Hi All,

Apologies for cross posting. I am running Exchange 2003 (Standard and 
patched) and OWA over SSL and works
fine.

I am trying to get OMA working. I followed the KB 817379, where I created a
different virtual directory (excchange-oma, and followed to the dot the steps
in the artcle).

I am testing it through a web browser. I take it that I can not do a
http://myserver/exchange-oma as there is an IP access restriction in place
(as per KB 817379). Then again the Default Website access is SSL enabled (by
default , when you configure SSL OWA access), so I disabled SSL on the
Default Website but enabling SSL access on the Virtual Directores except for
OMA and exchange-oma (virtual directories). I also edited the registry and
set ...\MasSync\parameter value to \oma (instead of \exchange-oma), just in
case. 

When I do a http://myserver/oma, it gives " A System error has occurred
while processing your request..." after entering the logon credentials.

I am a bit confused by the claim that OMA works only over http and not 
https. I've seen posts here people tying to use OMA over SSL.

What am I missing?

Thanks in advance.

"Patrick"  wrote in message 
news:38313B6D-AC3E-4FA5-8063-13AF6DED9FAB@microsoft.com...
> Hi All,
>
> Apologies for cross posting. I am running Exchange 2003 (Standard and
> patched) and OWA over SSL and works
> fine.
>
> I am trying to get OMA working. I followed the KB 817379, where I created 
> a
> different virtual directory (excchange-oma, and followed to the dot the 
> steps
> in the artcle).
>
> I am testing it through a web browser. I take it that I can not do a
> http://myserver/exchange-oma as there is an IP access restriction in place
> (as per KB 817379). Then again the Default Website access is SSL enabled 
> (by
> default , when you configure SSL OWA access), so I disabled SSL on the
> Default Website but enabling SSL access on the Virtual Directores except 
> for
> OMA and exchange-oma (virtual directories). I also edited the registry and
> set ...\MasSync\parameter value to \oma (instead of \exchange-oma), just 
> in
> case.
>
> When I do a http://myserver/oma, it gives " A System error has occurred
> while processing your request..." after entering the logon credentials.
>
> I am a bit confused by the claim that OMA works only over http and not
> https. I've seen posts here people tying to use OMA over SSL.
>
> What am I missing?
>
> Thanks in advance.

You can use OMA via SSL, but OMA makes an internal call to Exchange on port 
80.  This means that if you use SSL with OWA, then you need to make a copy 
of the Exchange VDir as described.  You need to make sure that /exchange-oma 
is functioning, and is suitable for use with OMA.  Remove the IP address 
restriction (which isn't really necessary), and try browsing to 
http://servername/exchange-oma .  You should see a working copy of your 
normal OWA GUI.  Note that it must be available without your typing https at 
the beginning, and there must not be an automatic http->https redirect in 
place - in other words, if you type http in the URL, it must not have been 
changed to https when the OWA GUI is actually being displayed.

Lee.

-- 
______________________________________

Outlook Web Access For PDA , OWA For WAP
www.leederbyshire.com
email a@t leederbyshire d.0.t c.0.m
______________________________________

I have been using OMA over HTTPS for quite some while now without any 
problem.  One HUGE gotcha was the SSL cert - it needs to be the fully 
qualified name of the server - so if the server's name is SERVER1, in the 
SERVER.COM domain, then the SSL cert must be SERVER1.SERVER.COM and ideally 
should be a signed cert from an enterprise authority that is natively trusted 
on Windows Mobile.  If the cert is different, then you will not be able to 
use SSL/HTTPS, and instead will only be able to use non-encrypted traffic.
-- 
Christopher Smith
MCSE, MCITP:Messaging, CISSP

PS - If I was helpful in solving your issue - please let me know!  Indicate 
that it either answered your question, or was helpful in finding it!



"Patrick" wrote:

> Hi All,
> 
> Apologies for cross posting. I am running Exchange 2003 (Standard and 
> patched) and OWA over SSL and works
> fine.
> 
> I am trying to get OMA working. I followed the KB 817379, where I created a
> different virtual directory (excchange-oma, and followed to the dot the steps
> in the artcle).
> 
> I am testing it through a web browser. I take it that I can not do a
> http://myserver/exchange-oma as there is an IP access restriction in place
> (as per KB 817379). Then again the Default Website access is SSL enabled (by
> default , when you configure SSL OWA access), so I disabled SSL on the
> Default Website but enabling SSL access on the Virtual Directores except for
> OMA and exchange-oma (virtual directories). I also edited the registry and
> set ...\MasSync\parameter value to \oma (instead of \exchange-oma), just in
> case. 
> 
> When I do a http://myserver/oma, it gives " A System error has occurred
> while processing your request..." after entering the logon credentials.
> 
> I am a bit confused by the claim that OMA works only over http and not 
> https. I've seen posts here people tying to use OMA over SSL.
> 
> What am I missing?
> 
> Thanks in advance.

Hi Lee,

Thank you for your prompt and very informative response.

I removed the IP access restriction placed on /exchange-oma and yes, then I 
can do a http://myserver.com/exchange-oma.

How do I get OMA to work over SSL? 

Thanks and Kind Regards

Patrick

"Lee Derbyshire [MVP]" wrote:

> "Patrick"  wrote in message 
> news:38313B6D-AC3E-4FA5-8063-13AF6DED9FAB@microsoft.com...
> > Hi All,
> >
> > Apologies for cross posting. I am running Exchange 2003 (Standard and
> > patched) and OWA over SSL and works
> > fine.
> >
> > I am trying to get OMA working. I followed the KB 817379, where I created 
> > a
> > different virtual directory (excchange-oma, and followed to the dot the 
> > steps
> > in the artcle).
> >
> > I am testing it through a web browser. I take it that I can not do a
> > http://myserver/exchange-oma as there is an IP access restriction in place
> > (as per KB 817379). Then again the Default Website access is SSL enabled 
> > (by
> > default , when you configure SSL OWA access), so I disabled SSL on the
> > Default Website but enabling SSL access on the Virtual Directores except 
> > for
> > OMA and exchange-oma (virtual directories). I also edited the registry and
> > set ...\MasSync\parameter value to \oma (instead of \exchange-oma), just 
> > in
> > case.
> >
> > When I do a http://myserver/oma, it gives " A System error has occurred
> > while processing your request..." after entering the logon credentials.
> >
> > I am a bit confused by the claim that OMA works only over http and not
> > https. I've seen posts here people tying to use OMA over SSL.
> >
> > What am I missing?
> >
> > Thanks in advance.
> 
> You can use OMA via SSL, but OMA makes an internal call to Exchange on port 
> 80.  This means that if you use SSL with OWA, then you need to make a copy 
> of the Exchange VDir as described.  You need to make sure that /exchange-oma 
> is functioning, and is suitable for use with OMA.  Remove the IP address 
> restriction (which isn't really necessary), and try browsing to 
> http://servername/exchange-oma .  You should see a working copy of your 
> normal OWA GUI.  Note that it must be available without your typing https at 
> the beginning, and there must not be an automatic http->https redirect in 
> place - in other words, if you type http in the URL, it must not have been 
> changed to https when the OWA GUI is actually being displayed.
> 
> Lee.
> 
> -- 
> ______________________________________
> 
> Outlook Web Access For PDA , OWA For WAP
> www.leederbyshire.com
> email a@t leederbyshire d.0.t c.0.m
> ______________________________________ 
> 
> 
>

