I have spent some time troubleshooting an alert from SCOM that ActiveSync was not working on all Exchange 2010 servers in an environment. The environment is currently in co-existence with Exchange 2016, with all client access services already pointed to 2016. Running the Test-ActiveSyncConnectivity cmdlet returned the following result:
Test-ActiveSyncConnectivity -TrustAnySSLCertificate:$true | fl
...
ClientAccessServer : ex2010s001.domain.local
Scenario : Options
ScenarioDescription : Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
PerformanceCounterName : DirectPush Latency
Result : Failure
Error : [System.Net.WebException]: The remote server returned an error: (403) Forbidden.
HTTP response headers:
X-BEServerRoutingError: ex2010s001.domain.local
Content-Length: 5232
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Mar 2018 15:08:37 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
UserName : extest_144ce5a2f8a74
...
The odd thing was that we had no users complaining about a loss in service, and everything seemed to be working from a client side.
Solution
It turned out that the extest_144ce5a2f8a74 account had been migrated to an Exchange 2016 mailbox server. Moving the mailbox back to an Exchange 2010 mailbox server allowed the probe to succeed.
This is because Exchange can only proxy to previous versions of Exchange, and not newer versions. For more information on 2016/2010 co-existence, see the following Exchange blog post.
