How we recovered a stolen laptop with help from GFI Remote Monitoring, Prey Project, a dash of cunning and a little bit of luck!

A customer of ours recently called us up to request a quote for a replacement laptop because the one we had bought them only a few months earlier had been stolen in a burglary and they didn’t expect to ever see it again. The laptop (running Windows 7) was configured with Office 365 and the password was cached, so we reset the password for the account to prevent anyone abusing the account and at that point we thought we couldn’t do anything else to help.

The thought of getting the laptop back was the furthest thing from our minds (and our customers) because there was no software on it that we could use to gather information that could be used to recover it (or so we thought). We therefore started to search for a suitable replacement laptop and passed on the prices to our customer accordingly.

It was only after having a discussion in the office that Mark, my business partner mentioned about PreyProject and what a shame that it wasn’t already installed on the laptop. He did a bit of digging around on their website and found that there was a batch file that could silently install the software if only we could get the software on to the laptop.

We currently use GFI Max RemoteManagement to monitor our customers servers, computers and laptops and we could see that the laptop had been connected to the Internet on a new IP Address, so we started to record the IP Address (screen-shots of the laptop in the GFI Control Panel) and passed the information on to the Police. The Police would then be able to use the IP Address to trace the user at the date/time we recorded it and from that, trace the address and hopefully the laptop. That would all take time though and it was possible that the laptop would be moved to a different location and therefore getting the laptop back would take time and might not happen at all. GFI also records a multitude of information about the hardware including the Serial Number, Make and Model and I also passed this information to the Police to identify the laptop should they eventually get the opportunity to recover it.

Thinking more about GFI and what was available to us, one of the options available is to use a Script Check to perform remote commands. If only we could somehow come up with a script to remotely download and install PreyProject then we might be able to do more than just trace the IP Address, we could possibly get some web-cam pictures of the person using the laptop, some screen-shots of what they were doing and local Wi-Fi networks that were in the vicinity of the laptop. If only……..

So I set about writing a script that could download the .exe file and the batch installation file using FTP from my Draytek router (with memory stick plugged into it) and tested this locally, which worked very well. Testing the same script at a different location unfortunately didn’t work and so I gave up on the FTP route and searched for an alternative. The alternative that I came up with was to use BITSADMIN (Background Intelligent Transfer Service), which is used by Windows to download files for things like Windows Update and was of course installed on the laptop by default. After uploading the PreyProject .exe file and their installation batch file to our website, I wrote a script to download the files to the laptop and then run the installation. I then tested the script out on my laptop and it worked successfully.

My script which I eventually used looked like this:
@echo off
md c:\temp
bitsadmin /transfer myDownloadJob /download /priority high http://www.mywebsite.com/preyinstall.bat c:\temp\preyinstall.bat
bitsadmin /transfer myDownloadJob /download /priority high http://www.mywebsite.com/prey-0.5.3-win.exe c:\temp\prey-0.5.3-win.exe
c:
cd c:\temp
preyinstall MY_Prey_API_Key

(any script writers out there please forgive the very basic nature of the script – I am no batch-script writer – but it works!)

Having uploaded the script to GFI, I then assigned the script check to the stolen laptop and waited.

After a short while, the script came back with a Timeout Error. At that point I was disappointed because I had scheduled the script with the maximum timeout value of 150 seconds and it must have taken longer to run that the 150 seconds. I then set about checking the script to make sure all was well and couldn’t see a problem. I even started timing the downloads and for me it all worked well within the 150 seconds. So presumably the current laptop user was using a slower connection.

I decided to login to the Prey Project Control Panel to make sure there was space for the stolen laptop to be installed (on a free account you get 3 free spaces to monitor devices and I knew that I had one space left). I was very surprised at that point to see the stolen laptop appear in the list of Devices I could monitor and so I reported it as stolen, configured the settings to geo-location information, grab web-cam shots, screen-shots, Wi-Fi networks and anything else it could to help me locate the laptop. There are additional options available to lock the device, have the device make a noise, display a warning message on the screen and to hide emails, delete browser cookies and stored passwords, but I decided to leave those alone for now as I didn’t want to scare off the laptop user, I wanted to get the laptop back.

