Mail for Exchange 403 error [Archive] - maemo.org

ashyu

2010-12-05, 23:22

I know that the N900 is not considered a provisioned device, and therefore it can't sync with many corporate Exchange servers.

However, how does one know if their company's Exchange server requires provisioning?

In trying to setup my N900, I get the to the typical first synchronisation step, but then it fails reporting an error in communication.

The interesting thing though is that when I log into the web interface of my company's Exchange server, if I go to the Mobile devices section, I can see that there is a new mobile device added with the same ID as my N900. The status there reports the first time I tried to sync this device, and reports an "OK" status. But clearly it's not ok...

I enabled logging and checked the log for when my N900 tries to connect. Essentially, I'm getting back a 403 error, saying that I don't have permission to view this directory or page using the credentials that I supplied.

I don't know if this is due to provisioning or something else. In one of the earlier HTTP interactions (before trying to sync), I can see that the Exchange server rports this back:

HTTP STATUS: 200
Dec 5 18:00:34 Nokia-N900 activesync[1733]: HTTP RESPONSE headers:
Dec 5 18:00:34 Nokia-N900 activesync[1733]: Allow: OPTIONS,POST
Dec 5 18:00:34 Nokia-N900 activesync[1733]: Cache-Control: private
Dec 5 18:00:34 Nokia-N900 activesync[1733]: Content-Length: 0
Dec 5 18:00:34 Nokia-N900 activesync[1733]: Date: Sun, 05 Dec 2010 23:00:44 GMT
Dec 5 18:00:34 Nokia-N900 activesync[1733]: MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachmen t,GetHierarchy,CreateCollection,DeleteCollection,M oveCollection,FolderSync,FolderCreate,FolderDelete ,FolderUpdate,MoveItems,GetItemEstimate,MeetingRes ponse,Search,Settings,Ping,ItemOperations,Provisio n,ResolveRecipients,ValidateCert
Dec 5 18:00:34 Nokia-N900 activesync[1733]: MS-ASProtocolVersions: 1.0,2.0,2.1,2.5,12.0,12.1
Dec 5 18:00:34 Nokia-N900 activesync[1733]: MS-Server-ActiveSync: 8.2
Dec 5 18:00:34 Nokia-N900 activesync[1733]: Public: OPTIONS,POST
Dec 5 18:00:34 Nokia-N900 activesync[1733]: Server: Microsoft-IIS/7.0
Dec 5 18:00:34 Nokia-N900 activesync[1733]: X-AspNet-Version: 2.0.50727
Dec 5 18:00:34 Nokia-N900 activesync[1733]: X-Powered-By: ASP.NET
Dec 5 18:00:34 Nokia-N900 activesync[1733]: HTTP MESSAGE:
Dec 5 18:00:34 Nokia-N900 activesync[1733]: AS-LIB: OPTIONS response received (200)
Dec 5 18:00:34 Nokia-N900 activesync[1733]: AS-LIB: Versions supported: 1.0,2.0,2.1,2.5,12.0,12.1
Dec 5 18:00:34 Nokia-N900 activesync[1733]: AS-LIB: Created factory for version 12.1

I see it says Provision. But does that mean I NEED provisioning? Or does it mean that the server supports provisioning?

At any rate, I can proceed further and the actual request to perform a sync, the error response is:

Dec 5 18:00:35 Nokia-N900 activesync[1733]: HTTP REQUEST: POST https://[exchange owa address.com]/Microsoft-Server-ActiveSync?Cmd=FolderSync&DeviceId=[my N900's device ID]&DeviceType=SmartPhone
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ASDAEMON-CONN: startSession start, aWait=30 seconds
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ASDAEMON-CONN: CURL-CONN-CALLBACK: Action=2
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ASDAEMON-CONN: CURL-CONN-CALLBACK: Action=1
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ASDAEMON-PING: Ping is disabled.. Ignore Ping action
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ASDAEMON-CONN: CURL-CONN-CALLBACK: Action=4
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ASDAEMON-CONN: startSession end, ret=0
Dec 5 18:00:35 Nokia-N900 activesync[1733]: AS-PERF: Transfered 1479 bytes in 0 seconds. Transfer rate is 0 Kb/sec
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CurlConnectionManager: sendReceive attempt 1: CancelErr=0
Dec 5 18:00:35 Nokia-N900 activesync[1733]: HTTP REQUEST headers:
Dec 5 18:00:35 Nokia-N900 activesync[1733]: User-Agent: N900/1.1
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Host: [exchange owa address.com]
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Connection: Keep-Alive
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Authorization: <skipped>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: MS-ASProtocolVersion: 12.1
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Content-Type: application/vnd.ms-sync.wbxml
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Content-Length: 13
Dec 5 18:00:35 Nokia-N900 activesync[1733]: HTTP STATUS: 403
Dec 5 18:00:35 Nokia-N900 activesync[1733]: HTTP RESPONSE headers:
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Cache-Control: private
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Content-Type: text/html
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Date: Sun, 05 Dec 2010 23:00:44 GMT
Dec 5 18:00:35 Nokia-N900 activesync[1733]: MS-Server-ActiveSync: 8.2
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Server: Microsoft-IIS/7.0
Dec 5 18:00:35 Nokia-N900 activesync[1733]: Transfer-Encoding: chunked
Dec 5 18:00:35 Nokia-N900 activesync[1733]: X-AspNet-Version: 2.0.50727
Dec 5 18:00:35 Nokia-N900 activesync[1733]: X-Powered-By: ASP.NET
Dec 5 18:00:35 Nokia-N900 activesync[1733]: HTTP MESSAGE:
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <html xmlns="http://www.w3.org/1999/xhtml">
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <head>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <title>403 - Forbidden: Access is denied.</title>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <style type="text/css">
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: 
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: </style>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: </head>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <body>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <div id="header"><h1>Server Error</h1></div>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <div id="content">
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <div class="content-container"><fieldset>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <h2>403 - Forbidden: Access is denied.</h2>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: </fieldset></div>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: </div>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: </body>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: CURL: </html>
Dec 5 18:00:35 Nokia-N900 activesync[1733]: AS-LIB: FolderSync response received (403)
Dec 5 18:00:35 Nokia-N900 activesync[1733]: AS-LIB: FolderSync ends with status 403
Dec 5 18:00:35 Nokia-N900 activesync[1733]: AS-LIB: Action execution ends with status 403
Dec 5 18:00:35 Nokia-N900 activesync[1733]: AS-LIB: FolderSync failed with status 403. Abort retrieving estimations
Dec 5 18:00:35 Nokia-N900 activesync[1733]: AS-LIB: Action execution ends with status 403
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ActionFullSync: ItemEstimate failed with status 403. Abort.
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ActionFullSync::doExecute end
Dec 5 18:00:35 Nokia-N900 activesync[1733]: ActionWarpper - action completed with result 403

One thing I note is that it says that the authentication is skipped.

Does activesync do an authenticate step earlier somewhere? I don't remember seeing it? Does anyone have any thoughts or any tips as to what to hunt for in the logs?

Rob1n

2010-12-06, 09:41

That could well be provisioning, yes. I think the client is supposed to report what provisioning protocols it supports before attempting to synch, so failing to do this will result in the synch being denied.

I'm not sure whether the Provision in your first set of responses indicates that it requires provisioning or not. The only way I know to check for sure is to use the server admin tools.

ashyu

2010-12-06, 22:54

Thanks for the info, I just wish there was a more complete Exchange solution.

I was wondering about the possibility of porting functionality over from Evolution's Exchange connector, but I haven't even been able to get Exchange running on my Linux machine when I tried the other night. If it's not Microsoft, it seems like it's hard to get it working with Exchange haha...

Rob1n

2010-12-07, 09:02

Thanks for the info, I just wish there was a more complete Exchange solution.

I was wondering about the possibility of porting functionality over from Evolution's Exchange connector, but I haven't even been able to get Exchange running on my Linux machine when I tried the other night. If it's not Microsoft, it seems like it's hard to get it working with Exchange haha...

Any alternate solution would either need to integrate tightly into the system (in order to support the provisioning requirements) or lie to the Exchange server about supporting provisioning.

ashyu

2010-12-07, 18:02

I was more so thinking along the lines of seeing if we could obtain Exchange connectivity from a PC perspective, rather than a mobile device perspective.

For example, I don't know if Microsoft Outlook has any concept of provisioning, because it doesn't run on a mobile device. And in the same way, I might expect Evolution to act the same.

Seems more like a pipe dream than anything else though, as I don't know if I'd have the dedication necessary to go through with such a project. More of just a curiosity than anything else..

Rob1n

2010-12-08, 09:01

I was more so thinking along the lines of seeing if we could obtain Exchange connectivity from a PC perspective, rather than a mobile device perspective.

For example, I don't know if Microsoft Outlook has any concept of provisioning, because it doesn't run on a mobile device. And in the same way, I might expect Evolution to act the same.

I doubt the ports required for that sort of access will be exposed outside firewalls though.