Does it work without SSL?  I got the impression that it wasn't working at 
all.  If it does work okay without SSL, then to make it work with SSL (and 
assuming that you have a certificate installed on the server), look at the 
properties of the OMA VDir in IIS Manager, and select the 'Require Secure 
Channel' checkbox.


"Patrick"  wrote in message 
news:E7E3EDC7-389A-48EA-BCB7-EF57DBB664B3@microsoft.com...
> Hi Lee,
>
> Thank you for your prompt and very informative response.
>
> I removed the IP access restriction placed on /exchange-oma and yes, then 
> I
> can do a http://myserver.com/exchange-oma.
>
> How do I get OMA to work over SSL?
>
> Thanks and Kind Regards
>
> Patrick
>
> "Lee Derbyshire [MVP]" wrote:
>
>> "Patrick"  wrote in message
>> news:38313B6D-AC3E-4FA5-8063-13AF6DED9FAB@microsoft.com...
>> > Hi All,
>> >
>> > Apologies for cross posting. I am running Exchange 2003 (Standard and
>> > patched) and OWA over SSL and works
>> > fine.
>> >
>> > I am trying to get OMA working. I followed the KB 817379, where I 
>> > created
>> > a
>> > different virtual directory (excchange-oma, and followed to the dot the
>> > steps
>> > in the artcle).
>> >
>> > I am testing it through a web browser. I take it that I can not do a
>> > http://myserver/exchange-oma as there is an IP access restriction in 
>> > place
>> > (as per KB 817379). Then again the Default Website access is SSL 
>> > enabled
>> > (by
>> > default , when you configure SSL OWA access), so I disabled SSL on the
>> > Default Website but enabling SSL access on the Virtual Directores 
>> > except
>> > for
>> > OMA and exchange-oma (virtual directories). I also edited the registry 
>> > and
>> > set ...\MasSync\parameter value to \oma (instead of \exchange-oma), 
>> > just
>> > in
>> > case.
>> >
>> > When I do a http://myserver/oma, it gives " A System error has occurred
>> > while processing your request..." after entering the logon credentials.
>> >
>> > I am a bit confused by the claim that OMA works only over http and not
>> > https. I've seen posts here people tying to use OMA over SSL.
>> >
>> > What am I missing?
>> >
>> > Thanks in advance.
>>
>> You can use OMA via SSL, but OMA makes an internal call to Exchange on 
>> port
>> 80.  This means that if you use SSL with OWA, then you need to make a 
>> copy
>> of the Exchange VDir as described.  You need to make sure that 
>> /exchange-oma
>> is functioning, and is suitable for use with OMA.  Remove the IP address
>> restriction (which isn't really necessary), and try browsing to
>> http://servername/exchange-oma .  You should see a working copy of your
>> normal OWA GUI.  Note that it must be available without your typing https 
>> at
>> the beginning, and there must not be an automatic http->https redirect in
>> place - in other words, if you type http in the URL, it must not have 
>> been
>> changed to https when the OWA GUI is actually being displayed.
>>
>> Lee.
>>
>> -- 
>> ______________________________________
>>
>> Outlook Web Access For PDA , OWA For WAP
>> www.leederbyshire.com
>> email a@t leederbyshire d.0.t c.0.m
>> ______________________________________
>>
>>
>>

Hi Lee,

1. Sorry, i wasn't clear -  Yes it does work without SSL.  I am at the 
moment testing through a web browser on my desktop (IE and Firefox), though.

2. When I enable SSL on /exchange-oma, I get to key-in my credentials 
(username,password) but I get the following error:
"A System error has occurred while processing your request. Please try 
again. If the problem persists, contact your administrator."

Thanks in advance.

Patrick

"Lee Derbyshire [MVP]" wrote:

> Does it work without SSL?  I got the impression that it wasn't working at 
> all.  If it does work okay without SSL, then to make it work with SSL (and 
> assuming that you have a certificate installed on the server), look at the 
> properties of the OMA VDir in IIS Manager, and select the 'Require Secure 
> Channel' checkbox.
> 
> 
> "Patrick"  wrote in message 
> news:E7E3EDC7-389A-48EA-BCB7-EF57DBB664B3@microsoft.com...
> > Hi Lee,
> >
> > Thank you for your prompt and very informative response.
> >
> > I removed the IP access restriction placed on /exchange-oma and yes, then 
> > I
> > can do a http://myserver.com/exchange-oma.
> >
> > How do I get OMA to work over SSL?
> >
> > Thanks and Kind Regards
> >
> > Patrick
> >

I forgot to mention the following error recorded in the Events log:

"An unknown error occurred while processing the current request:
Message: Object reference not set to an instance of an object.
Source: Microsoft.Exchange.OMA.UserInterface
Stack trace:
   at 
Microsoft.Exchange.OMA.UserInterface.Global.Application_PreRequestHandlerExecute(Object sender, EventArgs e)
   at 
System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& 
completedSynchronously)
An unknown error occurred while processing the current request:
Message: Object reference not set to an instance of an object.
Source: Microsoft.Exchange.OMA.UserInterface
Stack trace:
   at 
Microsoft.Exchange.OMA.UserInterface.Global.Application_PreRequestHandlerExecute(Object sender, EventArgs e)
   at 
System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& 
completedSynchronously) "

Thanks again.

