it? We are on Exchange 2010, Outlook 2010, Iphone 4s. Can it be done through some app? Thank you! I'm trying to avoid creating my exchange activesync account on her Iphone and then sync only my calendar.

  Thank you for your time. I'm trying to avoid that because she can then simply turn on mail syncronization and then she could read my mail. Another reason is our password policy, that enforces changing our windows logon password every 90 days. Of course changing windows logon passwords demands changing exchange account logon info (password) on Iphone. I have read somwhere that there was an app but it was removed from app store. Any other suggestions would be appreciated.

• Exchange 2003 migrate to Exchange 2010 - single forest multiple domain. Active Sync problem

  Hi All, 
  I have AD single forest and multiple domain. for example, the forest domain is jakarta.co.id, and the other domain is bali.co.id.
  Exchange 2003 deployed in jakarta.co.id, User mail enabled in domain jakarta.co.id and bali.co.id.
  Then, I upgrade to Exchange 2010 (deploy in jakarta.co.id) and move mailbox from Exchange 2003 to Exchange 2010.
  All users in bali.co.id are able to access email from Owa, BlackBerry (BIS), Outlook, but cannot access from Android, Windows Phone. (Active-Sync).
  I got error information generated from https://testconnectivity.microsoft.com, as following:
  Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
  Tell me more about this issue and how to resolve it
  Additional Details
  Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
  Active-Sync still not work even I check option "Include inheritable permissions from this object" in security tab.
  any idea to fix this issue?
  Thanks.
  Endrik
  Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

  Hi Sathish, 
  We are planning to migrate Exchange 2003 to Exchange 2013, all user already in Exchange 2010 and Exchange 2003 was decommissioned
  Event Viewer log as following:
  Log Name:      Application
  Source:        MSExchange ActiveSync
  Date:          1/17/2014 10:00:48 PM
  Event ID:      1008
  Task Category: Requests
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      EXC2010.jakarta.co.id
  Description:
  An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
  Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 
  URL=/Microsoft-Server-ActiveSync/default.eas?Cmd=Sync&User=bali%5Csteveng&DeviceId=SAMSUNG123456789&DeviceType=SAMSUNGGTN7000
  --- Exception start ---
  Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
  Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=Steven Gerrard,OU=IT,DC=bali,DC=co,DC=id.
  Exception level: 0
  HttpStatusCode: 500
  AirSyncStatusCode: 110
  XmlResponse: 
  This request does not contain a WBXML response.
  Exception stack trace:    at Microsoft.Exchange.AirSync.ADDeviceManager.SetActiveSyncDeviceContainerPermissions(ActiveSyncDevices container)
     at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDeviceContainer(Boolean retryIfFailed)
     at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
     at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime)
     at Microsoft.Exchange.AirSync.Command.UpdateADDevice(GlobalInfo globalInfo)
     at Microsoft.Exchange.AirSync.Command.CompleteDeviceAccessProcessing()
     at Microsoft.Exchange.AirSync.Command.WorkerThread()
  --- Exception end ---.
  I think KB817379 is not related because Exchange 2003 was decommissioned.
  Regards, 
  Endrik
  Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Why can't I use my mid 2010 macbook pro with 8GB memoir and NVIDIA GEForce GT 330M 256MB to run 3D in photoshop CC?

  Why can't I use my mid 2010 macbook pro with 8GB memoir and NVIDIA GEForce GT 330M 256MB to run 3D in photoshop CC?

  3-D is very memory intensive.
  System requirements | Photoshop
  Mac OS
  Multicore Intel processor with 64-bit support
  Mac OS X v10.7, v10.8, or v10.9
  2 GB of RAM (8 GB recommended)
  3.2 GB of available hard-disk space for installation; additional free space required during installation (cannot install on a volume that uses a case-sensitive file system or on removable flash storage devices)
  1024x768 display (1280x800 recommended) with 16-bit color and 512 MB of VRAM (1 GB recommended)**
  OpenGL 2.0–capable system
  Internet connection and registration are necessary for required software activation, membership validation, and access to online services.*
  ** 3D features are disabled and some Mercury Graphics Engine enhanced features may not work with less than 512 MB VRAM. Read the Help article.
  Bottom line, you don't have enough VRAM
  Nancy O.

• I have a mid 2010 macbook pro with 4GB memory and need to purchase an additional 4 GB.  Do I need to purchase 8GB of memory to upgrade or can a 4GB upgrade be placed next to the existing memory?

  I have a mid 2010 macbook pro with 4GB memory and need to purchase an additional 4 GB to.  Do I need to purchase 8GB of memory to upgrade or can a 4GB upgrade be placed next to the existing memory?

  You need to purchase 8 GBs as two 4 GB modules. Must meet these requirments:
  Maximum Memory
  8.0 GB
  Memory Slots
  2 - 204-pin PC3-8500 (1066 MHz) DDR3 SO-DIMM