Troubleshooting
Setup
- IIS Logs – First, I set up a couple mailboxes on my phone to see what sort of sync errors I could produce when downloading emails to the phone. The IIS logs were not enabled on the Exchange servers either, so those were enabled for troubleshooting purposes as well.
- Active Sync Virtual Directory – For good measure, since ActiveSync had never worked, we decided to reset the ActiveSync Virtual Directory. In order to do this, log into the Exchange Server EAC. Click on the Servers tab on the left an then highlight the Microsoft ActiveSync virtual directory:
-
Then click on the Reset button:
- Diagnostic Logging –
After clicking on Reset, specify a location to save current settings to:
—- INTENTIONAL GAP —-
Testing
Initial tests on the phone revealed that a smartphone could download messages, but never send the messages. The mobile device did not report sync errors other than the fact that the emails that were outbound, ended up in the Outbox of the phone. Since there were no error codes on the phone, the next step was to review the IIS logs. The IIS logs did not reveal enough about the error or problem to troubleshoot it. The Event logs were not helpful either and did not provide troubleshooting clues either.
Where can we go from here? Luckily, ActiveSync also has a debug function that is well documented by Microsoft:
Exchange ActiveSync Mailbox Logging
Following the instructions of the article, we can turn on the logging using this one-liner:
Set-CASMailbox alias -ActiveSyncDebugLogging:$true
After the debug is setup, we can then try to sync and send email from the Smartphone to general some debug logs to analyze. After doing this a few times, we run this PowerShell cmdlets:
Get-ActiveSyncDeviceStatistics -Mailbox alias -GetMailboxLog:$true -NotificationEmailAddress <Recipient email address for logs>
When I reviewed the ActiveSync debug logs, I found a few messages like the below:
Command_WorkerThread_Exception :
— Exception start —
Exception type: System.ArgumentException
Exception message: imceaDomain must be a valid domain name. Domain value: *.domain1.com
Exception level: 0
Exception stack trace: at Microsoft.Exchange.Data.Storage.InboundConversionOptions..ctor(String imceaDomain)
at Microsoft.Exchange.AirSync.AirSyncUtility.GetInboundConversionOptions()
at Microsoft.Exchange.AirSync.SendMailBase.ParseMimeToMessage(MessageItem message)
at Microsoft.Exchange.AirSync.SendMailCommand.ExecuteCommand()
at Microsoft.Exchange.AirSync.Command.WorkerThread()
— Exception end —
The key line from the above is “imceaDomain must be a valid domain name. Domain value: *.domain1.com”. Doing research online revealed a lot of problems with invalid domains or domains not correctly configured. The client and I reviewed their Accepted domains and found that they had two wildcard domains configured in Accepted Domains for Exchange:
*.Domain1.Com
*.Domain2.com
The Solution
In order to fix the issue with ActiveSync, we would need to reset both of these domains and configured them as such:
Domain1.Com
Domain2.Com
The problem with this is that all mailboxes were configured to automatically pickup the email address policy to update their email addresses. Any changes to these lists could cause potential email address removal. We could verify that mailboxes were configured this way (which is a default setting) by using PowerShell:
Get-Mailbox | ft alias,EmailAddressPolicyEnabled
To remove this from all mailboxes in order to avoid causing issue with email address change, we run this in PowerShell:
Get-Mailbox |set-mailbox -EmailAddressPolicyEnabled $false
Because there were only two defined domains in Accepted Domains and both were wildcard domains, I created a dummy domain so I could remove the offending wildcard domains. Remember that one of these is configured as a default domain, which will need to be switches as well.
After the dummy Accepted Domain was created, we can make that domain the default domain:
Next, (in the GUI) remove the offending domain from the address policy:
Using PowerShell remove Accepted Domain(s) with the wildcard:
Remove-AcceptedDomain domain1.com Remove-AcceptedDomain domain2.com
Then the domains were added back without the wildcard – with PowerShell:
New-AcceptedDomain -DomainName domain1.com -DomainType Authoritative -Name domain1.com New-AcceptedDomain -DomainName domain2.com -DomainType Authoritative -Name domain2.com
For cleanup purposes, we did the following:
- Set Domain1.Com as the Default Domain
- Added Domain1.Com and Domain2.Com back to the address policy
- Reset the EmailAddressPolicyEnabled value on all mailboxes back to $true for those that were enabled. How can we do this?
Get-Mailbox |set-mailbox -EmailAddressPolicyEnabled $false
- Remove the logging on the user object
Get-CasMailbox Damian | Set-CASMailbox -ActiveSyncDebugLogging $False
Once these changes were completed all users could now send and receive emails from their devices.