Patrick


"Patrick" wrote:

> Hi Lee,
> 
> 1. Sorry, i wasn't clear -  Yes it does work without SSL.  I am at the 
> moment testing through a web browser on my desktop (IE and Firefox), though.
> 
> 2. When I enable SSL on /exchange-oma, I get to key-in my credentials 
> (username,password) but I get the following error:
> "A System error has occurred while processing your request. Please try 
> again. If the problem persists, contact your administrator."
> 
> Thanks in advance.
> 
> Patrick
> 
> "Lee Derbyshire [MVP]" wrote:
> 
> > Does it work without SSL?  I got the impression that it wasn't working at 
> > all.  If it does work okay without SSL, then to make it work with SSL (and 
> > assuming that you have a certificate installed on the server), look at the 
> > properties of the OMA VDir in IIS Manager, and select the 'Require Secure 
> > Channel' checkbox.
> > 
> > 
> > "Patrick"  wrote in message 
> > news:E7E3EDC7-389A-48EA-BCB7-EF57DBB664B3@microsoft.com...
> > > Hi Lee,
> > >
> > > Thank you for your prompt and very informative response.
> > >
> > > I removed the IP access restriction placed on /exchange-oma and yes, then 
> > > I
> > > can do a http://myserver.com/exchange-oma.
> > >
> > > How do I get OMA to work over SSL?
> > >
> > > Thanks and Kind Regards
> > >
> > > Patrick
> > >
>

You should not enable SSL on /exchange-oma .  That is now an SSL-free copy 
of /Exchange for internal use by OMA.  You can enable SSL on /Exchange if 
you want to secure your OWA, and you can enable SSL on your /OMA if you want 
to secure OMA, but /exchange-oma can not have SSL required.

"Patrick"  wrote in message 
news:D8C7D069-5F8D-49E5-960C-95A9B5D21E57@microsoft.com...
>I forgot to mention the following error recorded in the Events log:
>
> "An unknown error occurred while processing the current request:
> Message: Object reference not set to an instance of an object.
> Source: Microsoft.Exchange.OMA.UserInterface
> Stack trace:
>   at
> Microsoft.Exchange.OMA.UserInterface.Global.Application_PreRequestHandlerExecute(Object 
> sender, EventArgs e)
>   at
> System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
>   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously)
> An unknown error occurred while processing the current request:
> Message: Object reference not set to an instance of an object.
> Source: Microsoft.Exchange.OMA.UserInterface
> Stack trace:
>   at
> Microsoft.Exchange.OMA.UserInterface.Global.Application_PreRequestHandlerExecute(Object 
> sender, EventArgs e)
>   at
> System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
>   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously) "
>
> Thanks again.
>
> Patrick
>
>
> "Patrick" wrote:
>
>> Hi Lee,
>>
>> 1. Sorry, i wasn't clear -  Yes it does work without SSL.  I am at the
>> moment testing through a web browser on my desktop (IE and Firefox), 
>> though.
>>
>> 2. When I enable SSL on /exchange-oma, I get to key-in my credentials
>> (username,password) but I get the following error:
>> "A System error has occurred while processing your request. Please try
>> again. If the problem persists, contact your administrator."
>>
>> Thanks in advance.
>>
>> Patrick
>>
>> "Lee Derbyshire [MVP]" wrote:
>>
>> > Does it work without SSL?  I got the impression that it wasn't working 
>> > at
>> > all.  If it does work okay without SSL, then to make it work with SSL 
>> > (and
>> > assuming that you have a certificate installed on the server), look at 
>> > the
>> > properties of the OMA VDir in IIS Manager, and select the 'Require 
>> > Secure
>> > Channel' checkbox.
>> >
>> >
>> > "Patrick"  wrote in message
>> > news:E7E3EDC7-389A-48EA-BCB7-EF57DBB664B3@microsoft.com...
>> > > Hi Lee,
>> > >
>> > > Thank you for your prompt and very informative response.
>> > >
>> > > I removed the IP access restriction placed on /exchange-oma and yes, 
>> > > then
>> > > I
>> > > can do a http://myserver.com/exchange-oma.
>> > >
>> > > How do I get OMA to work over SSL?
>> > >
>> > > Thanks and Kind Regards
>> > >
>> > > Patrick
>> > >
>>

Hi Lee,

Does that mean you are connecting through http from your mobile device? I 
thought you can use SSL for OMA as well for securing those connections. Is it 
not?

Thank you  for your replies.

Patrick



"Lee Derbyshire [MVP]" wrote:

> You should not enable SSL on /exchange-oma .  That is now an SSL-free copy 
> of /Exchange for internal use by OMA.  You can enable SSL on /Exchange if 
> you want to secure your OWA, and you can enable SSL on your /OMA if you want 
> to secure OMA, but /exchange-oma can not have SSL required.
>

Yes, you can use SSL for OMA, but not in the way you were trying to do it. 
You tried to use SSL on exchange-oma, but the exchange-oma VDir is for 
internal use (by the server itself) only.  So, you can require SSL on OMA, 
and then go to https://servername/oma on your device.  The connection 
between your device and the server is using SSL.  Then, OMA on the server 
makes its own internal request to exchange-oma (this is how the WebDAV API 
works - via HTTP requests), but it can only do so on port 80, which means 
that you can't require SSL on exchange-oma.

Normally, OMA would send its requests to Exchange (i.e. your OWA directory), 
but if you require SSL on Exchange, OMA can't work any more (because it can 
only use port 80 internally).  That is why you clone the Exchange VDir to 
the exchange-oma one and use the registry entry to persuade OMA to use that, 
instead.  You are not meant to use the exchange-oma VDir for direct client 
access (i.e. you are not meant to go to http://server/exchange-oma , 
although you can do if you want), that is why you can put an IP address 
restriction on it, if you want to.

"Patrick"  wrote in message 
news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
> Hi Lee,
>
> Does that mean you are connecting through http from your mobile device? I
> thought you can use SSL for OMA as well for securing those connections. Is 
> it
> not?
>
> Thank you  for your replies.
>
> Patrick
>
>
>
> "Lee Derbyshire [MVP]" wrote:
>
>> You should not enable SSL on /exchange-oma .  That is now an SSL-free 
>> copy
>> of /Exchange for internal use by OMA.  You can enable SSL on /Exchange if
>> you want to secure your OWA, and you can enable SSL on your /OMA if you 
>> want
>> to secure OMA, but /exchange-oma can not have SSL required.
>>
>

Hi Lee,

OK. This was my "original" understanding too, but when it did not work  for 
me, I was in a bit of confusion. [I had SSL enabled on /oma and only basic 
authentication & no SSL on /exchange-oma VDir]. It gave me the error ""A 
System error has occurred while processing your request. Please try 
again. If the problem persists, contact your administrator."  I tried it 
again just a few minutes ago and still the same error. 

However, one thing I missed -  I should have looked at the eventlog a bit 
more closer -  The event log records:
 "An unknown error occurred while processing the current request:
Message: No ServicesObject found!
Source: Microsoft.Exchange.OMA.UserInterface
.... etc etc"

Does " No ServicesObject found!" in the above error  shed any clue?