I set the PreyProject monitoring interval to the smallest interval available and waited to see what came back into the 10 available reporting slots available on a free account (this can be increased for a paltry $5.00 a month to a 2 minute interval and 100 reporting slots).

What initially came back was a very dark image of the laptop user playing games and their location was reported as being in Central London (it was night-time so the lighting wasn’t brilliant). I flagged my laptop as being stolen and waited for the first report back from that and when it came back, I was reported as being right next to the stolen laptop, which clearly wasn’t the case, so I didn’t pay much heed to the geo-location information and eventually turned it off.

I sat back and waited for more reports to come in and was rewarded the next time with a slightly clearer picture of the laptop user who was busy watching porn!

After a while, it seemed that the laptop user was aware of the webcam being used and the images then came back completely black, so I turned off the web-cam setting and continued to grab screen-shots and wi-fi networks etc.

The next day (during daytime), I turned the web-cam back on and ended up getting a very clear picture of the laptop user which I then passed along to the Police.

I continued to enable / disable the web-cam option and as my available slots for reports were filling up, decided I didn’t want to lose any good images of the laptop user, so upgraded my account and then increased the monitoring interval.

After several not very exciting reports with no new information, I then received the most interesting screen-shot that was to give the laptops location away precisely. They were writing a letter and had put their address and telephone number at the top of the letter and I had a screen-shot of the letter. The location wasn’t too far away from my own location, so I decided to pay the address a visit and took my iPhone with me to verify the Wi-Fi networks that were shown in the report.

Standing outside the address in the letter I turned on my Wi-Fi on my iPhone and took some screen-shots of the available networks and 5 of the networks that were captured using PreyProject matched the networks I could see. The laptop HAD to be close and thus the address on the letter had to be the laptop users address. I excitedly passed this information on to the Police and they then arranged for a Search Warrant from the Courts the next day and then paid the address a visit the following morning.

I then received a phone call from my customer to say that they had been contacted by the Police and that they could collect their laptop from them (with some proof of their identity) the following day, which they did. We are now restoring the laptop back to a pre-stolen date to remove traces of software that was installed during its absence and we heard that the insurance company was not going to pay out for the laptop because it was a work laptop and was not therefore technically covered on the household insurance from the house it was stolen from, so it was just as well we got it back.

So – if you don’t already have PreyProject installed on your iPad, iPhone, Laptop, Computer, Android phone, Apple Mac, Linux PC or anything else that it can be installed from, then what are you waiting for. If it gets stolen without PreyProject installed, you had better be one of our customers with Monitoring software installed or you can kiss it goodbye!

Advertisements

Apple Releases iOS 4.3 for iPhone and iPad

Today Apple have released their latest Operating System for the iPhone and iPad. As usual, if you want the upgrade, you will need to download the latest version of iTunes to be able to install it.

Benefits of the new OS include:

Airplay Enhancements
Safari Performance
iTunes Home Sharing
iPad Side Switch (you now have a choice of the action it performs)
Personal Hotspot for iPhone 4

The one key benefit (for me) is the ability to control what the Side Switch does on the iPad. In the original iPad OS – the Side Switch locked the screen rotation and stopped the screen from rotating from portrait to landscape and vice-versa if you rotated the iPad. On the next iOS for the iPad, the switch suddenly controlled the volume so that you could quickly mute the sound and the Rotation Lock involved Double-Pressing the home button, sliding to the settings screen and then unlocking or locking the screen – much more cumbersome.

Now you can choose between Screen Lock or Volume Mute in the General Settings – mine is back to Screen Lock!!

For more information about the new iOS 4.3- please visit this link:
http://www.apple.com/uk/ios/

iOS 4.3 is compatible with the following Apple Hardware:
iPhone 3GS
iPhone 4
iPod Touch 3rd Generation
iPod Touch 4th Generation
iPad
iPad 2

72 Hours after getting an iPad

Having now used the iPad for at least 72 hours, I thought I would write to advise my experiences with it so far.

After setting the iPad up (plugging it in to my laptop and opening up iTunes), the setup was completely painless. I had my emails, photos, music and apps synched quickly and easily.

