SEG: Device keeps getting prompted for password, Exchange shows 401 2 error

Error/Symptom

On the device within any mail client, the user keeps getting prompted for password over and over. Although the correct password is keyed in, we see an error within a dialog box that states 

"Password Incorrect" and when we send an email we get "An error occurred while delivering this message"

The Customer is leveraging the AirWatch Secure Email Gateway.

 

The images below display the exact screens on the device.

image1.PNG

image2.PNG

 

Within the SEG server, we observe some errors in the Web Listeners logs.

2016/06/25 18:44:07.720 CN d54647be-7e5d-4122-a585-fac881bfc3ae [0000000-0000000]   (9)   Debug AW.Eas.Web.Listener.Response.ProxyHttpResponse.WriteAndFlushResponse Response flushed.
2016/06/25 18:44:07.720 CN d54647be-7e5d-4122-a585-fac881bfc3ae [0000000-0000000]   (9)   Debug AW.Eas.Web.Listener.ProxyGateway.ProxyMailServerResponse Proxied server response. from https://EXCHANGE_DNS/Microsoft-Server-ActiveSync tohttps://SEG_DNS/Microsoft-Server-ActiveSync.
2016/06/25 18:44:07.720 CN 4de823a0-593d-45a0-9ab9-84f738dcebc1 [0000000-0000000]   (9)   Debug AW.Eas.Web.Listener.ProxyGateway.EndRequest Proxied mail server response. TID: '45e5e591-fec3-4605-93b3-3b5c214bde62'
2016/06/25 18:44:07.720 CN 4de823a0-593d-45a0-9ab9-84f738dcebc1 [0000000-0000000]   (9)   Debug AW.Eas.Web.Listener.GatewayProcessingUtility.ProcessMailServerResponse ++Process mail server response 45e5e591-fec3-4605-93b3-3b5c214bde62. Try '1' of 4.
2016/06/25 18:44:07.720 CN 4de823a0-593d-45a0-9ab9-84f738dcebc1 [0000000-0000000]   (9)   Debug AW.Eas.Web.Listener.GatewayProcessingUtility.ProcessMailServerResponse --Process mail server response 45e5e591-fec3-4605-93b3-3b5c214bde62
2016/06/25 18:44:07.720 CN 6415f94f-3347-431d-9ba3-2ce8fee4cfe2 [0000000-0000000]   (9)   Debug AW.Eas.Web.Listener.ProxyGateway.ModifyResponseHeaders HTTP Response SENT for id 45e5e591-fec3-4605-93b3-3b5c214bde62:
HTTP/?.? 401(Unauthorized) Unauthorized
request-id: 3f629e4b-8943-4513-aed0-4414a1ce30b7
X-FEServer: EXCH
Content-Length: 0
Date: Sat, 25 Jun 2016 18:44:07 GMT
X-Powered-By: ASP.NET
Server: Microsoft-IIS/8.5

Cause

There could be range of reasons. Some are listed below.

  1. Exchange does not have required Authentication Enabled.
  2. SEG does not have required Authentication Enabled.

 

Resolution

  1. Ensure that Basic Authentication is enabled on the Exchange Server for the Microsoft Server Active Sync Endpoint.
  2. Ensure that Anonymous Authentication is enabled for the Endpoints on the SEG.

 

Note:

There could be other reasons for this issue. To identify the cause for such a problem. The Weblistener logs on the SEG, the Failed Request Tracing logs on Exchange should provide information about the reasons why we are getting these errors.

In this current issue, the error code was 401 Unauthorized. Enabling and inspecting the Failed Request Trace logs on exchange revealed that access was denied. We were attempting to authenticate using credentials, hence checking the authentication settings on the MSA endpoint revealed that Basic Authentication was disabled.

The image below displays the screenshot of the Failed Request Trace.

6.png

The error shown here is HTTPStatus 401 with Substatus 2. That is a 401 2. Researching about a 401 2 in MSDN, IIS blogs revealed the information below.

Error message 401.2.: Unauthorized: Logon failed due to server configuration Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. 

Enabling Basic Authentication on the MSA endpoint got things rolling.

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.