Error message when you try to synchronize a mobile device with Exchange Server 2003: "HTTP_403" (916958)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition

SYMPTOMS

When you try to synchronize a mobile device with Microsoft Exchange Server 2003 by using Exchange ActiveSync, the synchronization attempt is unsuccessful. Additionally, you receive the following error message:
Error code: HTTP_403

CAUSE

This problem occurs if the following conditions are true:
  • The IISADMPWD application is configured on the Web site that hosts the Microsoft-Server-ActiveSync application. And, IISADMPWD is configured to generate advance notification messages to notify you when your password will expire.
  • Your password is set to expire within the password expiry window for which IISADMPWD sends the advance notification message.
For example, you experience this issue if the IISADMPWD application is configured to notify you that your password will expire in 14 days. And, you try to synchronize a mobile device within those 14 days.

This issue occurs because Exchange ActiveSync clients cannot handle password expiration notification messages. Additionally, you cannot change an expired password by using an Exchange ActiveSync client.

RESOLUTION

To resolve this issue, disable the IISADMPWD application functionality on the Microsoft-Server-ActiveSync application.

Note In Microsoft Windows Server 2003, you must disable the IISADMPWD application functionality at the Web site level. However, in Microsoft Windows Server 2003 Service Pack 1 (SP1), you can disable this functionality at the virtual directory level. This change does not affect the IISADMPWD application functionality in Microsoft Outlook Web Access.

To disable this functionality, set the PasswordChangeFlags value to 6 on the Microsoft-Server-ActiveSync application. To do this, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type the following command, and then press ENTER:

    cd drive:\inetpub\adminscripts

    In this command, drive is the letter of the drive on which Microsoft Internet Information Services (IIS) is installed.
  3. Type the following command if the Microsoft-Server-ActiveSync application is hosted on the first Web site.

    Note This command is case sensitive.

    adsutil.vbs set w3svc/1/ROOT/Microsoft-Server-Activesync/passwordchangeflags 6

    Note The /1 parameter in this command corresponds to the first Web site. By default, this is the Default Web Site. And, the value of 6 represents the sum of the following two values:
    • 2: This value disables password changes.
    • 4: This value disables the advance notification message that notifies you when your password will expire.
  4. Restart IIS. To do this, type iisreset, and then press ENTER.

MORE INFORMATION

The IISADMPWD application generally runs in the ExchangeApplicationPool application pool. We recommend that applications that use the functionality of IISADMPWD run in the same application pool. Because Outlook Mobile Access generally does not run in ExchangeApplicationPool, we recommend that you also set the PasswordChangeFlags value to 6 on the OMA application.

For more information about the PasswordChangeFlags values, click the following article numbers to view the articles in the Microsoft Knowledge Base:

833734 FIX: You experience various problems when you use the Password Change pages in IIS 6.0

297121 Using the Change Password feature with Outlook Web Access

Modification Type:MinorLast Reviewed:6/15/2006
Keywords:kbtshoot kbprb KB916958 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.