Thanks and Regards

Patrick


"Lee Derbyshire [MVP]" wrote:

> Yes, you can use SSL for OMA, but not in the way you were trying to do it. 
> You tried to use SSL on exchange-oma, but the exchange-oma VDir is for 
> internal use (by the server itself) only.  So, you can require SSL on OMA, 
> and then go to https://servername/oma on your device.  The connection 
> between your device and the server is using SSL.  Then, OMA on the server 
> makes its own internal request to exchange-oma (this is how the WebDAV API 
> works - via HTTP requests), but it can only do so on port 80, which means 
> that you can't require SSL on exchange-oma.
> 
> Normally, OMA would send its requests to Exchange (i.e. your OWA directory), 
> but if you require SSL on Exchange, OMA can't work any more (because it can 
> only use port 80 internally).  That is why you clone the Exchange VDir to 
> the exchange-oma one and use the registry entry to persuade OMA to use that, 
> instead.  You are not meant to use the exchange-oma VDir for direct client 
> access (i.e. you are not meant to go to http://server/exchange-oma , 
> although you can do if you want), that is why you can put an IP address 
> restriction on it, if you want to.
> 
> "Patrick"  wrote in message 
> news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
> > Hi Lee,
> >
> > Does that mean you are connecting through http from your mobile device? I
> > thought you can use SSL for OMA as well for securing those connections. Is 
> > it
> > not?
> >
> > Thank you  for your replies.
> >
> > Patrick
> >
> >
> >
> > "Lee Derbyshire [MVP]" wrote:
> >
> >> You should not enable SSL on /exchange-oma .  That is now an SSL-free 
> >> copy
> >> of /Exchange for internal use by OMA.  You can enable SSL on /Exchange if
> >> you want to secure your OWA, and you can enable SSL on your /OMA if you 
> >> want
> >> to secure OMA, but /exchange-oma can not have SSL required.
> >>
> > 
> 
> 
>

Can you show the contents of the IIS Log File when you try to use OMA?  You 
should see requests to OMA followed by requests to exchange-oma.


"Patrick"  wrote in message 
news:3FECE55A-074B-489F-8403-E3D81DE5F1A6@microsoft.com...
> Hi Lee,
>
> OK. This was my "original" understanding too, but when it did not work 
> for
> me, I was in a bit of confusion. [I had SSL enabled on /oma and only basic
> authentication & no SSL on /exchange-oma VDir]. It gave me the error ""A
> System error has occurred while processing your request. Please try
> again. If the problem persists, contact your administrator."  I tried it
> again just a few minutes ago and still the same error.
>
> However, one thing I missed -  I should have looked at the eventlog a bit
> more closer -  The event log records:
> "An unknown error occurred while processing the current request:
> Message: No ServicesObject found!
> Source: Microsoft.Exchange.OMA.UserInterface
> .... etc etc"
>
> Does " No ServicesObject found!" in the above error  shed any clue?
>
>
> Thanks and Regards
>
> Patrick
>
>
> "Lee Derbyshire [MVP]" wrote:
>
>> Yes, you can use SSL for OMA, but not in the way you were trying to do 
>> it.
>> You tried to use SSL on exchange-oma, but the exchange-oma VDir is for
>> internal use (by the server itself) only.  So, you can require SSL on 
>> OMA,
>> and then go to https://servername/oma on your device.  The connection
>> between your device and the server is using SSL.  Then, OMA on the server
>> makes its own internal request to exchange-oma (this is how the WebDAV 
>> API
>> works - via HTTP requests), but it can only do so on port 80, which means
>> that you can't require SSL on exchange-oma.
>>
>> Normally, OMA would send its requests to Exchange (i.e. your OWA 
>> directory),
>> but if you require SSL on Exchange, OMA can't work any more (because it 
>> can
>> only use port 80 internally).  That is why you clone the Exchange VDir to
>> the exchange-oma one and use the registry entry to persuade OMA to use 
>> that,
>> instead.  You are not meant to use the exchange-oma VDir for direct 
>> client
>> access (i.e. you are not meant to go to http://server/exchange-oma ,
>> although you can do if you want), that is why you can put an IP address
>> restriction on it, if you want to.
>>
>> "Patrick"  wrote in message
>> news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
>> > Hi Lee,
>> >
>> > Does that mean you are connecting through http from your mobile device? 
>> > I
>> > thought you can use SSL for OMA as well for securing those connections. 
>> > Is
>> > it
>> > not?
>> >
>> > Thank you  for your replies.
>> >
>> > Patrick
>> >
>> >
>> >
>> > "Lee Derbyshire [MVP]" wrote:
>> >
>> >> You should not enable SSL on /exchange-oma .  That is now an SSL-free
>> >> copy
>> >> of /Exchange for internal use by OMA.  You can enable SSL on /Exchange 
>> >> if
>> >> you want to secure your OWA, and you can enable SSL on your /OMA if 
>> >> you
>> >> want
>> >> to secure OMA, but /exchange-oma can not have SSL required.
>> >>
>> >
>>
>>
>>

Hi Lee,

Here it is. I can not see any reference to /exchange-oma VDir anywhere in 
the entire log. I've masked first three octects of the IP#s as they belong to 
a public range.
Thank you kindly for your assistance. Truely appreciated.

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port 
cs-username c-ip cs(User-Agent) cs-host sc-status sc-substatus 
2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 - aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 2
2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 AD-MICRRH\liyanagel 
aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 301 0
2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/ - 443 - aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 2
2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 
AD-MICRRH\liyanagel aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 302 0
2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 2
2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 
AD-MICRRH\liyanagel aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 5
2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 1
2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 
AD-MICRRH\liyanagel aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 200 0
2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443 - 
aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 1
2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443 
AD-MICRRH\liyanagel aaa.bbb.ccc.79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 5


Patrick.

