Weird Active Sync issue with Apple products and Exchange.
This is quite a long story but needs to be told in order to understand the full situation.
We are a Hotel that runs 24/7 that has a SBS 2008 Server and a Windows Server 2008 Terminal Server operating on a small LAN. Last week the SBS Operating System became corrupt. I spent hours and hours through the normal recovery appreaches to try and get the current operating system back to working order with no avail. I had no other choice and was forced to restore the server from a Symantec Backup Exec Restore point, which was taken 3 days earlier than that point in time.
I restored the OS successfully and began to notice upon logon the OS was acting very strange, it wouldnt perform normal tasks like opening MMC or clicking on start menu items. I noticed the the Microsoft Exchange Services were playing up through examination of Event Viewer. Once disabling all of these and rebooting, it fixed everything!
The only things that are important to this business are the e-mail. So, the fact the the OS had been restored to a point in time from three days ago, the only thing that would be affected (changed) is the emails. So i backed up the exchange store from the corrupt OS onto an external hdd. I restarted all the exchange services one by one after stopping them all due to system instability. Once i had restarted all exchange services and rebooted the Server, everything was fine and back to normal....for now.
I transfered over the exchange store from the external hard drive etc. and got that all up and running. Everything seemed to be fine. Then this weird problem started to occur with active sync and exchange on Apple products.
Microsoft Outlook 2007 on all workstations and laptops worked totally fine as you would expect. Emails would send and receive with no problem. Then comes the iPhones/iPad.
John and Bob were having problems with there email on apple products. We will start with Bob, who just has an iPhone. He was saying that there was problems with his account not working, so I decided to just delete the account and start again. I set up his account (and i know the credentials are correct because i tried them on my own personal iPhone and it worked and mail began to flow through onto my phone) and it would come up with verify certificate and get pass the check (sync mail, calenders, contacts etc.), then you would go into the mail application and nothing would download or sync, the circle would keep spinning and it would just hang.
John on the other hand had this EXACT same problem, on his iPhone, iPad and Entourage 2004 on his iMac. Johns would also work on my own iPhone. just not their own. which was running their email before the crash.
Funnily enough Johns account would work on Bobs phone and visa versa. Just not on their own.
I setup IMAP email accounts for them both for the time being, which seemed to work fine (send/receive, download inbox etc.), but now they are saying that it is not syncing correctly. If they send an email from outlook it will not sync and appear in sent items on their iphone.
We are a Hotel that runs 24/7 that has a SBS 2008 Server and a Windows Server 2008 Terminal Server operating on a small LAN. Last week the SBS Operating System became corrupt. I spent hours and hours through the normal recovery appreaches to try and get the current operating system back to working order with no avail. I had no other choice and was forced to restore the server from a Symantec Backup Exec Restore point, which was taken 3 days earlier than that point in time.
I restored the OS successfully and began to notice upon logon the OS was acting very strange, it wouldnt perform normal tasks like opening MMC or clicking on start menu items. I noticed the the Microsoft Exchange Services were playing up through examination of Event Viewer. Once disabling all of these and rebooting, it fixed everything!
The only things that are important to this business are the e-mail. So, the fact the the OS had been restored to a point in time from three days ago, the only thing that would be affected (changed) is the emails. So i backed up the exchange store from the corrupt OS onto an external hdd. I restarted all the exchange services one by one after stopping them all due to system instability. Once i had restarted all exchange services and rebooted the Server, everything was fine and back to normal....for now.
I transfered over the exchange store from the external hard drive etc. and got that all up and running. Everything seemed to be fine. Then this weird problem started to occur with active sync and exchange on Apple products.
Microsoft Outlook 2007 on all workstations and laptops worked totally fine as you would expect. Emails would send and receive with no problem. Then comes the iPhones/iPad.
John and Bob were having problems with there email on apple products. We will start with Bob, who just has an iPhone. He was saying that there was problems with his account not working, so I decided to just delete the account and start again. I set up his account (and i know the credentials are correct because i tried them on my own personal iPhone and it worked and mail began to flow through onto my phone) and it would come up with verify certificate and get pass the check (sync mail, calenders, contacts etc.), then you would go into the mail application and nothing would download or sync, the circle would keep spinning and it would just hang.
John on the other hand had this EXACT same problem, on his iPhone, iPad and Entourage 2004 on his iMac. Johns would also work on my own iPhone. just not their own. which was running their email before the crash.
Funnily enough Johns account would work on Bobs phone and visa versa. Just not on their own.
