Setting up an iPhone when using a 'dnsalias.org' address linking to the Exchange server

I have a client who has the front-end set as 'compayname'.dnsalias.org, which can be used to access the OWA using '/exchange'.

My problem is with getting the iPhone to synchronise with the exchange server - which seems to be related to the certificate which I have issued from the server. The certificate is self-signed (through CA on Windows Server 2003 for SBS), is a top-level root certificate and contains the principal name 'companyname'.dnsalias.org.

The iPhone itself connects through Vodafone with no problems, can access WAP, Wireless, POP3, Google Mail etc. When the Exchange account is setup (after installing the certificate profile) a message is displayed stating that the Exchange account cannot be verified. All of the user credentials are correct, and the e-mail address is valid and fully functional.

The server is running Exchange 2003 (SP2), which does support PUSH and all of the required settings and forwards are in place.

Any ideas?
CoGuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam GrahamEnterprise ArchitectCommented:
When I setup my 2G iPhone to sync with our SBS 2003 server it would not accept the self signed certificate. We HAD to get a trusted cert.

These can be purchased inexpensively if you look at the likes of http://www.instantssl.com or http://www.godaddy.com

Adam
0
CoGuAuthor Commented:
Thank you for reply, but I do not believe the problem is with the certificate being self-signed - I have setup several iPhones on similar setups and they have worked flawlessly.

My main suspicion revolves around the 'companyname'.dnsalias.org setup (which was implemented by the previous IT company) and how this relates the issuing server on the certificate. I have set the fully qualified name of the server and tried the full 'companyname'.dnsalias.org name, but neither of these two arrangements allow the iPhone to synchronise.
0
Adam GrahamEnterprise ArchitectCommented:
Is this company using dnsalias as they have no fixed ip?

Adam
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

CoGuAuthor Commented:
The company does have a static IP, I believe that this service was used to simplify the connection to Remote Web Workplace etc. I personally would remove this service and setup an A record on their external DNS, but no one in the company or the previous IT company have the login details for the DNSAlias account.
0
Adam GrahamEnterprise ArchitectCommented:
You don't need the login details. Just have the ISP create the A Record pointing to the public IP and start using it. The dnsalias account can retain the configuration, its of no odds.

Once you have this done, re-run CEICW and when you come to the certificate section, create the cert with the newely created A record (something like mail.domainname.com) and try the iPhone connection again.

If you say you have configured the iPhone without a trusted root certificate I will have to accept that, however it has always been to my knowledge self signed certs will not work with them.

Good luck in any case, let us know how you get on.

Adam

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CoGuAuthor Commented:
Thank you for your response, I did this in-line with a couple of other changes and everything works!
0
Adam GrahamEnterprise ArchitectCommented:
no worries, gald your sorted!

Did you use self signed cert or was it a trusted one?

Adam
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
iPhone

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.