I bought the 3G version and got a free mini-SIM card with the purchase and have inserted it into the iPad making use of the free SIM Eject tool that came with the iPad, but have yet to sign up to a 3G package – usually £2 for 1 days use, £10 for a 1Gb download capacity with a monthly recurring charge, or £15 for a 3Gb download capacity with a monthly recurring charge (O2).

One point that I noted was that the iPad will not charge via a USB connection from a PC as it requires 10 volts to charge and USB only pushes out 5 volts, so the power adapter that came with the iPad is an essential item. This came as a surprise as whilst plugged into my laptop, the battery symbol showed that it was not charging.

Another thing that I noticed was the absence of a Calculator App. Not the worlds biggest problem as the App Store does have a few other free ones floating about, but the iPhone comes with a Calculator App, so why not the iPad? It is very handy to have a calculator and I use it regularly on my iPhone when I run out of fingers!

A lot of the iPhone Apps do not work full-screen on the iPad. Not really a surprise, but they do work and display on an iPhone sized window in the middle of the screen. There is a 2x button you can press to make the size twice as big and for some Apps this is fine, but others look a little bit fuzzy. As a result, I have deleted some iPhone Apps and upgraded the m to iPad Apps and look forward to synching the iPad back with my laptop and then plugging my iPhone into my laptop and seeing what happens to the Apps on the iPhone.

Having only used the iPad on Wi-Fi so far and only having a Wireless G signal at home (I must upgrade at some point to Wireless N), I noticed that the Wi-Fi signal keeps dropping from time to time (possibly my router), so I kept getting prompted to sign up for a 3G service which I politely declined. After a short while, the signal was picked up again and all was well.

Surfing the web is a dream. It is fast and the pages load quickly. Still no Flash Player for the iPad or iPhone and apparently there is never going to be, so some sites like BBC News Website lack the ability to see video because they use Flash Player.

With the iPad, I bought the optional iPad Keyboard Dock which only seems to come is US style layout (@ and ” are swapped and the \ key is in the wrong place) which means I keep typing the wrong symbol for emails – but I will get there. The keyboard allows the iPad to sit upright which allows you to type into it more easily and cutting / pasting is made a million times easier because you have a shift key, control key and arrow keys.

Using the optional keyboard dock does make using the iPad much easier, so if you are considering buying an iPad, I would recommend spending the extra £50 (ouch) on a keyboard dock.

I love the instant on/off ability of the iPad (and iPhone) when you compare it to a laptop. With a laptop, you press the on/off button, wait a while, press CTRL + ALT + DELETE, enter your password, wait a while longer and then you can start to use the computer. This can take several minutes before you can do anything productive. With the iPad (and iPhone), you simply turn on the device, slide the unlock bar across the screen and/or enter your unlock code, select your App e.g., Safari and off you go. No waiting. No wireless network selection or waiting for the computer to find the wireless signal. No delays at all, which is a complete joy.

Battery life is much better than an iPhone. So far I have only had to charge it once and I have been using the iPad regularly for the past 3 days. It was useful having an 80% charge in the iPad when you buy it and the battery does not seem to run down at all when switched off, only when you are using it : )

I have already shown the iPad to one person and they are already talking about buying one instead of a new laptop. They only need a device for email, web and for photos. With an iPad they can do all of that and also read books, although that is not a huge selling point for me, it was a plus point for them.

So, in summary, the iPad is much like an iPhone only bigger, faster and with a decent battery life. There are lots of things it can’t do (no memory card slot, no USB socket), but what it can do, it does brilliantly.

iPad in hand and ready to go

So, having queued up for a good 2 hours this morning (9:30 – 11:30) outside Apple’s flagship store in Regent Street, London, I finally got my hands on an Apple iPad.

I will be unboxing it and playing with it as soon as I can – just need to lose the wife and kids for a week and then I can do some serious playing interspersed with sone weekend painting and decorating : (

The iPad I chose was the 32gb Wi-Fi with 3G which cost £599.00 and although I don’t plan to be spending much time on 3G, I also did not plan on switching from a Windows Mobile Phone to an iPhone (I just got one as a free upgrade purely for testing purposes), but after trying it out for a week or so, it made my life on Experts Exchange and the web in general a thousand times easier, so I hedged my bets and spent the extra £100 for the privilige of 3G.

