asked on

Connecting my Iphone to my Exchange Server

Alright, I have spent a few days on this issue and I am not seeing any progress. I have read countless articles and haven't found the answer yet.

I am running SBS 2003 with exchange patched to service pack 2.
I am using the iphone 3G to try to connect to the exchange server.
I can access mail.mydomain.com/exchange to get my email through owa. (outside my network)
When I try to access https://internaldomain/oma from inside my network I get a login prompt, but when I put domain\user and password it gives me "A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator." error.
I purchased a certificate from Godaddy, and followed their instructions to install both certs they sent me, then email myself the cert on my iphone and installed it there.
I have tried every possible combination of server/username on the phone, but I always get "CANNOT GET MAIL" "The Connection to the server failed." although sometimes it also pops up with incorrect username/password at the same time.
When I look at my OWA Logs i can see my attempts at connecting, but the logs do not give me any other information useful (Im not 100% on ciphering these logs) but it shows "/Microsoft-Server/ActiveSync - 443 - 000.000.000.000 Apple-iPhone/701.341 403 6 0 1744 302"
I have every port anyone has ever mentioned open on my firewall. I do not currently have the list but 443 is one of them, and if you ask me to test a few more, I will tell you the results.
IMAP4 is started with all the sll encryption settings on.
If you need any further information let me know, I cant think of anything else to tell you to fill you in more on my situation.

ASKER CERTIFIED SOLUTION

Alan Hardisty

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Alan Hardisty

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

danebostick

ASKER

Attempting to Resolve the host name mail.mydomain.com in DNS. ---- Host successfully Resolved
Testing TCP Port 443 on host mail.mydomain.com to ensure it is listening/open. ---- The port was opened successfully.
Testing SSL Certificate for validity. ---- The certificate passed all validation requirements.
Testing Http Authentication Methods for URL https://mail.mydomain.com/Microsoft-Server-Activesync/ ---- Http Authentication Test failed

So its something with the http Authentication Methods...heres the expansion...

An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
 
<h1>You are not authorized to view this page</h1>
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
</ul>
<h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
 
</TD></TR></TABLE></BODY></HTML>

Open in new window

danebostick

ASKER

I went to IIS under SERVER>WEB SITES>DEFAULT WEBSITE>MICROSOFT-SERVER-ACTIVESYNC>PROPERTIES and under the Microsoft-Server-Activesync Properties I went to the Directory Security Tab and went to EDIT under IP address and domainb name restrictions and the IP Address and Domain Name Restrictions have denied access except for the servers internal ip address and the localhost ip address (127.0.0.1). Could this be where I am getting hung up? I dont like to change these types of things without someone who knows a little more about security.

SOLUTION

Alan Hardisty

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

danebostick

ASKER

Alright, changed the access required on both the OMA and Microsoft-Server-Activesync folders and the exchange server remote connectivity analyzer came back with no errors...now my imap account on my iphone is unable to connect to mail.myserver.com which isnt a big deal if i get exchange working, im still getting the connection to the server failed on the iphone, using mail.mydomain.com and domain\user and password with domain.com as the domain...

danebostick

ASKER

Im also still unable to get to https://server/oma...i get the username/password box, put in domain\user and password but still get " A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."

Alan Hardisty

Are you trying the https://server/oma from a phone or from IE?

danebostick

ASKER

noticed that my username was actually domain/user i fixed that and it seems to have fixed the issue! I appreciate all your help Alan!

Alan Hardisty

My OMA settings (Directory Security) are:

Authentication - Basic with default domain as '\' - (remove the quotes) and realm as netbiosdomainname
IP Address Restrictions - All allowed
Certificate installed (from default web)
Require Secure Channel (SSL) - not selected

My Microsoft-Server-Activesync settings (Directory Security) are:

Authentication - Basic with default domain as netbiosdomainname and realm as netbiosdomainname
IP Address Restrictions - All allowed
Certificate installed (from default web)
Require Secure Channel (SSL) - not selected

Chec your settings for these and change anything that does not match and try again.

Alan Hardisty

Does that mean we have lift off!?

JohnGerhardt

Getting a runtime error when trying to get in the OMA direcotry via a web broswer is normal.
I think your problem sounds like the type of authentication set on the virtual directories. Can you go have a look on the Directory security tab for the two virtual directories

OMA
Microsoft Active Sync

And confirm what type of auths are ticked...?
You should only need port 443 or 80 oprn on the FW to exchange (80 for no SSL traffic or 443 for SSL).
Oh and can you confirm whether or not you are using Forms Based Authentication? I don'think so after reading your previous comments but just one to be sure

danebostick

ASKER

Really appreciate all your help, im syncing calendar, contacts and email just fine now on my iphone!

JohnGerhardt

Sorry I don#t where I was last night with a comment asking you for exactly the info that you had posted...! Sorry!

danebostick

ASKER

at the end there the posts were coming in faster than you could refresh =p thanks for all the help again Alan, and thanks John for your replies also.

Alan Hardisty

No problems - glad you are working and thanks for the points.
Alan