Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Problem with Exchange ActiveSync and the iPhone 3G

Posted on 2009-04-02
4
Medium Priority
?
2,780 Views
Last Modified: 2012-05-06
Error:
The mailbox server xxxxxxxxx has its [exchange] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------
Need some help with this error.   Trying to get our exchange server set to work with the iPhone 3G.  There's no way we're turning off SSL on the virtual directory AND Apple even states in their deployment guide that SSL is necessary.   In that article, it mentions this:

Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory.


Do we really have to do this?  Isn't there a way to pinpoint EXACTLY why the iPhone and the Exchange won't talk to each other correctly?  I've spoken to AT&T (useless), spoken to Apple, etc..  Can't get a straight answer on exactly why this won't work.
0
Comment
Question by:webboy634
4 Comments
 
LVL 6

Expert Comment

by:AJermo
ID: 24050430
There's a checkbox on the Activesync to enable SSL. If you aren't using a public certificate you'll need to install the cert or a CA cert on the Iphone. This should resolve the issues.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24052586
You are confusing the ability to USE SSL with the setting to REQUIRE SSL. They are not the same. If the certificate is there, then the device can use it. You do not need to have require SSL enabled.
Furthermore, if you only have port 443 open, then they can only use an SSL connection, doesn't matter if you set the require SSL setting or not.

The reason why they will not talk is because Exchange ActiveSync makes an internal call on port 80 to the /exchange virtual directory, which having require SSL enabled on the /exchange virtual directory stops it from working.

Then if you have Forms Based Authentication enabled, that only works on basic authentication, whereas the internal call wants to use Integrated/NTLM authentication.
Therefore the instructions in 817379 setup a second virtual directory for the Exchange ActiveSYnc process to connect to that does not have the restriction of require SSL or basic authentication.

Do be aware thought that 817379 presumes that you are configuring the virtual directories from scratch, not that the setting is already in place. If you follow the instructions exactly as they are, you will actually fail to resolve the problem.
I wrote slightly modified instructions here:
http://www.amset.info/exchange/mobile-85010014.asp

Then there are issues with the iPhone and self generated certificates and the simple fact that the iPhone is a very poor implementation of the Exchange activesync protocol.
Once you have the server configured correctly, then test it using a test account on Microsoft's test site: https://www.testexchangeconnectivity.com/

Simon.
0
 

Author Closing Comment

by:webboy634
ID: 31565797
It now works.  Can't explain why.  The only thing my IT director did was turn off SSL and then turn it back on.  Everything on the device was already done correctly (did it with Apple on the phone).   It's a wierd situation but seems to work now.    Thanks much.
0
 

Expert Comment

by:vitsolutions
ID: 24690539
I have to say a big thank you to Simon, we recently switched from blackberry bes to iphone 3GS using Active Sync and had the same issues. His solution worked without any hiccup, make sure you follow all of the steps.

Thanks again, we have now added this to our internal Knowledge Base.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month11 days, 8 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question