"Lee Derbyshire [MVP]" wrote:

> 
> Can you show the contents of the IIS Log File when you try to use OMA?  You 
> should see requests to OMA followed by requests to exchange-oma.
> 
> 
> "Patrick"  wrote in message 
> news:3FECE55A-074B-489F-8403-E3D81DE5F1A6@microsoft.com...
> > Hi Lee,
> >
> > OK. This was my "original" understanding too, but when it did not work 
> > for
> > me, I was in a bit of confusion. [I had SSL enabled on /oma and only basic
> > authentication & no SSL on /exchange-oma VDir]. It gave me the error ""A
> > System error has occurred while processing your request. Please try
> > again. If the problem persists, contact your administrator."  I tried it
> > again just a few minutes ago and still the same error.
> >
> > However, one thing I missed -  I should have looked at the eventlog a bit
> > more closer -  The event log records:
> > "An unknown error occurred while processing the current request:
> > Message: No ServicesObject found!
> > Source: Microsoft.Exchange.OMA.UserInterface
> > .... etc etc"
> >
> > Does " No ServicesObject found!" in the above error  shed any clue?
> >
> >
> > Thanks and Regards
> >
> > Patrick
> >
> >
> > "Lee Derbyshire [MVP]" wrote:
> >
> >> Yes, you can use SSL for OMA, but not in the way you were trying to do 
> >> it.
> >> You tried to use SSL on exchange-oma, but the exchange-oma VDir is for
> >> internal use (by the server itself) only.  So, you can require SSL on 
> >> OMA,
> >> and then go to https://servername/oma on your device.  The connection
> >> between your device and the server is using SSL.  Then, OMA on the server
> >> makes its own internal request to exchange-oma (this is how the WebDAV 
> >> API
> >> works - via HTTP requests), but it can only do so on port 80, which means
> >> that you can't require SSL on exchange-oma.
> >>
> >> Normally, OMA would send its requests to Exchange (i.e. your OWA 
> >> directory),
> >> but if you require SSL on Exchange, OMA can't work any more (because it 
> >> can
> >> only use port 80 internally).  That is why you clone the Exchange VDir to
> >> the exchange-oma one and use the registry entry to persuade OMA to use 
> >> that,
> >> instead.  You are not meant to use the exchange-oma VDir for direct 
> >> client
> >> access (i.e. you are not meant to go to http://server/exchange-oma ,
> >> although you can do if you want), that is why you can put an IP address
> >> restriction on it, if you want to.
> >>
> >> "Patrick"  wrote in message
> >> news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
> >> > Hi Lee,
> >> >
> >> > Does that mean you are connecting through http from your mobile device? 
> >> > I
> >> > thought you can use SSL for OMA as well for securing those connections. 
> >> > Is
> >> > it
> >> > not?
> >> >
> >> > Thank you  for your replies.
> >> >
> >> > Patrick
> >> >
> >> >
> >> >
> >> > "Lee Derbyshire [MVP]" wrote:
> >> >
> >> >> You should not enable SSL on /exchange-oma .  That is now an SSL-free
> >> >> copy
> >> >> of /Exchange for internal use by OMA.  You can enable SSL on /Exchange 
> >> >> if
> >> >> you want to secure your OWA, and you can enable SSL on your /OMA if 
> >> >> you
> >> >> want
> >> >> to secure OMA, but /exchange-oma can not have SSL required.
> >> >>
> >> >
> >>
> >>
> >> 
> 
> 
>

Lee,

Just a revision to my email. When I accesses /exchange-oma (through http, of 
course), I can  obviuosly logon as evdent in the following IIS log snippet:

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port 
cs-username c-ip cs(User-Agent) cs-host sc-status sc-substatus 
2008-05-15 05:13:43 aaa.bbb.ccc12 GET /exchange-oma - 80 - aaa.bbb.ccc79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 2
2008-05-15 05:14:04 aaa.bbb.ccc12 GET /exchange-oma - 80 liyanagel 
aaa.bbb.ccc79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 302 0
2008-05-15 05:14:04 aaa.bbb.ccc12 GET /exchange-oma/ - 80 liyanagel 
aaa.bbb.ccc79 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 200 0
2008-05-15 05:14:04 aaa.bbb.ccc12 GET /exchange-oma/lakshman.liyanage/ 
Cmd=navbar 80 liyanagel aaa.bbb.ccc79 

"Patrick" wrote:

> Hi Lee,
> 
> Here it is. I can not see any reference to /exchange-oma VDir anywhere in 
> the entire log. I've masked first three octects of the IP#s as they belong to 
> a public range.
> Thank you kindly for your assistance. Truely appreciated.
> 
> #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port 
> cs-username c-ip cs(User-Agent) cs-host sc-status sc-substatus 
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 - aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 2
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 AD-MICRRH\liyanagel 
> aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 301 0
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/ - 443 - aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 2
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 
> AD-MICRRH\liyanagel aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 302 0
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 2
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 
> AD-MICRRH\liyanagel aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 5
> 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 1
> 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 
> AD-MICRRH\liyanagel aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 200 0
> 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443 - 
> aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 1
> 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443 
> AD-MICRRH\liyanagel aaa.bbb.ccc.79 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) ad-micrrh05 401 5
> 
> 
> Patrick.
> 
> "Lee Derbyshire [MVP]" wrote:
> 
> > 
> > Can you show the contents of the IIS Log File when you try to use OMA?  You 
> > should see requests to OMA followed by requests to exchange-oma.
> > 
> > 
> > "Patrick"  wrote in message 
> > news:3FECE55A-074B-489F-8403-E3D81DE5F1A6@microsoft.com...
> > > Hi Lee,
> > >
> > > OK. This was my "original" understanding too, but when it did not work 
> > > for
> > > me, I was in a bit of confusion. [I had SSL enabled on /oma and only basic
> > > authentication & no SSL on /exchange-oma VDir]. It gave me the error ""A
> > > System error has occurred while processing your request. Please try
> > > again. If the problem persists, contact your administrator."  I tried it
> > > again just a few minutes ago and still the same error.
> > >
> > > However, one thing I missed -  I should have looked at the eventlog a bit
> > > more closer -  The event log records:
> > > "An unknown error occurred while processing the current request:
> > > Message: No ServicesObject found!
> > > Source: Microsoft.Exchange.OMA.UserInterface
> > > .... etc etc"
> > >
> > > Does " No ServicesObject found!" in the above error  shed any clue?
> > >
> > >
> > > Thanks and Regards
> > >
> > > Patrick
> > >
> > >
> > > "Lee Derbyshire [MVP]" wrote:
> > >
> > >> Yes, you can use SSL for OMA, but not in the way you were trying to do 
> > >> it.
> > >> You tried to use SSL on exchange-oma, but the exchange-oma VDir is for
> > >> internal use (by the server itself) only.  So, you can require SSL on 
> > >> OMA,
> > >> and then go to https://servername/oma on your device.  The connection
> > >> between your device and the server is using SSL.  Then, OMA on the server
> > >> makes its own internal request to exchange-oma (this is how the WebDAV 
> > >> API
> > >> works - via HTTP requests), but it can only do so on port 80, which means
> > >> that you can't require SSL on exchange-oma.
> > >>
> > >> Normally, OMA would send its requests to Exchange (i.e. your OWA 
> > >> directory),
> > >> but if you require SSL on Exchange, OMA can't work any more (because it 
> > >> can
> > >> only use port 80 internally).  That is why you clone the Exchange VDir to
> > >> the exchange-oma one and use the registry entry to persuade OMA to use 
> > >> that,
> > >> instead.  You are not meant to use the exchange-oma VDir for direct 
> > >> client
> > >> access (i.e. you are not meant to go to http://server/exchange-oma ,
> > >> although you can do if you want), that is why you can put an IP address
> > >> restriction on it, if you want to.
> > >>
> > >> "Patrick"  wrote in message
> > >> news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
> > >> > Hi Lee,
> > >> >
> > >> > Does that mean you are connecting through http from your mobile device? 
> > >> > I
> > >> > thought you can use SSL for OMA as well for securing those connections. 
> > >> > Is
> > >> > it
> > >> > not?
> > >> >
> > >> > Thank you  for your replies.
> > >> >
> > >> > Patrick
> > >> >
> > >> >
> > >> >
> > >> > "Lee Derbyshire [MVP]" wrote:
> > >> >
> > >> >> You should not enable SSL on /exchange-oma .  That is now an SSL-free
> > >> >> copy
> > >> >> of /Exchange for internal use by OMA.  You can enable SSL on /Exchange 
> > >> >> if
> > >> >> you want to secure your OWA, and you can enable SSL on your /OMA if 
> > >> >> you
> > >> >> want
> > >> >> to secure OMA, but /exchange-oma can not have SSL required.
> > >> >>
> > >> >
> > >>
> > >>
> > >> 
> > 
> > 
> >

