[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Exchange account verification failed-IPhone

Posted on 2009-03-30
32
Medium Priority
?
2,869 Views
Last Modified: 2013-12-05
I am attempting to setup a mail account on my IPhone to our company's exchange server but I get Exchange account verification failed errors everytime. Our exchange server uses a custom cert so I loaded that in my phone and it is now listed under profiles. We are running exchange 2007.

One interesting note. Before I had my IPhone, I had a windows mobile device. I was never able to get it to sync email as well with our exchange server. However, BlackBerries in our network can get email through our BES.
0
Comment
Question by:Joseph Moody
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 14
  • 3
32 Comments
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24020238
Are you the Exchange admin in your Organization or a user trying to set up your Iphone? Is your company?

Exchange 2K7 has different roles and you need to check if the Client Access role was installed. This is what enables the mobile clients to work with exchange 2K7.
Are you using the iphone Configuratiion utility to configure the **.mobileconfig file and then export it to your iphone??
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24020263
I am a lower tech setting it up but my boss is the exchange admin. I am not using the iphone configuration utility to configure my iphone.

How can I check to see if the Client Access role was installed?
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24020365
You need to log on to the exchange server or to a server/PC where from where you can access Exchange Management Console. Expand Server configuration and select client access. It will show you the list of servers which have the client access role installed in your exchange organization.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:alexsaiz
ID: 24020514
Probably since your company already has a BES, they might not have installed Client access role.
Even if installed, it might have just been configured for Outlook Web Access and not for mobile devices. To be able to check emails using mobile devices, you need to configure Active Sync in the Exchange server client access role. You need to be an exchange admin to configure it.

You can edit the ActiveSync settings by navigating to the Client Access node under
Server Configuration in the console tree, choosing the ActiveSync
tab in the results pane, selecting the Microsoft-Server-ActiveSync entry, and clicking
the Properties link in the action pane.
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24020536
I will get in touch with our exchange admin. Do you have a step-by-step guide on configuring this?
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24020543
IForm what you have said your blackberries are syncing with BES so this is the same way that the iPhone is syncing (or trying to!)..
Can you confirm whether you are using a trusted SSL certificate..?
Also if you can try the "active sync" test @ http://www.testexchangeconnectivity.com
and post the results.. That way we can rule out any problems on the exchange server side...
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24020589
I thought BES connected to exchange through MAPI and not through active-sync (I could be wrong though).

I got this error on the active sync test:

Testing Http Authentication Methods for URL https://mail.OURSERVERNAME.com/Microsoft-Server-Activesync/ 
  Http Authentication Test failed

The SSL cert was not trusted at first so I installed it by setting up a separate email account (yahoo) and emailing the cert that I took off our OWA page to it. I then installed it on the iphone.
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24020664
The other three test in the Active-sync section passed though (DNS, port 443, and SSL)
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24020709
Sorry my above post was a complete typo...!
I meant to say:
Form what you have said your blackberries are syncing with BES so this is the NOT same way that the iPhone is syncing (or trying to!)..
Can you post the transcript from testexchangeconnectivity.com active sync test...
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24020738
alexsaiz: the client access role is installed on our mail server.
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24020750
Yep. It is below.
 Attempting to Resolve the host name mail.mygcbe.com in DNS.
 Host successfully Resolved
Additional Details
 IP(s) returned: 168.11.62.40
 
Testing TCP Port 443 on host mail.mygcbe.com to ensure it is listening/open.
 The port was opened successfully.
 
Testing SSLCertificate for validity.
 The certificate passed all validation requirements.
Additional Details
 Subject: CN=mail.mygcbe.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)08, OU=GT18742766, O=mail.mygcbe.com, C=US, Issuer CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
 
Testing Http Authentication Methods for URL https://mail.mygcbe.com/Microsoft-Server-Activesync/
 Http Authentication Test failed
Additional Details
 A Web Exception occured because an HTTP 404 - NotFound response was received from IIS6

Open in new window

0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24020882
Ok,
A couple of things.. I don't believe that the rapid SSL root is included in the iPhones trusted roots... This might cause you troubles later as although (est exchange connectivity trusts it the iPhone wont...
I have understood that you arent the exchange admin, unfortunately some of things that we need to test now require that you are...!
Get your exchange admin to read this guide http://www.riverbank.co.uk/home/support/knowledge-base/r1403 and confirm that the set up is the same...
Also are you using forms based authentication for OWA?
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24020918

Even if Client Access role is installed, it might have just been configured for Outlook Web Access and not for mobile devices. To be able to check emails using mobile devices, you need to configure Active Sync in the Exchange server client access role. You need to be an exchange admin to configure it.

You can edit the ActiveSync settings by navigating to the Client Access node under
Server Configuration in the console tree, choosing the ActiveSync
tab in the results pane, selecting the Microsoft-Server-ActiveSync entry, and clicking
the Properties link in the action pane.

http://technet.microsoft.com/en-us/library/bb430770.aspx 
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24021074
This is another URL that might help in configuring Active sync.
http://technet.microsoft.com/en-us/library/bb266938.aspx
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24027642
JohnGerhardt: Do you have a guide that is designed for Exchange 2007? That one was a 2003 guide.