The attached photos are of the queue outside the store in Hanover Square where the queue started, then once at the front of the Hanover Square queue, with security pass in hand, I joined a smaller queue just outside the store before being personally greeted and escorted inside the store to make my purchase.

Every customer to the store was greeted by the staff with lots of whooping, hollering and general enthusiasm to make them feel special, if not a little nausious!

Customers were limited to 2 iPads each, so it seemed rude not to buy one for a very good friend at the same time.

So, with iPad in hand, I am on the way home on the train, itching to unwrap and play.

Watch this space.

Exchange 2003 and Activesync Configuration and Troubleshooting

So, here is my guide to solving (most) Exchange 2003 and Activesync issues:

Pre-Requisites:

1. Make sure that you have Exchange Server 2003 Service Pack 2 Installed. Whilst Activesync will work with Exchange 2003 Service Pack 1, Service Pack 2 makes it a whole lot easier!

To check if you have it installed, open up Exchange System Manager (Start> Programs> Microsoft Exchange> System Manager). Then expand Servers, Right-Click your server and choose Properties. This will display whether you have SP2 installed or not.

If you do not have SP2 installed you can download it here – http://www.microsoft.com/downloads/details.aspx?FamilyID=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en

2. Ensure that TCP Port 443 is open (and forwarded) on your firewall to your Exchange server. You don’t need to open up any other ports to get Activesync working, just TCP port 443. You can check this on your Exchange Server at http://www.canyouseeme.org and you should see ‘Success’ if the port is open and forwarded correctly. If it isn’t open and forwarded, check your router and make sure you have the settings configured correctly.

3. Please check the LAN Adapter Binding order to make sure the NIC that Exchange is bound to is at the top of the list (Start> Run> [type] ncpa.cpl [press enter]> Advanced> Advanced Settings> Connections).

4. Open up IIS Manager (Start> Programs> Administrative Tools> Internet Information Services (IIS) Manager), expand ‘Web Sites’ then ‘Default Web Site’ then right-click on the relevant Virtual Directory (see below) and choose properties, then click on the Directory Security Tab):

Exchange 2003 (Not part of Small Business Server):

Exchange Virtual Directory
• Authentication = Integrated & Basic
• Default Domain = NETBIOS domain name – e.g., yourcompany* (no more than 15 characters)
• Realm = yourcompany.com
• IP Address Restrictions = Granted Access
• Secure Communications = Both Require SSL and Require 128-Bit Encryption NOT ticked (very important)

Microsoft-Server-Activesync Virtual Directory
• Authentication = Basic
• Default Domain = NETBIOS domain name – e.g., yourcompany* (no more than 15 characters)
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Both Require SSL and Require 128-Bit Encryption IS ticked

Public Virtual Directory
• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name – e.g., yourcompany* (no more than 15 characters)
• Realm = yourcompany.com
• IP Address Restrictions = Granted Access
• Secure Communications = Both Require SSL and Require 128-Bit Encryption IS ticked (very important)

Exchange 2003 (Part of Small Business Server):

Exchange Virtual Directory
• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name – e.g., yourcompany*
• Realm = yourcompany.com
• IP Address Restrictions = Granted Access
• Secure Communications = Both Require SSL and Require 128-Bit Encryption IS ticked (very important)

Microsoft-Server-Activesync Virtual Directory
• Authentication = Basic
• Default Domain = NETBIOS domain name – e.g., yourcompany*
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Both Require SSL and Require 128-Bit Encryption NOT ticked

Exchange-oma Virtual Directory
• Authentication = Integrated & Basic
• Default Domain = NETBIOS domain name – e.g., yourcompany*
• Realm = NETBIOS name
• IP Address Restrictions = Restricted to IP Address of Server
• Secure Communications = Both Require SSL and Require 128-Bit Encryption NOT ticked

OMA Virtual Directory
• Authentication = Basic
• Default Domain = NETBIOS domain name – e.g., yourcompany*
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Both Require SSL and Require 128-Bit Encryption NOT ticked

Public Virtual Directory
• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name – e.g., yourcompany* (no more than 15 characters)
• Realm = yourcompany.com
• IP Address Restrictions = Granted Access
• Secure Communications = Both Require SSL and Require 128-Bit Encryption IS ticked (very important)

The Domain / Realm parts can be left as “\” for the Domain and Blank (empty) for the Realm.  MS recommend it this way, but I have fixed some servers by adding the Domain / Realm as per the settings above.

