Microsoft Remote Connectivity Analyzer
First, everybody must get to know Microsoft's Remote Connectivity Analyzer found here .
Microsoft did a great job with this tool which continues to evolve over time, providing more and more testing tools, from ActiveSync, to Autodiscover, Web services, Outlook Anywhere, POP/SMTP, Lync and OCS and even the Microsoft cloud (Office 365).
This online tool often provides detailed information regarding the steps taken and what went wrong.
MobilityDojo.net - EAS - MD Tool
One of my favorite ActiveSync testing tools for some time is MobilityDojo.net 's EAS-MD tool. Click here
The tool, which is also updated by it's creators, supports Exchange 2007/2010/2013.
Unlike Microsoft's Remote Connectivity Analyzer, EAS-MD puts it's focus on ActiveSync and Autodiscover (partially since it still will not analyze Service Connection Point (SCP) data from Active Directory).
However, the thing I like most about this tool, is that it is simple to user, and you can use it anywhere on your network or the Internet.
before we go into a few screenshots, let me give you examples regarding how I put this tool to use:
- Testing "Before" or "After" your proxy/router When your infrastructure includes a reverse proxy / TMG server / firewall / router, and you want to troubleshoot ActiveSync connectivity "before" the device or server (on your LAN), or "after" the proxy (in your DMZ or Internet).
Running synchronization tests with the tool in both locations (something you will usually not be able to do with a real device because of DNS name resolution and networking restrictions) will help you find out if the problem is with the Exchange server, proxy server or even with your ISP.
- Testing specific CAS servers in a CAS Array
Without a direct testing tool, checking each CAS (Client Access Server) in a CAS Array for ActiveSync problems (independent of Exchange's own built in tests and logs), can be very challenging. Using the tool you can simply configure the individual CAS server you want to test.
- Testing specific user connectivity issues
If you administer Exchange servers, you probably know the case... A user cannot sync a device, and you have to help him as well as provide proof that your precious Exchange server is not refusing service to the user. All you need to do is have the user enter his credentials into the tool and basic ActiveSync connectivity tests will be performed with his / her mailbox.
- Creating Fake devices
Strange... but in an upcoming post I will show you that having too many ActiveSync devices partnered to a specific mailbox can cause you a and your users a lot of headache.
Before removing real device partnerships (using the upcoming article), you can use the EAS-MD tool to create "Fake" devices with your test mailboxes so you can test the procedures of deleting device partnerships without really using multiple phones or tablets.
- Checking your SSL Certificates
The tool can also query and provide information regarding your SSL certificates. The information can also be copied as text for later troubleshooting.
First download the small ZIP file containing the tool from here
The web site states the version as 1.6, but it is actually 1.7. The site also states that Windows 7/2008 are required, but I had no problem running in on Windows XP SP3.
Testing connectivity and Synchronization
The fist screen of the application is usually the one you need for ActiveSync testing.
In the connection parameters enter your (mailbox to be tested) domain credentials, the CAS server name
(This can be from the Internet or from inside your LAN), select to use SSL (who doesn't), and version of Exchange server.
On the upper right, select Trust all certificates. This will have you bypass sync issues that will likely happen when you are testing on your LAN (such as using self signed certificate which you did not bother to install the CA certificate to your test computer, testing a specific CAS server internal FQDN which is not a part of the certificate's Subject Alternate Name, and so on).
Now click Basic Connectivity Test to perform... basic test :-) this test will show you that you are able to talk to the CAS server over ActiveSync and authenticate.
Now you can click Clear Output to clean the screen.
Click Full Sync Test to re-authenticate and actually see a synchronization of the mailbox folders.
Testing AutoDiscover
This test is somewhat disappointing as it still cannot query Active Directory for SCP (Service Connectio Point) which is the source of AutoDiscover information for domain joined workstations.
However, if you rely on DNS records (internal or externally to your network), the tool will query them and show you if it was successful or not and what it found. Use the information for troubleshooting incorrect settings.
Testing the certificate chain
Unless you are using a self signed certificate, the SSL certificate on your Exchange server or proxy server came from a Certificate Authority (CA).
Certificate Authorities are servers which issue digital certificates to other CAs and/or the final SSL certificates (this is a very loose explanation). In order for a certificate to be trusted or "believable" by devices such as ActiveSync devices, web browsers and mail clients, the entire "Certificate chain" must be known and trusted.Use this tool to query the certificate chain of your Exchange / TMG SSL certificate when the certificate may be the root of the connectivity issues.
Hope this makes sense...
Post your feedback. Please !
No comments:
Post a Comment