Hmm.  Something is going wrong before it even tries to access your 
exchange-oma VDir.  When it tries to POST to /oma/oma.aspx , it is getting a 
401;5 response.  This is a rather unusual IIS response which means 
'Authorization Failed by ISAPI/CGI app'.  Can't say that I've seen that 
before - it suggests that something is interfering with normal IIS 
operations.  Do you have anything else installed on the server, like 
SharePoint, or some other Web application?

"Patrick"  wrote in message 
news:5A5A6B70-2996-49AF-961B-4CB8029F1E04@microsoft.com...
> Hi Lee,
>
> Here it is. I can not see any reference to /exchange-oma VDir anywhere in
> the entire log. I've masked first three octects of the IP#s as they belong 
> to
> a public range.
> Thank you kindly for your assistance. Truely appreciated.
>
> #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
> cs-username c-ip cs(User-Agent) cs-host sc-status sc-substatus
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 - aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 401 2
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 AD-MICRRH\liyanagel
> aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 301 0
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/ - 443 - aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 401 2
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
> AD-MICRRH\liyanagel aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 302 0
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - 
> aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 401 2
> 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
> AD-MICRRH\liyanagel aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 401 5
> 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - 
> aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 401 1
> 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
> AD-MICRRH\liyanagel aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 200 0
> 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443 -
> aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 401 1
> 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443
> AD-MICRRH\liyanagel aaa.bbb.ccc.79
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> ad-micrrh05 401 5
>
>
> Patrick.
>
> "Lee Derbyshire [MVP]" wrote:
>
>>
>> Can you show the contents of the IIS Log File when you try to use OMA? 
>> You
>> should see requests to OMA followed by requests to exchange-oma.
>>
>>
>> "Patrick"  wrote in message
>> news:3FECE55A-074B-489F-8403-E3D81DE5F1A6@microsoft.com...
>> > Hi Lee,
>> >
>> > OK. This was my "original" understanding too, but when it did not work
>> > for
>> > me, I was in a bit of confusion. [I had SSL enabled on /oma and only 
>> > basic
>> > authentication & no SSL on /exchange-oma VDir]. It gave me the error 
>> > ""A
>> > System error has occurred while processing your request. Please try
>> > again. If the problem persists, contact your administrator."  I tried 
>> > it
>> > again just a few minutes ago and still the same error.
>> >
>> > However, one thing I missed -  I should have looked at the eventlog a 
>> > bit
>> > more closer -  The event log records:
>> > "An unknown error occurred while processing the current request:
>> > Message: No ServicesObject found!
>> > Source: Microsoft.Exchange.OMA.UserInterface
>> > .... etc etc"
>> >
>> > Does " No ServicesObject found!" in the above error  shed any clue?
>> >
>> >
>> > Thanks and Regards
>> >
>> > Patrick
>> >
>> >
>> > "Lee Derbyshire [MVP]" wrote:
>> >
>> >> Yes, you can use SSL for OMA, but not in the way you were trying to do
>> >> it.
>> >> You tried to use SSL on exchange-oma, but the exchange-oma VDir is for
>> >> internal use (by the server itself) only.  So, you can require SSL on
>> >> OMA,
>> >> and then go to https://servername/oma on your device.  The connection
>> >> between your device and the server is using SSL.  Then, OMA on the 
>> >> server
>> >> makes its own internal request to exchange-oma (this is how the WebDAV
>> >> API
>> >> works - via HTTP requests), but it can only do so on port 80, which 
>> >> means
>> >> that you can't require SSL on exchange-oma.
>> >>
>> >> Normally, OMA would send its requests to Exchange (i.e. your OWA
>> >> directory),
>> >> but if you require SSL on Exchange, OMA can't work any more (because 
>> >> it
>> >> can
>> >> only use port 80 internally).  That is why you clone the Exchange VDir 
>> >> to
>> >> the exchange-oma one and use the registry entry to persuade OMA to use
>> >> that,
>> >> instead.  You are not meant to use the exchange-oma VDir for direct
>> >> client
>> >> access (i.e. you are not meant to go to http://server/exchange-oma ,
>> >> although you can do if you want), that is why you can put an IP 
>> >> address
>> >> restriction on it, if you want to.
>> >>
>> >> "Patrick"  wrote in message
>> >> news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
>> >> > Hi Lee,
>> >> >
>> >> > Does that mean you are connecting through http from your mobile 
>> >> > device?
>> >> > I
>> >> > thought you can use SSL for OMA as well for securing those 
>> >> > connections.
>> >> > Is
>> >> > it
>> >> > not?
>> >> >
>> >> > Thank you  for your replies.
>> >> >
>> >> > Patrick
>> >> >
>> >> >
>> >> >
>> >> > "Lee Derbyshire [MVP]" wrote:
>> >> >
>> >> >> You should not enable SSL on /exchange-oma .  That is now an 
>> >> >> SSL-free
>> >> >> copy
>> >> >> of /Exchange for internal use by OMA.  You can enable SSL on 
>> >> >> /Exchange
>> >> >> if
>> >> >> you want to secure your OWA, and you can enable SSL on your /OMA if
>> >> >> you
>> >> >> want
>> >> >> to secure OMA, but /exchange-oma can not have SSL required.
>> >> >>
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

Hi Lee,

Out of frustration, I thought I'll re-start the server in the weekend. And I 
just did and guess what, OMA is working now over SSL!

