Enabling Exchange ActiveSync: HTTP_500 error explained and solved

Exchange ActiveSync for Exchange Server 2003 allows mobile phones or devices running Windows Mobile 2002, 2003, and Windows Mobile 5.0 to access information on the Exchange Server. The ActiveSync service will synchronise e-mail, contacts and calendar information with the portable device via the Internet.

Direct Push was introduced in Exchange Server 2003 SP2 as a means to ‘improve the user experience’. A Windows Mobile 5.0 device makes a HTTPS request to the Exchange server; if any changes occur on the Exchange server within the lifespan of this request, then a sync command is issued. If not, then a new request is made and so on. This means the time between a new message being received by the Exchange Server and it being picked up by the mobile device is reduced. Without Direct Push, Windows Mobile will synchronise with the Exchange Server adhering to a predefined schedule. I don’t think there’s any doubt that Direct Push was introduced in response to the Blackberry.

Whilst dealing with the initial configuration of my Exchange environment, I came across a few problems with Exchange Active sync. Despite enabling ActiveSync (Global Settings > Mobile Services > Properties > Exchange ActiveSync), my mobile devices kept failing to connect -- giving the error, “Synchronization failed due to an error on the server. Try again. Error code: HTTP_500”. After digging around in the application logs, I found the problem (http://support.microsoft.com/?kbid=817379). Exchange ActiveSync uses the /Exchange virtual directory to access DAV on the back-end server. If the /Exchange virtual directory on the back-end server is configured to require SSL or if forms-based authentication for OWA is enabled, then the synchronisation attempts will fail.

Microsoft offers two resolutions for this problem. The first is to install a Microsoft Exchange 2003 front-end server which can require SSL and have forms-based authentication enabled. The second is to create a second virtual directory for Exchange which doesn’t require SSL and then apply a registry change to point ActiveSync to the new directory rather than /Exchange. This may sound insecure, but access to this new virtual folder will be restricted to the Exchange Server itself via an IP exemption. You don’t need to allow unsecured HTTP access through your firewall so there is no additional exposure to external threats.

As I didn’t want to add a front-end server, I chose to take the Method 2 solution from the Knowledge Base, as follows:

1. Start Internet Information Services (IIS) Manager.

2. Locate the Exchange virtual directory. The default location is as follows:

Web Sites\Default Web Site\Exchange

3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.

4. In the File name box, type a name. For example, type ExchangeVDirConf. Click OK.

5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).

6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.

7. Under Select A Configuration To Import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."

8. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.

9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.

10. Click the Directory Security tab.

11. Under Authentication And Access Control, click Edit.

12. Make sure that only the following authentication methods are enabled, and then click OK:

• Integrated Windows authentication

• Basic authentication

13. Under IP Address And Domain Name Restrictions, click Edit.

14. Click Denied Access, click Add, click Single Computer, type the IP address of the server that you are configuring, and then click OK.

15. Under Secure Communications, click Edit. Make sure that Require Secure Channel (SSL) is not enabled, and then click OK.

16. Click OK, and then close the IIS Manager.

17. Click Start, click Run, type regedit, and then click OK.

18. Locate the following registry subkey:


19. Right-click Parameters, click to New, and then click String Value.

20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

Note ExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.

21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.

22. Quit Registry Editor.

23. Restart the IIS Admin service. To do this, follow these steps:

a. Click Start, click Run, type services.msc, and then click OK.

b. In the list of services, right-click IIS Admin service, and then click Restart.

After running through those steps, Exchange ActiveSync sprung to life. I must say that I’m impressed with the Calendar/Contact synchronisation—it’s a real pain not having my Blackberry calendar in sync with Exchange. Sure it syncs up if I connect to Blackberry desktop, but that rarely happens as it involves connecting USB cables or Bluetooth. I still haven’t had the opportunity to try out the Direct Push functionality as I don’t have any Windows Mobile 5.0 devices to use with it! Even without Direct Push, the scheduling can be set up so that during peak hours, the device synchronises every 5-10 minutes, which should be acceptable for most users. To save on data-usage, devices can be set to check for updates less frequently overnight and on weekends.

I think it’s a pretty good idea to have Exchange ActiveSync enabled if any of your users have Windows Mobile devices. Other than data usage, there are no additional costs incurred and the configuration is quite straightforward. Seamless synchronisation of personal information on mobile devices has always been a challenge, but it looks like Microsoft has done a good job with ActiveSync.

I’d be interested to hear people’s opinions on Windows Mobile vs. Blackberry. Is Direct Push a big deal or is scheduled polling good enough? Maybe you’ve moved from one platform to the other; leave a comment and give us your opinion.