I have searched and searched for an answer to this problem and have not been able to find anything. Hopefully someone here has run into this before and might have an idea or solutuion. Her is my problem.

I have two exchange servers (2003 SP2) on of which is a front end server handling OWA and OMA. We sync about 18 Windows Mobile 6.1 devices over the air using OMA. We are using SSL. All of our devices have random problems connecting to the server. They will sync fine most of the time but will randomly for no particular reason ask the user for their exchange password. We are not enforcing any password policies on the server and we are always checking the box to save the password. In order to get the device synching again the user has to re-enter their password multiple times and often has to kill and restart activesync on their device.

Any ideas as to what might be causing this?

Any help would be much appreciated.

You could try unchecking the box in Activesync on the phone that requires SSL. We use SSL as well, but we have to uncheck that box on the phone. Although our problem is that the phone never syncs when its checked as opposed to your problem of randomly not syncing and asking for a password.

Unfortunately that is not an option. Our SSL is required for authentication. It will not connect without it. It seems like what is happening is that the device is not always passing the credentials to the server. Usually when it asks me for the password I enter the password once making sure I check the Save Password box then when it asks me the second time I hit cancel. ActiveSync then gives me a could not authenticate error. Now if I just hit Sync again it goes through and works just fine without asking for the password. So my guess is that it is not passing the credentials until after the connection is reinitialized.

From what I understand, Push Email relies on the OMA functionality which uses IIS. The problem my lie there. Although I've never tried, you may have to uninstall/reinstall (or confirm) that the OMA part of Exchange is functioning correctly. Sorry I can't be of more help.

Do the log files on the server show anything when a phone can't log in?

No, the exchange logs don't show much. I almost think it might be something with the device configuration. At this point I just don't know. We will be migrating to Exchange 2007 sometime in the next few months. Hopefully that will resolve the problem permanently. I was just hoping maybe by some chance someone here had seen this problem before. Thanks a bunch for your help.

Is the FE server doing the authentication (NTLM) or is there an ISA server in the way configured with Forms Based Authentication? You should make sure the IIS virtual directory for OMA is set only for Basic Auth - and the following article might be worth a read.... http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1188440,00.html

Hope that helps - good luck!!

Mark.

^^^What he said. Took the words right out of my mouth. You'll still be secured through the SSL certificate, even though you're doing "basic auth" you aren't exactly sending your password as clear text. Requiring SSL on the OMA site will automatically encrypt the connection so you have no need to worry.

Try it out and get back in here. I manage a site with about 50 WM 6.1 Black Jack II's that sync with Exchange 2007 with no issues whatsoever. Also verify that you have all your hotfixes related to OMA installed on your Exchange 2003 server.