One thing I noticed though - there is a time delay (say 1 minute or so) for 
updates to get "propagated". For instance, I deleted an appointment through 
OMA and the it took a while for that to get reflected through OWA. Is that 
normal?

Thank you for all your very informative responses and for your patience.

Regards

Patrick.

"Lee Derbyshire [MVP]" wrote:

> Hmm.  Something is going wrong before it even tries to access your 
> exchange-oma VDir.  When it tries to POST to /oma/oma.aspx , it is getting a 
> 401;5 response.  This is a rather unusual IIS response which means 
> 'Authorization Failed by ISAPI/CGI app'.  Can't say that I've seen that 
> before - it suggests that something is interfering with normal IIS 
> operations.  Do you have anything else installed on the server, like 
> SharePoint, or some other Web application?
> 
> "Patrick"  wrote in message 
> news:5A5A6B70-2996-49AF-961B-4CB8029F1E04@microsoft.com...
> > Hi Lee,
> >
> > Here it is. I can not see any reference to /exchange-oma VDir anywhere in
> > the entire log. I've masked first three octects of the IP#s as they belong 
> > to
> > a public range.
> > Thank you kindly for your assistance. Truely appreciated.
> >
> > #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
> > cs-username c-ip cs(User-Agent) cs-host sc-status sc-substatus
> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 - aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 401 2
> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 AD-MICRRH\liyanagel
> > aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 301 0
> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/ - 443 - aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 401 2
> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 302 0
> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - 
> > aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 401 2
> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 401 5
> > 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 - 
> > aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 401 1
> > 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 200 0
> > 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443 -
> > aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 401 1
> > 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443
> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) 
> > ad-micrrh05 401 5
> >
> >
> > Patrick.
> >
> > "Lee Derbyshire [MVP]" wrote:
> >
> >>
> >> Can you show the contents of the IIS Log File when you try to use OMA? 
> >> You
> >> should see requests to OMA followed by requests to exchange-oma.
> >>
> >>
> >> "Patrick"  wrote in message
> >> news:3FECE55A-074B-489F-8403-E3D81DE5F1A6@microsoft.com...
> >> > Hi Lee,
> >> >
> >> > OK. This was my "original" understanding too, but when it did not work
> >> > for
> >> > me, I was in a bit of confusion. [I had SSL enabled on /oma and only 
> >> > basic
> >> > authentication & no SSL on /exchange-oma VDir]. It gave me the error 
> >> > ""A
> >> > System error has occurred while processing your request. Please try
> >> > again. If the problem persists, contact your administrator."  I tried 
> >> > it
> >> > again just a few minutes ago and still the same error.
> >> >
> >> > However, one thing I missed -  I should have looked at the eventlog a 
> >> > bit
> >> > more closer -  The event log records:
> >> > "An unknown error occurred while processing the current request:
> >> > Message: No ServicesObject found!
> >> > Source: Microsoft.Exchange.OMA.UserInterface
> >> > .... etc etc"
> >> >
> >> > Does " No ServicesObject found!" in the above error  shed any clue?
> >> >
> >> >
> >> > Thanks and Regards
> >> >
> >> > Patrick
> >> >
> >> >
> >> > "Lee Derbyshire [MVP]" wrote:
> >> >
> >> >> Yes, you can use SSL for OMA, but not in the way you were trying to do
> >> >> it.
> >> >> You tried to use SSL on exchange-oma, but the exchange-oma VDir is for
> >> >> internal use (by the server itself) only.  So, you can require SSL on
> >> >> OMA,
> >> >> and then go to https://servername/oma on your device.  The connection
> >> >> between your device and the server is using SSL.  Then, OMA on the 
> >> >> server
> >> >> makes its own internal request to exchange-oma (this is how the WebDAV
> >> >> API
> >> >> works - via HTTP requests), but it can only do so on port 80, which 
> >> >> means
> >> >> that you can't require SSL on exchange-oma.
> >> >>
> >> >> Normally, OMA would send its requests to Exchange (i.e. your OWA
> >> >> directory),
> >> >> but if you require SSL on Exchange, OMA can't work any more (because 
> >> >> it
> >> >> can
> >> >> only use port 80 internally).  That is why you clone the Exchange VDir 
> >> >> to
> >> >> the exchange-oma one and use the registry entry to persuade OMA to use
> >> >> that,
> >> >> instead.  You are not meant to use the exchange-oma VDir for direct
> >> >> client
> >> >> access (i.e. you are not meant to go to http://server/exchange-oma ,
> >> >> although you can do if you want), that is why you can put an IP 
> >> >> address
> >> >> restriction on it, if you want to.
> >> >>
> >> >> "Patrick"  wrote in message
> >> >> news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
> >> >> > Hi Lee,
> >> >> >
> >> >> > Does that mean you are connecting through http from your mobile 
> >> >> > device?
> >> >> > I
> >> >> > thought you can use SSL for OMA as well for securing those 
> >> >> > connections.
> >> >> > Is
> >> >> > it
> >> >> > not?
> >> >> >
> >> >> > Thank you  for your replies.
> >> >> >
> >> >> > Patrick
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Lee Derbyshire [MVP]" wrote:
> >> >> >
> >> >> >> You should not enable SSL on /exchange-oma .  That is now an 
> >> >> >> SSL-free
> >> >> >> copy
> >> >> >> of /Exchange for internal use by OMA.  You can enable SSL on 
> >> >> >> /Exchange
> >> >> >> if
> >> >> >> you want to secure your OWA, and you can enable SSL on your /OMA if
> >> >> >> you
> >> >> >> want
> >> >> >> to secure OMA, but /exchange-oma can not have SSL required.
> >> >> >>
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >> 
> 
> 
>

I don't use OMA, but I don't think that such a delay is normal.  It should 
be deleted immediately, and if you refresh the OWA view, you should see a 
change straight away.


