Solved

Configure Exchange 2003 to use iPhones without affecting OWA users

Posted on 2009-07-08
13
1,250 Views
Last Modified: 2013-11-29
I have a limited understanding of exchange, every single document and guide so far i have found on the network is past my understanding. I'm looking for more of a step by step where to go guide to set this up.

--FACTS--
Exchange is behind a firewall
iphone ports have been opened
50% of users connect via OWA and connect be affected
50% of users connect via Outlook on the local network
Only 1 exchange server (i don't understand this front end back end stuff)
Emails are downloaded from our ISP via a exchange POP downloaded program (3rd party)
Blackberry users have no issues connecting
all users names contain spaces in them
---------

How do i go about configuring this exchange properly? I 'think' im looking to setup an IMAP connection? unable to properly connect via iphone or windows mail (figure its all the same, used as testing)


Exchange Event
Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3031
Date:            7/8/2009
Time:            10:28:45 AM
User:            DOMAIN\USER NAME
Computer:      SERVERNAME
Description:
The mailbox server [SERVERNAME.DOMAIN.COM] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.  For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003".   For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication".   This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services".


However i do not understand the documents on the Microsoft site

Windows Mail Error
Windows Mail

Your IMAP server has closed the connection. This may occur if you have left the connection idle for too long.

Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 closing connection: logon attempt limit exceeded.

Configuration:

   Account: PUBILIC_IP
   Server: PUBILIC_IP
   User name: domain\user name
   Protocol: IMAP
   Port: 143
   Secure(SSL): 0
   Code: 800cccdd

yet i am populating correct information when connecting.

Any help would be greatly appreciated.
0
Comment
Question by:funnymanmike
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 200 total points
ID: 24804362
The best way to setup the iPhones is to use Activesync, which ises ports 80 and 443.  IMAP is an inferior way of emailing and should only be used if Activesync fails.
You should be able to use OWA, Activesync and Outlook without any problems.
If you visit https://testexchangeconnectivity.com to see if your server is setup and ready to use Activesync - it will either come back happy, or let you know where the problems lie an how to go about fixing them.
Please post back if you need further help.
0
 
LVL 5

Author Comment

by:funnymanmike
ID: 24804478
     Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
       
      Tell me more about this issue and how to resolve it
      Additional Details
       Exchange Activesync returned an HTTP 500 response.

which eventually leads me to http://support.microsoft.com/kb/817379 a document ive read a few times now, but still lack the understanding needed to implement
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 200 total points
ID: 24804524
Open up IIS on your server and then expand the web sites, then expand the default web sites.
Look down under the default websites for the OMA and Microsoft-Server-Activesync folders
Right click on one folder and check the settings match these (make a note of anything you change so you can put it back if it breaks something):
The OMA settings (Directory Security) are:
  • Authentication - Basic with default domain as '\' - (remove the quotes) and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
My Microsoft-Server-Activesync settings (Directory Security) are:
  • Authentication - Basic with default domain as netbiosdomainname and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
Check your settings for these and change anything that does not match and try again.
Alan
0
 
LVL 8

Accepted Solution

by:
Npatang earned 300 total points
ID: 24804569
http://support.microsoft.com/kb/817379 You need to follow this Article When you have forced the SSL on Exchange Virtual Directory.

If you don't want to follow the article just make sure couple of things in IIS.
Remove SSL from Exchange virtual directory. ( Exchange Virtual directory > properties)
Integrated and basix Authentication should be set on the Exchnage Virual directory.( Exchange Virtual directory > properties)
on Activesync Virtual directory Basix Auth should be selected.

Once this done do the iisreset and try syncing the mobile sevice
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24804615
Npatang - please read the full thread before posting.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24804638
I did that , but when I open the thread at that time your comments was not added,  Just 3 minutes Gap I guess..
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24804660
The world is slowing down ;-)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24804704
Funnymanmike - Open up your Application Event Logs (Start, Run, [type] eventvwr.exe and press enter)
Check for Activesync Errors in the event source and report back with the Event ID's please.
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24805111
Hi,
Can you confirm whether or not you are using Forms based authentication for your OWA users.
You will know this if when they connect to OWA they received a nice logon screen with logon (default has a nice dark blue background). If not then they will receive the standard IE login box, where the users woluld type in the UPN or domain\user and there password.
If forms based auth is enabled it causes trouble with active sync and we can then step you through getting this sorted...
0
 
LVL 5

Author Comment

by:funnymanmike
ID: 24805414
JohnGerhardt: They are sent to a nice formatted web based login screen (https)
alanhardisty: Event 3031 and older 3029 messages (3029 not since the 2nd)
alanhardisty: & Npatang: according to ms document it requests an iss reset, ive scheduled this work for after 8pm est tonight. i can't affect current users.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24805468
Okay - so the Exchange virtual directory has SSL enabled - disable this (steps similar to my last post)
 
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 24806339
Ok, Forms based auth could be causing the problem as well as the other stuff. 500 Errors on active sync are often related to this.
Suggest you give this guide a read through if you are still having troubles after you have unchecked the SSL.
The two things that look like they are a problem on your setup is the Forcing of SSL on the Exchange VDirectory and FBA. These are classic troubles when setting up active sync..
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
 
0
 
LVL 5

Author Closing Comment

by:funnymanmike
ID: 31601133
alanhardisty: your link & info was extremely useful and helped give me confidence in testing. however your suggestion did not work
Npatang: this article solved it exactly.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now