* yourcompany can be determined by opening up a command prompt (Start> Run> [type] cmd [press enter]) and then typing ‘SET’ and pressing enter. The variable ‘USERDOMAIN’ is the info you should use for ‘yourcompany’. Most often – this is not required, but I have seen instances where simply adding this info has made Activesync work.

5. ASP.NET should be set to version 1.1 for all virtual directories listed above. If you cannot see the ASP.NET tab, you only have v 1.1 installed so do not worry. If any version other than 1.1 is selected, please change it to v 1.1.4322.

6. Make sure that you have HTTP Keep-Alives enabled. Right-Click on the Default Web Site and choose Properties. On the Web Site tab, in the Connections section, click the Enable HTTP Keep-Alives check box and click OK

7. Check that Ignore Client Certificates is selected under the IISADMPWD virtual directory / Directory Security Tab / Edit Secure Communications Button. This Virtual Directory may not exist if you have not setup the ability to reset passwords via Outlook Web Access (OWA). If it is not there – no worries.

IPV6
Please make sure that IPV6 is NOT installed on your server as this is known to break Activesync. (Start> Run> [type] ncpa.cpl [press enter]) Right-click on your Local Area Network Connection and choose Properties. Look under ‘This Connection Uses The Following Items:’ for Internet Protocol (TCP/IP) v6 – if it exists – uninstall it and reboot.

8. Ensure that the IP for the Default Website is set to All Unassigned and using port 80 (open up IIS manager, Right-Click the Default Website and choose properties, then on the Advanced button).

If your default website is using any port other than port 80, it simply will not work, so if you have changed this to make something else work, either change it back to port 80 or stop trying to use Activesync! Also make sure that you are not using any Host Headers on the Default Website (or any other website that you happen to have running that uses the same Host Header name that you are using on your SSL certificate) because this can/will also break Activesync.

If you make any changes to IIS, you will need to reset IIS settings. Please click on Start, Run and type IISRESET then press enter.

SSL Certificate
Make sure that the name on the SSL certificate you have installed matches the Fully Qualified Domain Name (FQDN) that you are connecting to for ActiveSync – for example, mail.microsoft.com. To check, right-click on the Default Web Site in IIS, choose Properties, click on the Directory Security Tab and then on the View Certificate Button.

If it does not match, either re-issue the certificate if you created it yourself, or re-key the certificate from your SSL certificate provider.

If you have a Small Business Server and don’t want to buy a 3rd Party SSL certificate, just re-run the ‘Connect To The Internet Wizard’, (Start> Server Management> To-Do List> Connect to the Internet).

Click Next. If the Wizard detects a Router – click No to leave the configuration alone.

Make sure ‘Do not change connection type’ is selected and click Next.

Leave the Web Services Configuration Settings as they are and click Next.

Select ‘Create a new Web server certificate’ and enter a ‘Web server name’ e.g., mail.yourdomain.com and click Next.

Select ‘Do not change Internet e-mail configuration’ and click Next.

Click Finish to complete the Wizard

If you have Windows Mobile Phones, Activesync is much easier to get working with a purchased SSL certificate. If you have a self-created SSL certificate and use Windows Mobile Phones, you will have to install the SSL certificate onto each and every Windows Mobile Phone that you want to use with your Exchange 2003 server. If you only have a handful of devices, then it won’t take long to do, but if you have dozens, a £30 1-Year SSL certificate is probably a very good investment. You can purchase a cheap, trusted SSL certificate from http://exchange-certificates.com that will work happily.

