Solved

SBS 2003 - Activesync - Iphone - unable to get working..

Posted on 2009-04-12
19
2,001 Views
Last Modified: 2012-06-27
I have been working for a couple of weeks trying to get my IPhone 3G to sync with our sbs2003 exchange server.
I have followed the steps or taken the advice in the following resources
http://blog.fosketts.net/2008/07/10/how-to-set-up-iphone-exchange-activesync/
https://www.testexchangeconnectivity.com/
http://www.amset.info/exchange/mobile-85010014.asp

I have installed a cert from GoDaddy and made sure that I have installed service pack 2.
I got a great deal of assistance here from DMTechGrooup but he felt that a new post and some fresh assistance would help.

I have disabled forms based authentication and enabled unsupported  devices.
We have a split DNS with acmebread.com (not) as the public FQDN and acbread.local as the internal server.
I have uninstalled activesync 3.8 and reinstalled 4.5.
I have twice built new exchange-oma virtual folders
0
Comment
Question by:pmacafee
  • 11
  • 4
  • 3
  • +1
19 Comments
 
LVL 8

Expert Comment

by:MrMintanet
ID: 24126600
0
 
LVL 4

Expert Comment

by:StefanKittel
ID: 24126827
Hello,

try this to get the error more closes: https://www.testexchangeconnectivity.com/Default.aspx
(Its from MS)

Stefan
0
 

Author Comment

by:pmacafee
ID: 24126969
MrMintanet & StefanKittel, thanks for the prompt response
Here is the error with the ignore trust for SSL button checked
_________________________________________
Test Steps
   Attempting to send OPTIONS command to server
  OPTIONS response was successfully received and is valid
 Additional Details
  Headers received: MicrosoftOfficeWebServer: 5.0_Pub Pragma: no-cache Public: OPTIONS, POST Allow: OPTIONS, POST MS-Server-ActiveSync: 6.5.7638.1 MS-ASProtocolVersions: 1.0,2.0,2.1,2.5 MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping Content-Length: 0 Date: Sun, 12 Apr 2009 21:10:54 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET  
 
 Attempting FolderSync command on ActiveSync session
  FolderSync command test failed
   Tell me more about this issue and how to resolve it
 
 Additional Details
  Exchange Activesync returned an HTTP 500 response.
 
 ______________________________________________________
Here is the error with ignore trust for SSL unchecked
______________________________________________________

Test Steps
   Attempting to send OPTIONS command to server
  Testing the OPTIONS command failed. See Additional Details for more info
 Additional Details
  A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
 ________________________________________________
Thanks for the interest
 
0
 
LVL 4

Expert Comment

by:StefanKittel
ID: 24127010
Hello,

have a look here: http://www.petri.co.il/configure_oma.htm
Please check it point by point

It's hard to tell the error you have.

Stefan
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24127014
If the SSL certificates have been installed correctly, then you shouldn't need to run the test with the ignore trust enabled, as the site can cope with the GoDaddy certificates (its secured with them!).

Is this SBS R2 or the original version?
If you browse to OMA from the device, do you get a certificate prompt?

It looks like authentication settings errors, which are usually resolved by running the Configure Internet and Email wizard and ensuring that the relevant options are enabled in the wizard.

Simon.
0
 

Author Comment

by:pmacafee
ID: 24127188
I am going to travel from home to the office so that I can taje advantage of this advice, and I can work easily with the server and the Iphone at the same time. Will report back in about an hour.
Thanks
0
 

Author Comment

by:pmacafee
ID: 24127255
Before I leave, I have service pack 2 installed on the SBS 2003.
I do get a certificate prompt that says the certificate is invalid, and I chose to accept it and log in.

I should give you some history that might provide a clue to where my error is.
When we set up our sbs 2003 environment, we decided that we should not host our email on our local server but let our website do the hosting.
Say our business is Acme Bread Comapny (not)
Domain: Acme
Server: Loaf
Website: abco.com
email server was therefore loaf.acme.local
We have been using rpc over html to successfully log in remotely for some time using a self-cert and the reverse dns for the internet connection to the sbs 2003 server.
We set up office users to have pop3 clients for their web hosted mailboxes and then set exchange not to send mail.
At the beginning of this trouble shooting, I was advised that the self cert would not work. So we registered a domain for the ip address of the server and got a GoDaddy cert. The url is acmebread.com.

