iPhone inconsistent ActiveSync

Exchange 2007 SP1

Have you purchased a 3rd party trusted SSL certificate or a self-certified one?

What Anti-Virus software have you got installed?

Yes, we have a trusted  Unified Messaging certificate for our client access server from Digicert.  OWA works fine.  Symantec Endpoint Protection is installed.

Testing server.mycompany.com (SSL, On LAN):

Communications:
       Doing DNS lookup on server.mycompany.com .... OK (fake address)
       Testing TCP to fake address port 443 ....... OK
SSL Certificate:
       Receiving ................................ OK
       Ensuring not Self-Signed ................. OK
       Verifying certificate .................... OK
ActiveSync:
       Checking for application ................. OK
       Checking version ......................... OK (8.1)
       Checking protocols ....................... OK (1.0,2.0,2.1,2.5,12.0,12.1)
User Permissions:
       Checking "domain_NT/user" ............... OK

Result:
            ActiveSync IS available.

                (To securely enable ActiveSync access from anywhere, see www.accessmylan.com )

Can you please look at the following document and enter the registry keys at the bottom of the document (Per-MDB configuration):

http://msexchangeteam.com/archive/2004/11/15/257737.aspx

This will stop Symantec messing with Activesync which can cause problems.

Once done - please restart the Infromation Store then test sync again.

The mailbox server is not the client access server. Should this be applied to the client access server or the mailbox server or both?

The behavior persists after making the reg change on the mailbox GUID and restarting the information store service.

What elements of the SEP client did you install on the server?

Anti-Virus / Proactive Threat Protection / Network Threat Protection?

Anti-Virus and Anti-Spyware Protection

No network / proactive threat protection at all?

None.

Any other ideas?  Fetch seems to work fine every 15 minutes but like I indicated earlier, it seems as though the Push is inconsitent.  The "Cannot get mail" prompt appears.

Is Activesync on the phone set to As Items Arrive?

Programs> Activesync> Menu> Schedule.

The IPhone does not have those settings. Push is turned on, fetch is set to manual and  then there is a disclaimer: "If push isn ot available the fetch schedule will be used".

Sorry - so used to Windows Mobiles!  I have an iPhone, but just for testing purposes.

Do you have any Windows Mobile phones that you can test with - just to see if it is a general issue or an iPhone issue?

I can test one tomorrow since I am out of office today.  From 2007 to June of this year I used a Palm Treo 750 with Exchange ActiveSync and didn't have any issues.

Okay - it is always nice to try alternatives to narrow down the possibilities.

I'm mobile quite a bit tomorrow, but have my Windows Mobile with me always, so should be able to respond.

Yes, the windows mobile device appears to be working fine.  I suppose a better description for this issue would be "iPhone ActiveSync Push is inconsistent".  To test, we opened up the firewall for a limited time to that server and saw the same behavior.  I even recreated the virtual directory for ActiveSync.  

I now have a brand new FAQ to hopefully help you with this problem.  Would be interested if anything in it helps you.

http://www.it-eye.co.uk/faqs/readQuestion.php?qid=5

The logs are full of this over and over and over again:
 
***Fri Nov  6 13:02:56 unknown dataaccessd[139] <Warning>: EAS|ASPingTask failed: Error Domain=NSURLErrorDomain Code=-1200 UserInfo=0x174f20 "secure connection failed"
 
***Fri Nov  6 13:00:35 unknown MobileMail[108] <Warning>: EAS|connection died with error Error Domain=NSURLErrorDomain Code=-1200 UserInfo=0x199390 "secure connection failed" 0x4205380
 
***Fri Nov  6 13:00:35 unknown MobileMail[108] <Warning>: EAS|ASFolderItemsSyncTask failed: Error Domain=NSURLErrorDomain Code=-1200 UserInfo=0x199390 "secure connection failed"
 
***Fri Nov  6 13:00:35 unknown MobileMail[108] <Warning>: error syncing folder: Error Domain=MFMessageErrorDomain Code=1042 "Operation could not be completed. (MFMessageErrorDomain error 1042.)"
 