Windows Mobile Phone / iPhone Settings:

Email Address: Your Users Email Address
Server: Whatever name you have on your certificate e.g., mail.yourdomain.com (do not add /exchange or /oma or /anything)
Domain: Your internal Domain Name e.g., yourdomain (maximum 15 characters)
Username: Your Username e.g., User123
Password: The CORRECT password!
Description: Whatever you want to call the Account

Testing:

If you have got SP2 installed, check on https://testexchangeconnectivity.com to see if everything is working properly by running the Exchange Activesync check. The site is an official Microsoft site specifically for testing Exchange installations and connectivity.

Please select ‘Specify Manual Server Settings’ (Exchange 2003 does not have native Autodiscover enabled so using the Autodiscover settings will fail).

3rd Party SSL Certificate:

Do NOT check the “Ignore Trust for SSL” check box

Self-Certified SSL Certificate:

Check the “Ignore Trust for SSL” checkbox.

If you are trying to make an iPhone work, then you can also download the free iPhone App ‘Activesync Tester’ and this should identify any problems with your configuration, or download the version for your PC from https://store.accessmylan.com/main/diagnostic-tools

Various Activesync Errors / Solutions:

REMEMBER – If you make any changes to IIS settings, please run IISRESET and re-visit https://testexchangeconnectivity.com and re-run the test.

Activesync Error 0x86000108:

Activesync is unsuccessful and you see the error 0x86000108 on your Windows Mobile Device:
Please read the following MS Article which checks that Authenticated Users has write permissions to the %TEMP% directory (usually c:\windows\temp) – http://support.microsoft.com/kb/950796/en-us

Application Event Log 3005 Errors:

A lot of 3005 errors can be resolved by changing the Default Website Timeout value from 120 (default) to something greater, such as 480 using IIS Manager.
For Small Business Server 2003 Users – please read this MS article – http://support.microsoft.com/kb/937635

Inconsistent Sync:

If you are getting inconsistent Synchronisation from your device to your Exchange 2003 server, please add the following registry key to the server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan
ProactiveScanning REG_DWORD 1

HTTP 401 Error:

If you are getting an HTTP 401 error when testing on https://testexchangeconnectivity.com then you are probably entering an incorrect username or password, or you may have IP Address restrictions setup on your virtual directories (see IIS Settings above under prerequisites).

HTTP 403 Error:

Ensure that Forms Based Authentication is NOT turned on under Exchange Virtual Server under Exchange Protocols (Exchange System Manager, Servers, Protocols, HTTP, Exchange Virtual Server properties, Settings Tab). If it is – please read http://support.microsoft.com/kb/817379 and create an exchange-oma virtual directory following the instructions in the KB article.

I have had Activesync work despite seeing “An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is:

HTTP/1.1 403 Forbidden

” at the end of the test above. To resolve this (if you like things tidy), please open up Exchange System Manager, Global Settings, Mobile Services Properties, Device Security Button, Exceptions Button, then add your account to the exceptions list.

I have also seen the 403 error resolved by running:
eseutil /p
eseutil /d and
isinteg -s servername -fix -test alltests (at least twice)

Check to see if Activesync is enabled globally on your server – http://technet.microsoft.com/en-us/library/bb125073(EXCHG.65).aspx

Also check to see if it is enabled on a user by user basis – http://technet.microsoft.com/en-us/library/aa997489(EXCHG.65).aspx

HTTP 500 Error:

If you still cannot get Activesync to work or keep getting an HTTP 500 error, please follow Method 2 in Microsoft Knowledgebase Article KB883380 and this should resolve the issues. This essentially deletes the Exchange Virtual Directories from the IIS Metabase (which can be corrupted) and rebuilds them. When deleting the Exchange virtual Directories, please also delete the Exchange-OMA virtual directory if it exists. Rebuilding those virtual directories often clears up problems that all the other steps above do not resolve.

