Configure Exchange 2003 to use iPhones without affecting OWA users

I have a limited understanding of exchange, every single document and guide so far i have found on the network is past my understanding. I'm looking for more of a step by step where to go guide to set this up.

Exchange is behind a firewall
iphone ports have been opened
50% of users connect via OWA and connect be affected
50% of users connect via Outlook on the local network
Only 1 exchange server (i don't understand this front end back end stuff)
Emails are downloaded from our ISP via a exchange POP downloaded program (3rd party)
Blackberry users have no issues connecting
all users names contain spaces in them

How do i go about configuring this exchange properly? I 'think' im looking to setup an IMAP connection? unable to properly connect via iphone or windows mail (figure its all the same, used as testing)

Exchange Event
Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3031
Date:            7/8/2009
Time:            10:28:45 AM
User:            DOMAIN\USER NAME
Computer:      SERVERNAME
The mailbox server [SERVERNAME.DOMAIN.COM] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.  For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003".   For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication".   This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services".

However i do not understand the documents on the Microsoft site

Windows Mail Error
Windows Mail

Your IMAP server has closed the connection. This may occur if you have left the connection idle for too long.

Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 closing connection: logon attempt limit exceeded.


   Account: PUBILIC_IP
   Server: PUBILIC_IP
   User name: domain\user name
   Protocol: IMAP
   Port: 143
   Secure(SSL): 0
   Code: 800cccdd

yet i am populating correct information when connecting.

Any help would be greatly appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
The best way to setup the iPhones is to use Activesync, which ises ports 80 and 443.  IMAP is an inferior way of emailing and should only be used if Activesync fails.
You should be able to use OWA, Activesync and Outlook without any problems.
If you visit to see if your server is setup and ready to use Activesync - it will either come back happy, or let you know where the problems lie an how to go about fixing them.
Please post back if you need further help.
funnymanmikeAuthor Commented:
     Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
      Tell me more about this issue and how to resolve it
      Additional Details
       Exchange Activesync returned an HTTP 500 response.

which eventually leads me to a document ive read a few times now, but still lack the understanding needed to implement
Alan HardistyCo-OwnerCommented:
Open up IIS on your server and then expand the web sites, then expand the default web sites.
Look down under the default websites for the OMA and Microsoft-Server-Activesync folders
Right click on one folder and check the settings match these (make a note of anything you change so you can put it back if it breaks something):
The OMA settings (Directory Security) are:
  • Authentication - Basic with default domain as '\' - (remove the quotes) and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
My Microsoft-Server-Activesync settings (Directory Security) are:
  • Authentication - Basic with default domain as netbiosdomainname and realm as netbiosdomainname
  • IP Address Restrictions - All allowed
  • Certificate installed (from default web)
  • Require Secure Channel (SSL) - not selected
Check your settings for these and change anything that does not match and try again.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

NpatangCommented: You need to follow this Article When you have forced the SSL on Exchange Virtual Directory.

If you don't want to follow the article just make sure couple of things in IIS.
Remove SSL from Exchange virtual directory. ( Exchange Virtual directory > properties)
Integrated and basix Authentication should be set on the Exchnage Virual directory.( Exchange Virtual directory > properties)
on Activesync Virtual directory Basix Auth should be selected.

Once this done do the iisreset and try syncing the mobile sevice

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
Npatang - please read the full thread before posting.
I did that , but when I open the thread at that time your comments was not added,  Just 3 minutes Gap I guess..
Alan HardistyCo-OwnerCommented:
The world is slowing down ;-)
Alan HardistyCo-OwnerCommented:
Funnymanmike - Open up your Application Event Logs (Start, Run, [type] eventvwr.exe and press enter)
Check for Activesync Errors in the event source and report back with the Event ID's please.
Can you confirm whether or not you are using Forms based authentication for your OWA users.
You will know this if when they connect to OWA they received a nice logon screen with logon (default has a nice dark blue background). If not then they will receive the standard IE login box, where the users woluld type in the UPN or domain\user and there password.
If forms based auth is enabled it causes trouble with active sync and we can then step you through getting this sorted...
funnymanmikeAuthor Commented:
JohnGerhardt: They are sent to a nice formatted web based login screen (https)
alanhardisty: Event 3031 and older 3029 messages (3029 not since the 2nd)
alanhardisty: & Npatang: according to ms document it requests an iss reset, ive scheduled this work for after 8pm est tonight. i can't affect current users.
Alan HardistyCo-OwnerCommented:
Okay - so the Exchange virtual directory has SSL enabled - disable this (steps similar to my last post)
Ok, Forms based auth could be causing the problem as well as the other stuff. 500 Errors on active sync are often related to this.
Suggest you give this guide a read through if you are still having troubles after you have unchecked the SSL.
The two things that look like they are a problem on your setup is the Forcing of SSL on the Exchange VDirectory and FBA. These are classic troubles when setting up active sync..
funnymanmikeAuthor Commented:
alanhardisty: your link & info was extremely useful and helped give me confidence in testing. however your suggestion did not work
Npatang: this article solved it exactly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.