***Fri Nov  6 13:02:56 unknown dataaccessd[139] <Warning>: EAS|connection died with error Error Domain=NSURLErrorDomain Code=-1200 UserInfo=0x174f20 "secure connection failed" 0x173d10

Did you take a look at my FAQ?

We looked at your FAQ and many do not seem to apply. We reissued the trusted certificate yesterday and we see the same behavior.   Any ideas?  It seems to be a Push/connectivity issue.  Our certificate authority pointed to the firewall but the network administrator is quite confident that outbound and inbound openings are sound.   Any more ideas?

What is your Firewall (Make / Model) and what Anti-Virus / Anti-Spam software do you have installed on the Exchange server?

Firewall:  Global Technology Associates GB-2000  OS: 5.2.2
Intrusion prevention is also an add-on for our firewall
Antivirus: Symantec Endpoint Protection

Direct Push Technology seems to function properly with a Windows Mobile Device

Any ideas, Alan?  I opened a case with Microsoft and we confirmed that both an emulator and an activesync device work properly witht he Directpush.  The Windows mobile device seemed to work flawlessly.

The Activesync Tester test on the iphone shows this:

Checking connection . . .ok
Checking certificate . . . ok
Checking application . . .ok
Checking version . . .
ActiveSynce IS NOT available.
(Failed to connect to the server. [Timeout])

I found this on the internet.  Is this true?
http://forums.macrumors.com/showthread.php?t=803618

Not sure about the iPhone version and Exchange 2007 - perfectly possible though.  I'll make a call to someone I know with an iPhone and Exchange 2007 and see if they have the issue.

Watch this space.

From the sounds of it - it does seem to be an iPhone problem if Activesync works!!

We also have a Droid from Verizon Wireless and it also has issues with Push Technology.

Do you want to send me details of a test account so that I can setup my iPhone to see if it works?

How can I send you a private message?

Just click on my name in any of my posts and this will take you to my profile page.  From there - near the bottom of my blurb is my email address (without the @ symbol).

OK, I had a completely working iPhone on Exchange 2007 with Version 3 of the iPhone software, I upgraded to version 3.1 and all of a sudden it stops working!!

To fix this do the following:

In Exchange Management Console navigate to: Organization Configuration > Client Access > Exchange Activesync Mailbox Policies, right click the policy and select properties then on the password tab uncheck Require encryption on the device.

Thanks Glen :-)

No worries, was just browsing the iphone questions and spotted this one, thought I would upgrade one of my iPhones and hey presto! BROKE!

Another one for the "if it ain't broke, don't fix it" file!

I am just attempting a downgrade to 3.0.1 to see if it fixes it.

Is backwards possible - I always thought that forwards was the only way?

Alan, are you seeing proper flow to the handheld now?  I removed the encryption check, removed the mobile device, reset IIS and rebooted the CAS.  I will now setup the account again on the IPhone.

Will test in a sec - need more info from you and have just emailed you back.

It comes up as all tests passed.  Should be okay!

It should be ok according to Apple and Microsoft but it's still not working out.  Mail will sync initially but I just tried to send  a test message and it is hanging. and the connection refreshing icon continues to spin.

Are you syncing a new account or one with plenty in it?

Still trying to downgrade one of my iPhones, it's now in "recovery mode" so running 2nd attempt!

What OS version is the Apple currently on?

Also have you cycled the power?
Check the OS version on the phone > Settings > General > About

I'm on 3.0 and it does not work with your settings!

I'm on version 3.1.2.  So, where could the breakdown be if ActiveSync Push is working properly with Windows Mobile devices?

Just trying using the IP address instead of FQDN.  Back shortly.

Account setup went through without a problem.  Sending a test message not happy - sitting on sending!

2nd attempt seems to have been able to send the message.

I tried testing internally with WiFI and Exchange email works flawlessly.

In that case - can you replace the router with another, or reset the router and set it up again?

Preference would be to replace it with a 'spare' router of a simpler variety, or buy one to test with.

Something simple like a Netgear DG834G or DGN2000 would be good.

http://www.netgear.com/Products/RoutersandGateways/WirelessNRoutersandGateways/DGN2000.aspx