TECHADVICE
asked on
iPhone - IMAP - Microsoft Exchange - user credentials
I am trying to setup an Apple iPhone with Microsoft Exchange (on SBS 2003) through IMAP. When I use administrator credentials in the setup on iPhone, I am able to send/receive email. When I setup using user credentials, a window prompts me with the following "Cannot Get Mail - the user name or password for "SERVER IP ADDRESS" is incorrect. I'm sure that the user doesn't have the rights to access the server, but I think there is a way to grant access to server for IMAP use only.
Dave Messman
I've set up IMAP before for a couple Blackberries (works much better than POP). If you're allowing IMAP traffic through your firewall - then you'd think it would work. If IMAP works for user A and not for user B, with the exact same settings, then the username is obviously the root of the problem. Does your firewall discriminate based on username? What is your firewall?
ASKER
This is all handled through the SBS Server 2003. Just to clarify your comments, in the descriibed situation above, User A has administrative rights (already has full access to server), and User B has user lever rights (does not have access to server). I need to grant some type of specific IMAP access to user B, and not sure how.
do you have ISA firewall on your SBS server?
ASKER
No, not using that.
try going into AD, looking at user B (where IMAP does not work), go to the Exchange Features tab and enable IMAP directly - does that solve the issue?
ASKER
Looking at the specific tab, it is already enabled. "Enabled, using protocol defaults"
do you have any errors in the event logs that you see when you try to check email with user B with IMAP?
ASKER
I set up the acount again using the administrator credentials (User A), successfully sent/received email, then changed User Name / PSWD for User B. Under what subsection of the Event Viewer should I possibly see the error?
check the application event log
ASKER
no nothing there, the only notification I see is on the iPhone itself when it tries to retrieve mail - "Cannon Get Mail - the user or password for SERVER IP ADDRESS" is incorrect."
maybe check the security event log to see if there is an audit of a failed login in there
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oddly enough, just last week I was finally able to reach an Apple technician and together we figured out this puzzle. Sorry, I'd forgotten to update the thread here. I'll also retract my previous statement of it being an "Apple bug" (based on the ability of NO tech at Apple to provide the answer until last week) and won't take up time here arguing about the merits of their releasing this without an airtight solution available on day one. There IS indeed a solution. In fact, the tech I spoke with went over the steps we'd tested together when we were done and she created a KB for their staff so they can properly answer this question in the future. :-D
Two tricks to getting this to work, both very simple:
INBOUND: The trick to getting this work is to use the format userid@localdomain for the inbound authentication. Note that you must use the local domain name, not the public one (unless they're the same). For example, some corporations implement company.com as their public address, while using company.local (or simply LOCAL) for their internal domain. Using this format and the user's regular domain password, we were able to authenticate to Exchange and, with port 143 open on the firewall (done long before this), the iPhone user can now get all the Exchange folders without having to connect via WIFI.
OUTBOUND: The problem with outbound is that you want your iPhone's sent email to represent your corporate domain. Otherwise, it looks like it's coming from your AT&T service provider, or whatever other provider you'd used to test the thing (like gmail.com). The challenge here is that you're on a public network (AT&T's) and you'd have to permit relaying in your corporate Exchange server to be able to use port 25 to use the same Exchange server to handle outbound. But nobody wants to do that because, obviously, within a day or less you're company's domain will get blacklisted. Again, the Apple support tech that I finally reached provided the answer. For the outbound SMTP server, use cwmx.com. No credentials needed. Your corporate domain will be reflected in the REPLY-TO address.
That's it. Enjoy!
Two tricks to getting this to work, both very simple:
INBOUND: The trick to getting this work is to use the format userid@localdomain for the inbound authentication. Note that you must use the local domain name, not the public one (unless they're the same). For example, some corporations implement company.com as their public address, while using company.local (or simply LOCAL) for their internal domain. Using this format and the user's regular domain password, we were able to authenticate to Exchange and, with port 143 open on the firewall (done long before this), the iPhone user can now get all the Exchange folders without having to connect via WIFI.
OUTBOUND: The problem with outbound is that you want your iPhone's sent email to represent your corporate domain. Otherwise, it looks like it's coming from your AT&T service provider, or whatever other provider you'd used to test the thing (like gmail.com). The challenge here is that you're on a public network (AT&T's) and you'd have to permit relaying in your corporate Exchange server to be able to use port 25 to use the same Exchange server to handle outbound. But nobody wants to do that because, obviously, within a day or less you're company's domain will get blacklisted. Again, the Apple support tech that I finally reached provided the answer. For the outbound SMTP server, use cwmx.com. No credentials needed. Your corporate domain will be reflected in the REPLY-TO address.
That's it. Enjoy!
I just wanted to add a comment based on my experience with the iPhone. After MUCH frustration, and speaking with an ABSOLUTE IMBECILE at Apple (who did NOTHING, I might add) the solution is the user name must be as follows:
DOMAIN/USERNAME/MAILBOX
So for me, it reads: ABCCOMPANY/VERONICA SMITH/VERONICA and it works like a charm!
DOMAIN/USERNAME/MAILBOX
So for me, it reads: ABCCOMPANY/VERONICA SMITH/VERONICA and it works like a charm!
VeeVan,
That reminds me of the old Exchange format of DOMAIN / USERNAME/ ALIAS. It makes me wonder if one of their latest iPhone patches fixed this whole mess. But given the amount of time wasted already I'm not at all inclined to dig deeper.
I'm glad you got it working and that everyone here will have another solid solution to try.
That reminds me of the old Exchange format of DOMAIN / USERNAME/ ALIAS. It makes me wonder if one of their latest iPhone patches fixed this whole mess. But given the amount of time wasted already I'm not at all inclined to dig deeper.
I'm glad you got it working and that everyone here will have another solid solution to try.
Quick Q. For you... How did you get the cwmx.com on the outbound to work. Won't work on mine (and I will NOT open port 25.)
If you want me to post an EE question so you can get points, I will.
If you want me to post an EE question so you can get points, I will.
Forget it. I had to change the port back to 587. Duh.
Just added it per their instructions (AT&T), nothing more. Sorry.
:-D
Sorry. It's a blond night. It's not working. No error, but the messages are backing up in my outbox. Whassup?