Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3031 Source: ServerActiveSync

The mailbox server [%1] does not allow "Negotiate" authentication to its [%2] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.
In my case, I had followed the steps in ME817379, and had successfully created the separate exchange-oma virtual directory and enabled forms based authentication, but push notifications were not working on mobile devices. If users manually opened their mail application on the mobile device, the messages were pulled down, but were not being pushed out.

Looking at the IIS log files, I could see that while most activesync activities were being run against the new exchange-oma virtual directory, SUBSCRIBE commands were still being run against the original Exchange virtual directory. With a lot of searching I found ME916640, which solved the issue.
This issue can occur if the Exchange virtual directory in Microsoft Internet Information Server (IIS) is configured to accept only Secure Sockets Layer (SSL) connections or if Integrated Windows authentication is not enabled on the Exchange virtual directory. With Exchange ActiveSync, this issue can occur if forms-based authentication is enabled on the Exchange Server. See ME817379 for details.

See MSEX2K3DB for additional information about this event.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.