At some point in running the email Configure Internet and Email wizard, I am asked for the default email server and in the past, I always entered abco.com but I am worried now that I should now be entering the FQDN for the server which is athe above cmebread.com. Or perhaps I should have made the certificate for msstd:acmebread.com.

On my way
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24127423
If you are getting the SSL warning then things are not good. ActiveSync cannot cope with the warning. That either means the certificate wasn't installed correctly or you have used different names.

The fact that your email is going through another host did not mean that you needed to get another domain name. You could have simply asked whoever looks after your domain to setup another host in your domain and pointed it to your server - owa.example.com
Then purchased a certificate for owa.example.com. The same certificate would work for RPC over HTTPS as well.

Resolve the certificate issue to begin with, then you can move on from there.

Simon.
0
 

Author Comment

by:pmacafee
ID: 24127675
Ok, so I go to my webhosting company CrystalTech and ask them set up a host in our domain. If I understand you we did not have to register our net address, we could have used the ip or the reverse dns address of our server? Can you tell me what happens when the web hosting company sets up a host in our domain? Do they just take the ip address and it to their list of mail servers or something?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:pmacafee
ID: 24131519
I guess that I am still confused.

I guess that I should I have gotten the certificate for owa.domain.com rather than domain.com?

Also, when you refer to my domain, do you mean our website, not the domain associated with our SBS 2003 server?


0
 

Author Comment

by:pmacafee
ID: 24132069
Steve Foskett's tutorial on setting up Activesync on the IPhone recommends the oma.server name.
 Quote:
"The one you want is the ActiveSync server, sometimes called oma.yourcompany.com since its mainly used for Outlook Mobile on Windows Mobile devices."

Sould I be generating a new certificate for oma.yourcompany.com or owa?

0
 
LVL 4

Expert Comment

by:StefanKittel
ID: 24132355
Hello,

I've allways only create the OWA cert and site.
The OMA was working without anything to do.

You need an hostname to access from the internet like. "mail.company.com", Port 443 and a cert for the name "mail.company.com". Nothing more.

Stefan
0
 

Author Comment

by:pmacafee
ID: 24132706
StefanKittel:
I want to be cautious here, you first mention the "OWA cert" and then mention the mail.company.com cert. My current cert is for company.com and Foskette wants me to enter oma.company.com for the IPhone. I am about ready to re-run the cert request and modify my GoDaddy cert and install it. What do you think it should be?
0
 
LVL 4

Expert Comment

by:StefanKittel
ID: 24132815
Hello,

you need a certificat for a host. host.domain.com.
Have a look here: https://mail.lornamead.de/

I'm not sure you need a domain certificat. But I don't think so.

Stefan
0
 

Author Comment

by:pmacafee
ID: 24132898
Thanks, will get cert and then continue discussions.
0
 

Author Comment

by:pmacafee
ID: 24134129
Ok, I got a new cert for oma.server.com
I set integrated authentication for all virtual servers.
I have got to this error in the testexchangeconnectivity.
Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24137486
Have you run the Configure Internet and Email wizard and ensured that the settings are correct? By default SBS blocks access to some of the virtual directories until you enable the options in the wizard.

Simon.
0
 

Author Comment

by:pmacafee
ID: 24141631
So I got it by goint through every virtual server and making sure that anonymous login was disabled and that basic and integrated login was set.

The other thing I did, was to delete the server.domain.local entry from the domain box. When I left that in I kept getting a password error.
Thanks to all. Now to get rpc over http working for everyone else.
0
 

Author Comment

by:pmacafee
ID: 24141870
For future reference to fellow travelers , I want to make it this clear. With the FQDN cert configured for either for company.com or for oma.comany.com, i was able to get to the above http: 500,  401 and 1.1. 403 errors. With both certs, the IPhone would not accept my password and kept asking for a correct password over and over. The iPhone configuration had the domain set to oma.company.com and the server was machine.domain.local. I deleted the server and everything went OK, and now I remember that the Foskett article talked about this.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now