I setup IMAP email accounts for them both for the time being, which seemed to work fine (send/receive, download inbox etc.), but now they are saying that it is not syncing correctly. If they send an email from outlook it will not sync and appear in sent items on their iphone.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@computertechie - Already tried that.
@alan - some nice points! i will try these and report back. thanks.
@alan - some nice points! i will try these and report back. thanks.
No problems - here for more if that doesn't work.
ASKER
results from testexchangeconnectivity.c
ExRCA is testing Exchange ActiveSync. Exchange ActiveSync was tested successfully.
Test Steps
Attempting to resolve the host name remote.domain.com in DNS.
The host name resolved successfully.
Testing TCP port 443 on host remote.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name remote.domain.com was found in the Certificate Subject Common name.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 8/24/2010 8:12:21 PM, NotAfter = 8/23/2012 8:12:21 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://remote.domain.com/Microsoft-Server-Activesync/.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 8.3
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5,12.0,12.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Mon, 22 Nov 2010 06:47:43 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The FolderSync command completed successfully.
Additional Details
Number of folders: 53
Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
The Sync command completed successfully.
Additional Details
Status: 1
Attempting to test the GetItemEstimate command for the Inbox folder.
ExRCA successfully received the GetItemEstimate response from the server.
Additional Details
Estimate: 11 messages
In other words, it all seems fine :/
ExRCA is testing Exchange ActiveSync. Exchange ActiveSync was tested successfully.
Test Steps
Attempting to resolve the host name remote.domain.com in DNS.
The host name resolved successfully.
Testing TCP port 443 on host remote.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name remote.domain.com was found in the Certificate Subject Common name.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 8/24/2010 8:12:21 PM, NotAfter = 8/23/2012 8:12:21 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://remote.domain.com/Microsoft-Server-Activesync/.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 8.3
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5,12.0,12.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Mon, 22 Nov 2010 06:47:43 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The FolderSync command completed successfully.
Additional Details
Number of folders: 53
Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
The Sync command completed successfully.
Additional Details
Status: 1
Attempting to test the GetItemEstimate command for the Inbox folder.
ExRCA successfully received the GetItemEstimate response from the server.
Additional Details
Estimate: 11 messages
In other words, it all seems fine :/
You are using a self-signed certificate!
Please read the following article from Microsoft:
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx
Please pay particular attention to the following:
Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.
If you purchase a 3rd Party SAN / UCC certificate from somewhere like GoDaddy (about the cheapest), the problem will go away very quickly.
Please read the following article from Microsoft:
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx
Please pay particular attention to the following:
Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.
If you purchase a 3rd Party SAN / UCC certificate from somewhere like GoDaddy (about the cheapest), the problem will go away very quickly.
we use rapidssl $9.95
CT
CT
@ComputerTechie - is that a SAN / UCC SSL certificate?
no most san certs are about $250 a year.
Okay - with Exchange 2007 you need a SAN / UCC certificate.
ASKER
@alanhardisty. i dont agree with you on this. my own business is running a self signed certificate on exchange 2007 on my iPhone and it works flawlessly.
i also have 20 clients all using iPhones with Self Signed Certificates and Exchange 2007. I do agree with you that "I should be using" a third party Certificate for numerous reasons, but i dont think this is one of them.
I am about to simply create a new mailbox for the affected user as all other avenues have been exhausted.
I do appreciate your help and will let you know how it goes.
i also have 20 clients all using iPhones with Self Signed Certificates and Exchange 2007. I do agree with you that "I should be using" a third party Certificate for numerous reasons, but i dont think this is one of them.
I am about to simply create a new mailbox for the affected user as all other avenues have been exhausted.
I do appreciate your help and will let you know how it goes.
ASKER
created new mailbox/accounts for the problem users. fixed all problems!!!
Sounds like a right little mess going on.
The first place I would start off pointing you towards is the test site at https://testexchangeconnctivity.com - run the Exchange Activesync Test, specify Manual Server Settings and then report back the results.
You can also download a test App from iTunes "Activesync Tester" or download it onto a PC from:
https://store.accessmylan.com/main/diagnostic-tools
If the tests pass happily and the problems still persist - can you please move either John or Bob's email account into a different mail store and then remove and re-add the Exchange Account to the iPhone / iPad. If that works - repeat with the other problem account (your store could be corrupted and moving accounts from one store to another will clean up any issues).
If that fails - or the testing fails - please post the FULL expanded results for further scrutiny.
Alan