Solved

Connecting my Iphone to my Exchange Server

Posted on 2009-07-07
16
588 Views
Last Modified: 2012-05-07
Alright, I have spent a few days on this issue and I am not seeing any progress. I have read countless articles and haven't found the answer yet.

I am running SBS 2003 with exchange patched to service pack 2.
I am using the iphone 3G to try to connect to the exchange server.
I can access mail.mydomain.com/exchange to get my email through owa. (outside my network)
When I try to access https://internaldomain/oma from inside my network I get a login prompt, but when I put domain\user and password it gives me "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator." error.
I purchased a certificate from Godaddy, and followed their instructions to install both certs they sent me, then email myself the cert on my iphone and installed it there.
I have tried every possible combination of server/username on the phone, but I always get "CANNOT GET MAIL" "The Connection to the server failed." although sometimes it also pops up with incorrect username/password at the same time.
When I look at my OWA Logs i can see my attempts at connecting, but the logs do not give me any other information useful (Im not 100% on ciphering these logs) but it shows "/Microsoft-Server/ActiveSync - 443 - 000.000.000.000 Apple-iPhone/701.341 403 6 0 1744 302"
I have every port anyone has ever mentioned open on my firewall. I do not currently have the list but 443 is one of them, and if you ask me to test a few more, I will tell you the results.
IMAP4 is started with all the sll encryption settings on.
If you need any further information let me know, I cant think of anything else to tell you to fill you in more on my situation.
0
Comment
Question by:danebostick
  • 7
  • 7
  • 2
16 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 24796634
Best place to start is by testing your Activesync setup on https://testexchangeconnectivity.com and see where it errors and follow the guidance as to what needs to change.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 24796643
You only need ports 80 and 443 for Activesync open.
0
 

Author Comment

by:danebostick
ID: 24797023
Attempting to Resolve the host name mail.mydomain.com in DNS. ---- Host successfully Resolved
Testing TCP Port 443 on host mail.mydomain.com to ensure it is listening/open. ---- The port was opened successfully.
Testing SSL Certificate for validity. ---- The certificate passed all validation requirements.
Testing Http Authentication Methods for URL https://mail.mydomain.com/Microsoft-Server-Activesync/ ---- Http Authentication Test failed

So its something with the http Authentication Methods...heres the expansion...
An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>

<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">

<STYLE type="text/css">

BODY { font: 8pt/12pt verdana }

H1 { font: 13pt/15pt verdana }

H2 { font: 8pt/12pt verdana }

A:link { color: red }

A:visited { color: maroon }

</STYLE>

</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
 

<h1>You are not authorized to view this page</h1>

The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.

<hr>

<p>Please try the following:</p>

<ul>

<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>

</ul>

<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>

<hr>

<p>Technical Information (for support personnel)</p>

<ul>

<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>

<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),

and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>

</ul>
 

</TD></TR></TABLE></BODY></HTML>

Open in new window

0
 

Author Comment

by:danebostick
ID: 24797091
I went to IIS under SERVER>WEB SITES>DEFAULT WEBSITE>MICROSOFT-SERVER-ACTIVESYNC>PROPERTIES and under the Microsoft-Server-Activesync Properties I went to the Directory Security Tab and went to EDIT under IP address and domainb name restrictions and the IP Address and Domain Name Restrictions have denied access except for the servers internal ip address and the localhost ip address (127.0.0.1). Could this be where I am getting hung up? I dont like to change these types of things without someone who knows a little more about security.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 24797131
Yes - remove the restriction by allowing all not denying all and test it again.
You may have the same issue on the OMA folder too.
0
 

Author Comment

by:danebostick
ID: 24797215
Alright, changed the access required on both the OMA and Microsoft-Server-Activesync folders and the exchange server remote connectivity analyzer came back with no errors...now my imap account on my iphone is unable to connect to mail.myserver.com which isnt a big deal if i get exchange working, im still getting the connection to the server failed on the iphone, using mail.mydomain.com and domain\user and password with domain.com as the domain...
0
 

Author Comment

by:danebostick
ID: 24797237
Im also still unable to get to https://server/oma...i get the username/password box, put in domain\user and password but still get "  A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24797279
Are you trying the https://server/oma from a phone or from IE?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:danebostick
ID: 24797296
noticed that my username was actually domain/user i fixed that and it seems to have fixed the issue! I appreciate all your help Alan!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24797325
My OMA settings (Directory Security) are:
  • Authentication - Basic with default domain as '\' - (remove the quotes) and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
My Microsoft-Server-Activesync settings (Directory Security) are:
  • Authentication - Basic with default domain as netbiosdomainname and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
Chec your settings for these and change anything that does not match and try again.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24797333
Does that mean we have lift off!?
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24797352
Getting a runtime error when trying to get in the OMA direcotry via a web broswer is normal.
I think your problem sounds like the type of authentication set on the virtual directories. Can you go have a look on the Directory security tab for the two virtual directories
  • OMA
  • Microsoft Active Sync
And confirm what type of auths are ticked...?
You should only need port 443 or 80 oprn on the FW to exchange (80 for no SSL traffic or 443 for SSL).
Oh and can you confirm whether or not you are using Forms Based Authentication? I don'think so after reading your previous comments but just one to be sure
0
 

Author Closing Comment

by:danebostick
ID: 31600720
Really appreciate all your help, im syncing calendar, contacts and email just fine now on my iphone!
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24800938
Sorry I don#t where I was last night with a comment asking you for exactly the info that you had posted...! Sorry!
0
 

Author Comment

by:danebostick
ID: 24804948
at the end there the posts were coming in faster than you could refresh =p thanks for all the help again Alan, and thanks John for your replies also.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24805011
No problems - glad you are working and thanks for the points.
Alan
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Let me explain this picture a little bit.  First, in case you haven't already guessed, you are looking at my 2 phones, an Android Samsung Galaxy S5 on the left and an iPhone 5 on the right.  They are on their respective cradles on my desk.  But, you…
There is a security feature on iOS devices that is nearly impenetrable when it has been activated.  This article will provide some possible solutions as well as necessary steps to take to ensure you do not end up with a locked device.
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now