Solved

Problem with Exchange ActiveSync and the iPhone 3G

Posted on 2009-04-02
4
2,755 Views
Last Modified: 2012-05-06
Error:
The mailbox server xxxxxxxxx has its [exchange] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------
Need some help with this error.   Trying to get our exchange server set to work with the iPhone 3G.  There's no way we're turning off SSL on the virtual directory AND Apple even states in their deployment guide that SSL is necessary.   In that article, it mentions this:

Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory.


Do we really have to do this?  Isn't there a way to pinpoint EXACTLY why the iPhone and the Exchange won't talk to each other correctly?  I've spoken to AT&T (useless), spoken to Apple, etc..  Can't get a straight answer on exactly why this won't work.
0
Comment
Question by:webboy634
4 Comments
 
LVL 6

Expert Comment

by:AJermo
ID: 24050430
There's a checkbox on the Activesync to enable SSL. If you aren't using a public certificate you'll need to install the cert or a CA cert on the Iphone. This should resolve the issues.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24052586
You are confusing the ability to USE SSL with the setting to REQUIRE SSL. They are not the same. If the certificate is there, then the device can use it. You do not need to have require SSL enabled.
Furthermore, if you only have port 443 open, then they can only use an SSL connection, doesn't matter if you set the require SSL setting or not.

The reason why they will not talk is because Exchange ActiveSync makes an internal call on port 80 to the /exchange virtual directory, which having require SSL enabled on the /exchange virtual directory stops it from working.

Then if you have Forms Based Authentication enabled, that only works on basic authentication, whereas the internal call wants to use Integrated/NTLM authentication.
Therefore the instructions in 817379 setup a second virtual directory for the Exchange ActiveSYnc process to connect to that does not have the restriction of require SSL or basic authentication.

Do be aware thought that 817379 presumes that you are configuring the virtual directories from scratch, not that the setting is already in place. If you follow the instructions exactly as they are, you will actually fail to resolve the problem.
I wrote slightly modified instructions here:
http://www.amset.info/exchange/mobile-85010014.asp

Then there are issues with the iPhone and self generated certificates and the simple fact that the iPhone is a very poor implementation of the Exchange activesync protocol.
Once you have the server configured correctly, then test it using a test account on Microsoft's test site: https://www.testexchangeconnectivity.com/

Simon.
0
 

Author Closing Comment

by:webboy634
ID: 31565797
It now works.  Can't explain why.  The only thing my IT director did was turn off SSL and then turn it back on.  Everything on the device was already done correctly (did it with Apple on the phone).   It's a wierd situation but seems to work now.    Thanks much.
0
 

Expert Comment

by:vitsolutions
ID: 24690539
I have to say a big thank you to Simon, we recently switched from blackberry bes to iphone 3GS using Active Sync and had the same issues. His solution worked without any hiccup, make sure you follow all of the steps.

Thanks again, we have now added this to our internal Knowledge Base.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now