SBS 2003 - Activesync - Iphone - unable to get working..

I have been working for a couple of weeks trying to get my IPhone 3G to sync with our sbs2003 exchange server.
I have followed the steps or taken the advice in the following resources
http://blog.fosketts.net/2008/07/10/how-to-set-up-iphone-exchange-activesync/
https://www.testexchangeconnectivity.com/
http://www.amset.info/exchange/mobile-85010014.asp

I have installed a cert from GoDaddy and made sure that I have installed service pack 2.
I got a great deal of assistance here from DMTechGrooup but he felt that a new post and some fresh assistance would help.

I have disabled forms based authentication and enabled unsupported  devices.
We have a split DNS with acmebread.com (not) as the public FQDN and acbread.local as the internal server.
I have uninstalled activesync 3.8 and reinstalled 4.5.
I have twice built new exchange-oma virtual folders
pmacafeeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StefanKittelCommented:
Hello,

try this to get the error more closes: https://www.testexchangeconnectivity.com/Default.aspx
(Its from MS)

Stefan
0
pmacafeeAuthor Commented:
MrMintanet & StefanKittel, thanks for the prompt response
Here is the error with the ignore trust for SSL button checked
_________________________________________
Test Steps
   Attempting to send OPTIONS command to server
  OPTIONS response was successfully received and is valid
 Additional Details
  Headers received: MicrosoftOfficeWebServer: 5.0_Pub Pragma: no-cache Public: OPTIONS, POST Allow: OPTIONS, POST MS-Server-ActiveSync: 6.5.7638.1 MS-ASProtocolVersions: 1.0,2.0,2.1,2.5 MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping Content-Length: 0 Date: Sun, 12 Apr 2009 21:10:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET  
 
 Attempting FolderSync command on ActiveSync session
  FolderSync command test failed
   Tell me more about this issue and how to resolve it
 
 Additional Details
  Exchange Activesync returned an HTTP 500 response.
 
 ______________________________________________________
Here is the error with ignore trust for SSL unchecked
______________________________________________________

Test Steps
   Attempting to send OPTIONS command to server
  Testing the OPTIONS command failed. See Additional Details for more info
 Additional Details
  A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
 ________________________________________________
Thanks for the interest
 
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

StefanKittelCommented:
Hello,

have a look here: http://www.petri.co.il/configure_oma.htm
Please check it point by point

It's hard to tell the error you have.

Stefan
0
MesthaCommented:
If the SSL certificates have been installed correctly, then you shouldn't need to run the test with the ignore trust enabled, as the site can cope with the GoDaddy certificates (its secured with them!).

Is this SBS R2 or the original version?
If you browse to OMA from the device, do you get a certificate prompt?

It looks like authentication settings errors, which are usually resolved by running the Configure Internet and Email wizard and ensuring that the relevant options are enabled in the wizard.

Simon.
0
pmacafeeAuthor Commented:
I am going to travel from home to the office so that I can taje advantage of this advice, and I can work easily with the server and the Iphone at the same time. Will report back in about an hour.
Thanks
0
pmacafeeAuthor Commented:
Before I leave, I have service pack 2 installed on the SBS 2003.
I do get a certificate prompt that says the certificate is invalid, and I chose to accept it and log in.

I should give you some history that might provide a clue to where my error is.
When we set up our sbs 2003 environment, we decided that we should not host our email on our local server but let our website do the hosting.
Say our business is Acme Bread Comapny (not)
Domain: Acme
Server: Loaf
Website: abco.com
email server was therefore loaf.acme.local
We have been using rpc over html to successfully log in remotely for some time using a self-cert and the reverse dns for the internet connection to the sbs 2003 server.
We set up office users to have pop3 clients for their web hosted mailboxes and then set exchange not to send mail.
At the beginning of this trouble shooting, I was advised that the self cert would not work. So we registered a domain for the ip address of the server and got a GoDaddy cert. The url is acmebread.com.

At some point in running the email Configure Internet and Email wizard, I am asked for the default email server and in the past, I always entered abco.com but I am worried now that I should now be entering the FQDN for the server which is athe above cmebread.com. Or perhaps I should have made the certificate for msstd:acmebread.com.

On my way
0
MesthaCommented:
If you are getting the SSL warning then things are not good. ActiveSync cannot cope with the warning. That either means the certificate wasn't installed correctly or you have used different names.

The fact that your email is going through another host did not mean that you needed to get another domain name. You could have simply asked whoever looks after your domain to setup another host in your domain and pointed it to your server - owa.example.com
Then purchased a certificate for owa.example.com. The same certificate would work for RPC over HTTPS as well.

Resolve the certificate issue to begin with, then you can move on from there.

Simon.
0
pmacafeeAuthor Commented:
Ok, so I go to my webhosting company CrystalTech and ask them set up a host in our domain. If I understand you we did not have to register our net address, we could have used the ip or the reverse dns address of our server? Can you tell me what happens when the web hosting company sets up a host in our domain? Do they just take the ip address and it to their list of mail servers or something?
0
pmacafeeAuthor Commented:
I guess that I am still confused.

I guess that I should I have gotten the certificate for owa.domain.com rather than domain.com?

Also, when you refer to my domain, do you mean our website, not the domain associated with our SBS 2003 server?


0
pmacafeeAuthor Commented:
Steve Foskett's tutorial on setting up Activesync on the IPhone recommends the oma.server name.
 Quote:
"The one you want is the ActiveSync server, sometimes called oma.yourcompany.com since its mainly used for Outlook Mobile on Windows Mobile devices."

Sould I be generating a new certificate for oma.yourcompany.com or owa?

0
StefanKittelCommented:
Hello,

I've allways only create the OWA cert and site.
The OMA was working without anything to do.

You need an hostname to access from the internet like. "mail.company.com", Port 443 and a cert for the name "mail.company.com". Nothing more.

Stefan
0
pmacafeeAuthor Commented:
StefanKittel:
I want to be cautious here, you first mention the "OWA cert" and then mention the mail.company.com cert. My current cert is for company.com and Foskette wants me to enter oma.company.com for the IPhone. I am about ready to re-run the cert request and modify my GoDaddy cert and install it. What do you think it should be?
0
StefanKittelCommented:
Hello,

you need a certificat for a host. host.domain.com.
Have a look here: https://mail.lornamead.de/

I'm not sure you need a domain certificat. But I don't think so.

Stefan
0
pmacafeeAuthor Commented:
Thanks, will get cert and then continue discussions.
0
pmacafeeAuthor Commented:
Ok, I got a new cert for oma.server.com
I set integrated authentication for all virtual servers.
I have got to this error in the testexchangeconnectivity.
Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
0
MesthaCommented:
Have you run the Configure Internet and Email wizard and ensured that the settings are correct? By default SBS blocks access to some of the virtual directories until you enable the options in the wizard.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pmacafeeAuthor Commented:
So I got it by goint through every virtual server and making sure that anonymous login was disabled and that basic and integrated login was set.

The other thing I did, was to delete the server.domain.local entry from the domain box. When I left that in I kept getting a password error.
Thanks to all. Now to get rpc over http working for everyone else.
0
pmacafeeAuthor Commented:
For future reference to fellow travelers , I want to make it this clear. With the FQDN cert configured for either for company.com or for oma.comany.com, i was able to get to the above http: 500,  401 and 1.1. 403 errors. With both certs, the IPhone would not accept my password and kept asking for a correct password over and over. The iPhone configuration had the domain set to oma.company.com and the server was machine.domain.local. I deleted the server and everything went OK, and now I remember that the Foskett article talked about this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.