"Patrick"  wrote in message 
news:7487A217-4C29-44B8-AD2E-EFDEC301750F@microsoft.com...
> Hi Lee,
>
> Out of frustration, I thought I'll re-start the server in the weekend. And 
> I
> just did and guess what, OMA is working now over SSL!
>
> One thing I noticed though - there is a time delay (say 1 minute or so) 
> for
> updates to get "propagated". For instance, I deleted an appointment 
> through
> OMA and the it took a while for that to get reflected through OWA. Is that
> normal?
>
> Thank you for all your very informative responses and for your patience.
>
> Regards
>
> Patrick.
>
> "Lee Derbyshire [MVP]" wrote:
>
>> Hmm.  Something is going wrong before it even tries to access your
>> exchange-oma VDir.  When it tries to POST to /oma/oma.aspx , it is 
>> getting a
>> 401;5 response.  This is a rather unusual IIS response which means
>> 'Authorization Failed by ISAPI/CGI app'.  Can't say that I've seen that
>> before - it suggests that something is interfering with normal IIS
>> operations.  Do you have anything else installed on the server, like
>> SharePoint, or some other Web application?
>>
>> "Patrick"  wrote in message
>> news:5A5A6B70-2996-49AF-961B-4CB8029F1E04@microsoft.com...
>> > Hi Lee,
>> >
>> > Here it is. I can not see any reference to /exchange-oma VDir anywhere 
>> > in
>> > the entire log. I've masked first three octects of the IP#s as they 
>> > belong
>> > to
>> > a public range.
>> > Thank you kindly for your assistance. Truely appreciated.
>> >
>> > #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
>> > cs-username c-ip cs(User-Agent) cs-host sc-status sc-substatus
>> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 - aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 401 2
>> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma - 443 AD-MICRRH\liyanagel
>> > aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 301 0
>> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/ - 443 - aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 401 2
>> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
>> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 302 0
>> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 -
>> > aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 401 2
>> > 2008-05-15 02:14:38 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
>> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 401 5
>> > 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443 -
>> > aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 401 1
>> > 2008-05-15 02:14:55 aaa.bbb.ccc.12 GET /oma/oma.aspx - 443
>> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 200 0
>> > 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 
>> > 443 -
>> > aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 401 1
>> > 2008-05-15 02:15:04 aaa.bbb.ccc.12 POST /oma/oma.aspx __ufps=096163 443
>> > AD-MICRRH\liyanagel aaa.bbb.ccc.79
>> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727)
>> > ad-micrrh05 401 5
>> >
>> >
>> > Patrick.
>> >
>> > "Lee Derbyshire [MVP]" wrote:
>> >
>> >>
>> >> Can you show the contents of the IIS Log File when you try to use OMA?
>> >> You
>> >> should see requests to OMA followed by requests to exchange-oma.
>> >>
>> >>
>> >> "Patrick"  wrote in message
>> >> news:3FECE55A-074B-489F-8403-E3D81DE5F1A6@microsoft.com...
>> >> > Hi Lee,
>> >> >
>> >> > OK. This was my "original" understanding too, but when it did not 
>> >> > work
>> >> > for
>> >> > me, I was in a bit of confusion. [I had SSL enabled on /oma and only
>> >> > basic
>> >> > authentication & no SSL on /exchange-oma VDir]. It gave me the error
>> >> > ""A
>> >> > System error has occurred while processing your request. Please try
>> >> > again. If the problem persists, contact your administrator."  I 
>> >> > tried
>> >> > it
>> >> > again just a few minutes ago and still the same error.
>> >> >
>> >> > However, one thing I missed -  I should have looked at the eventlog 
>> >> > a
>> >> > bit
>> >> > more closer -  The event log records:
>> >> > "An unknown error occurred while processing the current request:
>> >> > Message: No ServicesObject found!
>> >> > Source: Microsoft.Exchange.OMA.UserInterface
>> >> > .... etc etc"
>> >> >
>> >> > Does " No ServicesObject found!" in the above error  shed any clue?
>> >> >
>> >> >
>> >> > Thanks and Regards
>> >> >
>> >> > Patrick
>> >> >
>> >> >
>> >> > "Lee Derbyshire [MVP]" wrote:
>> >> >
>> >> >> Yes, you can use SSL for OMA, but not in the way you were trying to 
>> >> >> do
>> >> >> it.
>> >> >> You tried to use SSL on exchange-oma, but the exchange-oma VDir is 
>> >> >> for
>> >> >> internal use (by the server itself) only.  So, you can require SSL 
>> >> >> on
>> >> >> OMA,
>> >> >> and then go to https://servername/oma on your device.  The 
>> >> >> connection
>> >> >> between your device and the server is using SSL.  Then, OMA on the
>> >> >> server
>> >> >> makes its own internal request to exchange-oma (this is how the 
>> >> >> WebDAV
>> >> >> API
>> >> >> works - via HTTP requests), but it can only do so on port 80, which
>> >> >> means
>> >> >> that you can't require SSL on exchange-oma.
>> >> >>
>> >> >> Normally, OMA would send its requests to Exchange (i.e. your OWA
>> >> >> directory),
>> >> >> but if you require SSL on Exchange, OMA can't work any more 
>> >> >> (because
>> >> >> it
>> >> >> can
>> >> >> only use port 80 internally).  That is why you clone the Exchange 
>> >> >> VDir
>> >> >> to
>> >> >> the exchange-oma one and use the registry entry to persuade OMA to 
>> >> >> use
>> >> >> that,
>> >> >> instead.  You are not meant to use the exchange-oma VDir for direct
>> >> >> client
>> >> >> access (i.e. you are not meant to go to http://server/exchange-oma 
>> >> >> ,
>> >> >> although you can do if you want), that is why you can put an IP
>> >> >> address
>> >> >> restriction on it, if you want to.
>> >> >>
>> >> >> "Patrick"  wrote in message
>> >> >> news:80D28D96-7A06-4CA2-B8D8-4DABCC768FD9@microsoft.com...
>> >> >> > Hi Lee,
>> >> >> >
>> >> >> > Does that mean you are connecting through http from your mobile
>> >> >> > device?
>> >> >> > I
>> >> >> > thought you can use SSL for OMA as well for securing those
>> >> >> > connections.
>> >> >> > Is
>> >> >> > it
>> >> >> > not?
>> >> >> >
>> >> >> > Thank you  for your replies.
>> >> >> >
>> >> >> > Patrick
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > "Lee Derbyshire [MVP]" wrote:
>> >> >> >
>> >> >> >> You should not enable SSL on /exchange-oma .  That is now an
>> >> >> >> SSL-free
>> >> >> >> copy
>> >> >> >> of /Exchange for internal use by OMA.  You can enable SSL on
>> >> >> >> /Exchange
>> >> >> >> if
>> >> >> >> you want to secure your OWA, and you can enable SSL on your /OMA 
>> >> >> >> if
>> >> >> >> you
>> >> >> >> want
>> >> >> >> to secure OMA, but /exchange-oma can not have SSL required.
>> >> >> >>
>> >> >> >
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>