0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24027649
alexsaiz: Thank you for the links. I will start looking through those. What exactly needs to be configured for mobile devices?
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24027824
You need to configure SSL Certificate using IIS Manager Console. There would be a certificate created by default during installation but that certificate uses the server name, rather than the Fully Qualified Domain Name (FQDN),If you have a certificate from a trusted third party, you should use that certificate, rather than creating a new self-signed certificate.

For OWA, this certificate can be installed on client machines by itself . But for Windows mobile or an iphone, you need to install the certificate manually on the device.

Exchange Server should have configured an Exchange ActiveSync mailbox
policy for you during installation. To verify that the policy exists, choose the
Organization Configuration\Client Access folder. You should see a Default
mailbox policy. If you do not, create a policy

You shall find a step by step procedure to configure it in the microsoft technet document that I provided earlier. It is very simple using the console. trust me on that.

0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24027888
I am not sure if this will help but I ran the autodiscover test as well. I read that if autodiscover is set up correctly, an iphone should be able to automatically configure itself. The results are pasted below.
 Attempting each method of contacting the AutoDiscover Service
 Failed to contact the AutoDiscover service successfully by any method
Test Steps
 Attempting to test potential AutoDiscover URL https://mygcbe.com/AutoDiscover/AutoDiscover.xml
 Failed testing this potential AutoDiscover URL
Test Steps
 Attempting to Resolve the host name mygcbe.com in DNS.
 The Host could not be resolved.
 Tell me more about this issue and how to resolve it
 
Additional Details
 Host mygcbe.com could not be resolved in DNS Exception Details: Message: No such host is known Type: System.Net.Sockets.SocketException Stack Trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally() 
 
 
 
Attempting to test potential AutoDiscover URL https://autodiscover.mygcbe.com/AutoDiscover/AutoDiscover.xml
 Failed testing this potential AutoDiscover URL
Test Steps
 Attempting to Resolve the host name autodiscover.mygcbe.com in DNS.
 The Host could not be resolved.
 Tell me more about this issue and how to resolve it
 
Additional Details
 Host autodiscover.mygcbe.com could not be resolved in DNS Exception Details: Message: No such host is known Type: System.Net.Sockets.SocketException Stack Trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally() 
 
 
 
Attempting to contact the AutoDiscover service using the HTTP redirect method.
 Failed to contact AutoDiscover using the HTTP Redirect method
Test Steps
 Attempting to Resolve the host name autodiscover.mygcbe.com in DNS.
 The Host could not be resolved.
 Tell me more about this issue and how to resolve it
 
Additional Details
 Host autodiscover.mygcbe.com could not be resolved in DNS Exception Details: Message: No such host is known Type: System.Net.Sockets.SocketException Stack Trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally() 
 
 
 
Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
 Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
 Attempting to locate SRV record _autodiscover._tcp.mygcbe.com in DNS.
 Failed to find AutoDiscover SRV record in DNS.
 Tell me more about this issue and how to resolve it

Open in new window

0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24027912
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24028011
Looking at the Autodiscover test results posted, this looks eike a problem either with the Firewall of your company network or the DNS. If your company uses a firewall, check if port 443 is opened.

Check if users are able to log on to OWA from outside the company network. If OWA works within the company and not outside the company, then it is a problem with DNS or firewall.
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24028041
alexsaiz: I will try both articles that you posted. I loaded the cert in the iphone and when I went to set it up, it didn't prompt me to accept the cert but I still got the exchange account verification failed error.

OWA does work outside and inside the network. I can even use OWA on the iphone.
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24028168
Note: Our external URL was set to https://mail.mygcbe.com/OWA

We changed it to:

https://mail.mygcbe.com/Microsoft-Server-Activesync/

Is that correct?
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24028169
can you let me know the settings that you have on the iphone?

Ideally it should be as below
Email:  email@domain.com
Server:  server name.domain.com
Domain: (blank)
Username: (username)
Password: (Password)
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24028217
https://mail.mygcbe.com/owa  was good enough!!
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24028671
Email:Jmoody AT mygcbe.com
Server: mail.mygcbe.com
Domain: blank
Username: Joseph
Password: mypassword
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24028862
I was trying to troubleshoot this error:

Test Steps
 Attempting to test potential AutoDiscover URL https://mygcbe.com/AutoDiscover/AutoDiscover.xml
 Failed testing this potential AutoDiscover URL
Test Steps
 Attempting to Resolve the host name mygcbe.com in DNS.
 The Host could not be resolved.
 Tell me more about this issue and how to resolve it


I tried entering the public IP of our mail server but that failed as well (same error).
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24029512
Check if auto iscover works with MS Outlook outside of your network.
(ie, try configuring a new outlook profile)

Please also disable IP V6. It might cause some issues. After disabling IPV6, you might need a server reboot.
0
 
LVL 1

Expert Comment

by:alexsaiz
ID: 24029584
"In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items.
This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.

" Add the following registry value (DWORD type) set to 0xFFFFFFFF:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
0
 
LVL 1

Accepted Solution

by:
alexsaiz earned 2000 total points
ID: 24029715
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 24050457
Just to let yall know, I am still reading up on these links. I will be out of town all of next week so I won't be able to reply to anything.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question