Connecting my Iphone to my Exchange Server

Alright, I have spent a few days on this issue and I am not seeing any progress. I have read countless articles and haven't found the answer yet.

I am running SBS 2003 with exchange patched to service pack 2.
I am using the iphone 3G to try to connect to the exchange server.
I can access mail.mydomain.com/exchange to get my email through owa. (outside my network)
When I try to access https://internaldomain/oma from inside my network I get a login prompt, but when I put domain\user and password it gives me "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator." error.
I purchased a certificate from Godaddy, and followed their instructions to install both certs they sent me, then email myself the cert on my iphone and installed it there.
I have tried every possible combination of server/username on the phone, but I always get "CANNOT GET MAIL" "The Connection to the server failed." although sometimes it also pops up with incorrect username/password at the same time.
When I look at my OWA Logs i can see my attempts at connecting, but the logs do not give me any other information useful (Im not 100% on ciphering these logs) but it shows "/Microsoft-Server/ActiveSync - 443 - 000.000.000.000 Apple-iPhone/701.341 403 6 0 1744 302"
I have every port anyone has ever mentioned open on my firewall. I do not currently have the list but 443 is one of them, and if you ask me to test a few more, I will tell you the results.
IMAP4 is started with all the sll encryption settings on.
If you need any further information let me know, I cant think of anything else to tell you to fill you in more on my situation.
danebostickAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Best place to start is by testing your Activesync setup on https://testexchangeconnectivity.com and see where it errors and follow the guidance as to what needs to change.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
You only need ports 80 and 443 for Activesync open.
0
danebostickAuthor Commented:
Attempting to Resolve the host name mail.mydomain.com in DNS. ---- Host successfully Resolved
Testing TCP Port 443 on host mail.mydomain.com to ensure it is listening/open. ---- The port was opened successfully.
Testing SSL Certificate for validity. ---- The certificate passed all validation requirements.
Testing Http Authentication Methods for URL https://mail.mydomain.com/Microsoft-Server-Activesync/ ---- Http Authentication Test failed

So its something with the http Authentication Methods...heres the expansion...
An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
 
<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
 
</TD></TR></TABLE></BODY></HTML>

Open in new window

0
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

danebostickAuthor Commented:
I went to IIS under SERVER>WEB SITES>DEFAULT WEBSITE>MICROSOFT-SERVER-ACTIVESYNC>PROPERTIES and under the Microsoft-Server-Activesync Properties I went to the Directory Security Tab and went to EDIT under IP address and domainb name restrictions and the IP Address and Domain Name Restrictions have denied access except for the servers internal ip address and the localhost ip address (127.0.0.1). Could this be where I am getting hung up? I dont like to change these types of things without someone who knows a little more about security.
0
Alan HardistyCo-OwnerCommented:
Yes - remove the restriction by allowing all not denying all and test it again.
You may have the same issue on the OMA folder too.
0
danebostickAuthor Commented:
Alright, changed the access required on both the OMA and Microsoft-Server-Activesync folders and the exchange server remote connectivity analyzer came back with no errors...now my imap account on my iphone is unable to connect to mail.myserver.com which isnt a big deal if i get exchange working, im still getting the connection to the server failed on the iphone, using mail.mydomain.com and domain\user and password with domain.com as the domain...
0
danebostickAuthor Commented:
Im also still unable to get to https://server/oma...i get the username/password box, put in domain\user and password but still get "  A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."
0
Alan HardistyCo-OwnerCommented:
Are you trying the https://server/oma from a phone or from IE?
0
danebostickAuthor Commented:
noticed that my username was actually domain/user i fixed that and it seems to have fixed the issue! I appreciate all your help Alan!
0
Alan HardistyCo-OwnerCommented:
My OMA settings (Directory Security) are:
  • Authentication - Basic with default domain as '\' - (remove the quotes) and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
My Microsoft-Server-Activesync settings (Directory Security) are:
  • Authentication - Basic with default domain as netbiosdomainname and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
Chec your settings for these and change anything that does not match and try again.
0
Alan HardistyCo-OwnerCommented:
Does that mean we have lift off!?
0
JohnGerhardtCommented:
Getting a runtime error when trying to get in the OMA direcotry via a web broswer is normal.
I think your problem sounds like the type of authentication set on the virtual directories. Can you go have a look on the Directory security tab for the two virtual directories
  • OMA
  • Microsoft Active Sync
And confirm what type of auths are ticked...?
You should only need port 443 or 80 oprn on the FW to exchange (80 for no SSL traffic or 443 for SSL).
Oh and can you confirm whether or not you are using Forms Based Authentication? I don'think so after reading your previous comments but just one to be sure
0
danebostickAuthor Commented:
Really appreciate all your help, im syncing calendar, contacts and email just fine now on my iphone!
0
JohnGerhardtCommented:
Sorry I don#t where I was last night with a comment asking you for exactly the info that you had posted...! Sorry!
0
danebostickAuthor Commented:
at the end there the posts were coming in faster than you could refresh =p thanks for all the help again Alan, and thanks John for your replies also.
0
Alan HardistyCo-OwnerCommented:
No problems - glad you are working and thanks for the points.
Alan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.