Tuesday, August 30, 2011

TMG CAS 2007 ACTIVE SYNC Error, Status: 12309 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.

If you are having fallowing probes with your TMG , Active sync publishing please have a look your firewall settings to possibly remedy the issue.

Denied Connection NPWINTMG1 8/29/2011 11:56:54 PM
Log type: Web Proxy (Reverse)
Status: 12309 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. 
Rule: E210 CAS - Active Sync webmail.SMTp25.org

Source: 208.54.35.224:53699
Destination: 172.26.7.5:443

Request: OPTIONS http://webmail.SMTp25.org/Microsoft-Server-ActiveSync?Cmd=OPTIONS&User=dedealoc&DeviceId=androidc1734872834&DeviceType=Android
Filter information: Req ID: 0b5d481c; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: Android/0.3
Object source: (No source information is available.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 1 MIME type:

 

image

Open TMG, Drill down to FireWall Policy, locate the Active Sync rule you have and double click on it.

  • Authentication delegation
  • No delegation, but client may authenticate directly

image

  • Click on Users and set , this rule applies to request from fallowing user set
  • All users

image

Go to monitoring and make sure TMG servers ( if they are in Array) have been syncy, and test the rule.

Tips:

On the logs & Reports create filter to capture the authentication attempts etc.

image

Hopefully you will see everything green in the live logins and issues will get resolved (-:

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

No comments: