TMG CAS 2007 ACTIVE SYNC Error, Status: 12309 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.

If you are having fallowing probes with your TMG , Active sync publishing please have a look your firewall settings to possibly remedy the issue.

Denied Connection NPWINTMG1 8/29/2011 11:56:54 PM Log type: Web Proxy (Reverse) Status: 12309 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.  Rule: E210 CAS - Active Sync webmail.SMTp25.org Source: 208.54.35.224:53699 Destination: 172.26.7.5:443 Request: OPTIONS http://webmail.SMTp25.org/Microsoft-Server-ActiveSync?Cmd=OPTIONS&User=dedealoc&DeviceId=androidc1734872834&DeviceType=Android Filter information: Req ID: 0b5d481c; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes Protocol: https User: anonymous Additional information Client agent: Android/0.3 Object source: (No source information is available.) Cache info: 0x8 (Request includes the AUTHORIZATION header.) Processing time: 1 MIME type:

 

Open TMG, Drill down to FireWall Policy, locate the Active Sync rule you have and double click on it.

• Authentication delegation
• No delegation, but client may authenticate directly

• Click on Users and set , this rule applies to request from fallowing user set
• All users

Go to monitoring and make sure TMG servers ( if they are in Array) have been syncy, and test the rule.

Tips:

On the logs & Reports create filter to capture the authentication attempts etc.

Hopefully you will see everything green in the live logins and issues will get resolved (-:

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)