ActiveSync Random Password Prompts Fixed

Some users were getting random prompts for passwords in on Windows 6.1 & 6.5 en 7.  Environment: 2007, and and Load balancers, but this problem showed up months after changing to TMG.  It seemed random.  The error on was the generic:

please log in access was denied 0×8501000

In the Monitoring you would see a denied connection on your rule with this status:

12239 The requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.

I tested with Windows Mobile Emulator from outside the firewall and was able to reproduce the error within hours (just letting it sit there).

I first thought this was the HTTP session timeout that changed with the Loadbalancers.

I poked around the web listener settings some more and noticed the timeout settings for forms authentication were set (this same web listener was used for OWA).  is supposed to be smart enough to not apply any of the forms auth settings to clients that don’t support it (falling back to basic auth as with ActiveSync).

The forms auth timeout was indeed affecting ActiveSync. To find it, look for the web listener of your rule, go to properties>Forms tab>Advanced> and make sure “apply session timeout to non-browser clients” is unchecked.

ISA Web Listener Advanced Form Options

Translate »
%d bloggers like this: