We know you depend on WorxMail to get things done. We also know it can be frustrating when there are issues that get in the way of that.

In this post, we’ll cover the scenarios that can cause WorxMail issues and the checkpoints and the solutions for each. For additioal WorxMail troubleshooting points, please refer to this post.

Terminology:

  • Term                 Definition
  • XMS                    XenMobile Server
  • NSG                     Netscaler Gateway
  • STA                      Secure Ticketing Authority
  • VIP                       Virtual IP
  • EMC                    Exchange Management Console
  • CAS                      Client Access Server

Error :

Your  Internet access is not currently available

CheckPoints:

Please check, STA(Secure Ticket Authority, XMS Server) status is UP. STA is Configured as part of NetScaler Gateway Configuration.

Please check, in MDX Policy, Network Access Configuration.

Please check, the DNS of Active Sync Server configured in MDX Policy on NetScaler

Solution:

Make sure, XMS STA in NSG -> VServer -> STA is UP.

Make Sure, If the Active Sync Server configured in MDX policy is accessible only in internal network, Then you need to configure Network Access as Tunneled to Internal Network NOT Unrestricted / Blocked and make sure App Settings are configured as per recommended format.

Make sure, Active Sync Server FQDN is reachable from NS.

Error: Exchange Server Access Denied

Check Points:

Please check, if user has access to Exchange Active Sync in his / her mail box policies.

Solution:

Make Sure to Enable Exchange Active Sync option in Exchange Mail box for user.

To verify that you’ve successfully enabled or disabled Exchange ActiveSync for a user mailbox, do one of the following:

  1. In the EMC, navigate to Recipients > Mailboxes, click the mailbox, and then click Edit.
  2. On the mailbox properties page, click Mailbox Features.

Error:

Please verify your credentials and try again

Check Points:

Please check, if user has access to Exchange Active Sync in his / her mail box policies.

Please check, if user is entering right credentials to login.

Solution:

Make Sure, To Enable Exchange Active Sync option in Exchange Mail box for user.

To verify that you’ve successfully enabled or disabled Exchange ActiveSync for a user mailbox, do one of the following:

  1. In the EMC, navigate to Recipients > Mailboxes, click the mailbox, and then click Edit.
  2. On the mailbox properties page, click Mailbox Features.

Error:

Untrusted SSL Certificate, WorxMail Cannot safely connect to the server, the server is not trusted.

Check Points:

Please check, In MDX Policy, Background Network services gateway.

Please check, the NSG VIP Server certificate.

Please check, in MDX policy, Accept all SSL Certificates is ON (for quick workaround)

Solution:

Make Sure, The value in MDX Policy, Background Network services gateway must be Server FQDN:443 (Ex: NetScaler Gateway:443)

Make Sure, The value in MDX Policy, Accept all SSL Certificates set to ON or make sure the root certificate of (Active Sync Server configured in MDX Policy) is pushed to device.

Error:

The Connection to the server timed out. Please try again in a few minutes.

Check Points:

Please Check, In MDX Policy, Network Access and App Settings.

Solution:

If the Active Sync Server configured in MDX policy is accessible only in internal network, Then you need to configure Network Access as Tunneled to Internal Network NOT Unrestricted / Blocked and make sure App Settings are configured as per recommended format.

Error:

The server is not reachable. WorxMail will try to reconnect in a few minutes

CheckPoints:

Please Check, In MDX Policy, Network Access and App Settings.

Solution:

If the Active Sync Server configured in MDX policy is accessible only in internal network, Then you need to configure Network Access as Tunneled to Internal Network NOT Unrestricted / Blocked and make sure App Settings are configured as per recommended format.

Error:

Your Company Network is Not Currently Available.

CheckPoints:

Please Check, In MDX Policy, Network Access and App Settings.

Solution:

If the Active Sync Server configured in MDX policy is accessible only in internal network, then you need to configure Network Access as Tunneled to Internal Network NOT Unrestricted / Blocked and make sure App Settings are configured as per recommended format.

Error:

Your  Connection has timed out please re-connect to WorxHome to access work resources.

Checkpoints:

Please check, In MDX Policy, Background Network services.

Please check, in MDX Policy, Network Access Configuration.

Solution:

Make sureThe value in MDX Policy, Background Network services must be Server FQDN:443 (Ex: ASSErver:443)

Make Sure, If the Active Sync Server configured in MDX policy is accessible only in internal network, Then you need to configure Network Access as Tunneled to Internal Network NOT Unrestricted / Blocked and make sure App Settings are configured as per recommended format.

 Error:

Access to your company network is currently not available

Error Code:

Error Code 449 in WorxMail logs.

Worxmail is MOSTLY functional, but the sync does not complete properly. Customer is able to send/receive email, but gets inconsistent results with contact/folder sync

Checkpoints:

Exchange Policy conflict could cause the error 449.

Please Check out the Below MS Link:

https://social.msdn.microsoft.com/Forums/en-US/a5ac7fc9-3299-4b7e-836a-8fb29b4f2e9f/http-status-code-449?forum=os_exchangeprotocols

Solution:

Resolve the Policy conflict if any.

Error:

Access to your company network is currently not available

CheckPoints:

Check if Netscaler can connect to Port 53 on DNS Server for Name Resolution or Port 53 is blocked on the firewall.

Do nslookup on any other system in the internal network and see if DNS can resolve the host name

Solution:

Port 53 Access on DNS server from Netscaler.

Error:

“Unauthorized: Access is denied due to invalid credentials”

CheckPoints:

Check the user account status to see if it is locked or not or user is entering the wrong credentials

Solution:

Unlock the User account.

Error:

403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied

CheckPoints:

Look for Error code 403 16 in IIS Logs.

Have a look at the MS article http://support.microsoft.com/kb/943891 for the http error codes.

We can see that 403.16 translate to “403.16 – Client certificate is untrusted or invalid.”

Solution:

Check the Client Certificate is valid.

Error:

Access to your company network is not available

CheckPoints:

Check the IIS Logs for Error code 413.

Solution:

We need to ensure that client is not blocked from sending the entire entity body. To do so, we have to change the value of UploadReadAheadSize to a value larger than the content length.(Go to ActiveSyncWebSite->Configuration Editor->System.WebServer->ServerRuntime to change the settings)

For More Information: http://msdn.microsoft.com/en-us/library/aa347568(v=vs.90).aspx

Error:

Access to your company network is currently not available. Error code 503.

CheckPoints:

Look for the error message “All Domain Controller Servers in use are not responding” in Event logs on CAS Server.

Solution:

This issue can occur if the Domain controller is shut down and CAS server cannot reach it. Please check if all the domain controllers are up and running fine.

Error:

You need a valid certificate to use this app error

CheckPoints:

Check the cert chain and validity of the certificates that are bound to the CAS server.

Solution:

Have the valid certificate chain on the CAS Server.

If the CAS server has internal CA cert bound then bind the same certificate chain on the NSG as Root CAs.

If the CAS is load balanced through another VIP, make sure you have the complete chain of the CAS bound to the NSG as Root CAs.

Error: Access to your company network is currently not available

CheckPoints:

Please Check, In MDX Policy, Network Access and App Settings.

Please Check, if Client Certificate is enabled for authentication.

Please Check, in MDX Policy, the Active Sync Server specified in WorxMail Exchange Server is reachable.

Solution:

If the Active Sync Server configured in MDX policy is accessible only in internal network, Then you need to configure Network Access as Tunneled to Internal Network NOT Unrestricted / Blocked and make sure App Settings are configured as per recommended format.

If Client Certificate authentication is enabled for WorxMail, do make sure you enable appropriate settings in Exchange Server. On this page, http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-client-access/configuring-certificate-based-authentication-exchange-2010-activesync-part1.html,  follow from installing additional features till summary section. For Enabling Certificate based authentication in XMS please refer to /blogs/2015/03/03/mobility-experts-configuring-certificateldap-based-authentication/

Problem:

WorxMail Email sync not on par with Native Email Client

CheckPoints:

With the existing versions of WorxMail we have a limitation with the email refresh/sync

Solution:

You can find more details @ http://support.citrix.com/article/CTX200345