If, after following KB 883380, Activesync still does not work and it keeps coming up with HTTP 500 errors, please do the following:

• Disable Forms Based Authentication – Exchange HTTP Protocol (if enabled)
• Remove SSL settings from the Exchange IIS virtual directory
• Run iisreset
• Test Activesync without SSL selected – hopefully this should work or give the OK result
• If okay – right-click on the Exchange Virtual Directory and select all Tasks> Save Configuration to a file. Name the file Exchange and save to the desktop
• Run Regedit (and be extremely careful here as you can kill your server very easily) then right-click on My Computer and select Export. Name the file as ‘EntireRegistry’ and save the backup of the registry to the desktop
• In regedit – locate HKLM \ System \ CurrentControlSet \ Services \ MasSync \ Parameters and delete the ExchangeVDir key from the right-hand pane.
• Close Regedit
• Right-click on the default-website and select New> Virtual Directory fom File. Browse to the desktop and click on the Exchange.xml that you created above, then click on Read file, select Exchange from the ‘Select a configuration to import’ section and click on OK. Select ‘Create a new virtual Directory’ and name the directory ‘exchange-oma’ and click OK.
• Right-click on Exchange-OMA virtual directory you just created and click Browse – you should see OWA open up happily
• Open Regedit and add the ExchangeVDir key back that you recently deleted as a String Value and then change the value to read /exchange-oma
• Close regedit
• Enable SSL and require 128-Bit Encryption on the Exchange Virtual Directory to ensure it is secure once again
• Enable Forms Based Authentication (if you want to use it) on Exchange > Protocols> HTTP
• Make sure that Integrated Authentication is enabled on the Exchange Virtual Directory
• Check that the Exchweb virtual directory does not have SSL enabled
• Run iisreset
• Test Activesync – it should hopefully be working now!

If the above fails, please check you event logs for Event ID 9667 – Source MSExchangeIS. If this event exists, please have a read of MS KB820379

In a recent question on Experts-Exchange.com, I was advised that running the following command against the unmounted database solved an HTTP 500 error, so if you are still having issues, please try running the integrity check (from a command prompt):

Isinteg –s servername –fix –test alltests

Select the dismounted database and let the check run. If you see 0 errors and 0 fixes, then all is well. If not, please re-run the test until you do (as many times as it takes – two usually is ufficient).

If you are still reading this article and are still seeing HTTP 500 errors, then we need to check the settings on the EXCHWEB Virtual Directory in IIS Manager.

Exchweb Virtual Directory
• Authentication = Anonymous
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchweb \ Bin Directory
• Authentication = Basic
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchweb \ Bin \ Auth Directory
• Authentication = Anonymous
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchweb \ Bin \ Auth \ USA Directory
• Authentication = Basic
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

REMEMBER – If you make any changes to IIS settings, please run IISRESET and re-visit https://testexchangeconnectivity.com and re-run the test.

Recently added HTTP 500 Error solution for a server I worked on.

Hopefully if you are now at the bottom of my article, your mobile phones should now be synchronising happily. If that is not the case, please review your IIS Settings carefully and start at the top of this article again.

RECENT UPDATE (10/01/12) – A piece of software called [url=”http://fspro.net/hide-folders/”%5DHide Folders 2009[/url] has been found to install a service called “FSPRO Filter Service” and a dll called FSPFltd.sys (in c:\windows\system32\drivers).  This program breaks Activesync.  If you have Activesync part working / part not working, please check your server for this software and if it is there – disable the service, move / delete the .dll file and restart your server.  Once restarted, Activesync should return to normal functionality!

RECENT UPDATE (29/05/12) – Please make sure that the server does not have Microsoft Security Essentials installed as this will break Activesync.  If you find it is installed – please uninstall it.

Recent Update (10/07/13) – DO NOT INSTALL programs such as Disk Keeper on any server running Exchange as it too will break Activesync!

If you are still not working – then you will probably have to call Microsoft to get support from them as something else not covered by this article is causing your problems.

So, in summary, you have reviewed and checked the settings in IIS to ensure that Activesync will work on your Exchange 2003 server, you have made sure that you have Exchange 2003 Service Pack 2 installed and you have run a test to make sure that your server is responding happily and by now, your iPhones and Windows Mobile phones should be happily synchronising.

Having got this far – and hopefully fixing your problems – if you have found this article helpful, please vote for it at the top of the page : )

* * * Please rate this article below if you have found it helpful * * *