Solved

Exchange email with iPod touch (iPhone)

Posted on 2009-07-15
41
2,224 Views
Last Modified: 2013-11-06
I'm the network admin at a school and I've just had 10 iPods dropped in my lap and told that they must be set up to Activesync with our Exchange server and use Direct Push.  I can get my info to authenticate, but when I go to get the mail it says it can't find the server.  I'm using Exchange Server 2003 and iPhone 2.0 software.  Configuration on the iPod is as follows:

Email: user@externaldomain.org
Server: external ip address (also tried mail.externaldomain.org)
Domain: internaldomain.local
Username: AD user name
Use SSL: off

I'm sure there's a ton more information that you'll need and I'm forgetting to include, but I can provide whatever is needed.  How can I get these things to sync?
0
Comment
Question by:james_j69_2001
  • 18
  • 18
  • 2
  • +2
41 Comments
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24863156
Here are a few screenshots that you can refer to while configuring the iPhone....
http://support.apple.com/kb/HT2480

also are Windows Mobile able to sync with the Exchange Server?

and also make sure you have exchange Server Service Pack 2 applied...
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24863170
also run a exchange activesync test on http://testexchangeconnectivity.com
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24863177
For iphone to work makesure you have Service pack 2 installed on the server.
If you are using single Server.
make sure that in IIS
Go in the properties of exchange virtual directory > Directory Security > make sure you that Integrated and Basic Auth selected.
make sure SSL should be off on it.
Go in the properties of Microsoft server activesync and make sure you have only basic Auth set.
Also externally try browsing http://owa url/microsoft-server-activesync and see if you get 501/505.
let us know what  do get further on this
0
 
LVL 8

Expert Comment

by:XCHExpert
ID: 24863186
ALso make sure your E2k3 Server is fully updated with latest verion of store.exe and massync.dll

Below link will help you to sync
http://images.apple.com/iphone/enterprise/docs/iPhone_MS_Exchange.pdf
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24863376
You have some setting issues to address before this will work:
Email: user@externaldomain.org - Correct
Server: external ip address (also tried mail.externaldomain.org) - Has to match your SSL Cert and should not be an IP address
Domain: internaldomain.local - Should be internaldomain only
Username: AD user name
Use SSL: off - Won't work without SSL
If you are trying to use Activesync on an iPhone without SSL - that is your first problem.  You have to use SSL as all communications take place over port 443.
If you don't have a certificate on your server, either issue your own one (not recommended), or visit http://www.godaddy.com and buy a 5 year certificate for about US$ 135 - about the cheapest around.
Install the certificate on the server and then you stand a fighting chance of getting it working.
Without SSL - you may as well just use the iPhones as iPods!!!!
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24870194
Okay, so I've installed SP2 and still no go.  I don't have any Windows mobile devices, so I don't know if they work or not.  I did all of the activesync tests at testexchangeconnectivity.com and they all failed.  I went to IIS and changed the settings as suggested by Npatang and still nothing.  When I go to http://owa url/microsoft-server-activesync, I get a 404 message.  However, if I use https, I do get a 501/505.  

Where IIS is concerned I'm a little confused.  I didn't set this server up so I'm not 100% sure what's going on with it.  There are 2 default web sites.  One I know is for our OWA and it is working fine.  The other appears to be for activesync, and so that is the one I'm changing settings on.  Is this a normal setup, or should they be using the same site?

I'll be trying the other suggestions here shortly.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24870260
Actualkly there should be one default website which be listen on port 80 and 443 and Ip address should be all unassigned.
Under that Virtual directory you shold have Actuvesync and exchange virtual directory , Also make sure that you use the ssl on the iphoen to connect
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24870394
As Npatang says - there should only be one default website.
Can you screen-dump your IIS setup please and post it here.  This will give us a better picture of what you are seeing so we can help you more easily.
What is on your Certificate - right click your default website and choose properties.  Click on the Directory Security Tab and then on the View Certificate button.
In the middle of the certificate is the name - what does this say?
Alan
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24870650
Here is IIS and the SSL cert.  The certificate is from default site 1, which is the one that I know runs OWA and is working.  Let me know if you need a different view of IIS.
screen.jpg
cert.jpg
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24871311
Thanks for those - you have two default websites - but one is stopped and should most probably be ignored as it may have worked at one point, but was disabled and another created.
Your certificate looks fine - the name is at least good.
There is the following error in the ActiveSync test:
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
So, the Virtual Directories are not setup properly.
Please check and mirror the settings below for - Open up IIS and expand the default website Then Click on the Directory Security Tab:
Exchange Virtual Directory
  • Authentication = Integrated & Basic
  • Default Domain = NETBIOS domain name - e.g., yourcompany
  • Realm = yourcompany.com
  • IP Address Restrictions = Granted Access
  • Secure Communications = Require SSL NOT ticked
Microsoft-Server-Activesync Virtual Directory
  • Authentication = Basic
  • Default Domain = NETBIOS domain name - e.g., yourcompany
  • Realm = NETBIOS name
  • IP Address Restrictions = Granted Access
  • Secure Communications = Require SSL NOT ticked

OMA  Virtual Directory
  • Authentication = Basic
  • Default Domain = \
  • Realm = NETBIOS name
  • IP Address Restrictions = Granted Access
  • Secure Communications = Require SSL NOT ticked
Then issue IISRESET from Start, Run
Please then re-test you iPhone.
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24871676
Alan,

I'm a little unclear on your instructions.  I can change these settings for the Default Site 1 or 3, but I don't know what you mean by the different virtual directories.  Also, where you say "realm" on Exchange Virtual Directory, is that the external or internal name.

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24871720
If you expand the Default Website you will (should) see directories listed underneath - these are the virtual directories that I am referring to.
If you right-click on the ones I have mentioned and choose properties - you will see a Window with several tabs.  On the Directory Security Tab - check and modify the settings as per my last post.  (Record what they are already if you wish in case you want to put them back).
Sorry for not being clearer.
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24871742
Not your fault.  It's just that there is nothing to expand on the site, so I guess there are no virtual directories.  Obviously I don't really know what virtual directories are, so maybe I need to set them up?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24871762
If you click on the + sign to the left of Default Web Site in the left-hand side of the screen - are there any directories listed underneath?
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24871807
Wow, I am dumb!  I see it now.  Give me a minute and I'll get those done.
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24871854
Just to be clear, though, the realm on Exchange Virtual Directory is supposed to be mail.pendletonschool.org and not pendleton.local, right?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24871892
Realm is pendleton.local
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24872043
Okay, did all that and still nothing.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24872062
Can you re-test on https://testexchangeconnectivity.com and choose ignore for the SSL.
Post back the results please.
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24872132
     Testing Exchange Activesync for host https://mail.pendletonschool.org/Microsoft-Server-Activesync/
       Exchange Activesync test Failed
      Test Steps
       
      Attempting to Resolve the host name mail.pendletonschool.org in DNS.
       Host successfully Resolved
      Additional Details
       IP(s) returned: 67.78.136.114
      Testing TCP Port 443 on host mail.pendletonschool.org to ensure it is listening/open.
       The port was opened successfully.
      Testing SSL Certificate for validity.
       The certificate passed all validation requirements.
      Test Steps
       
      Validating certificate name
       Successfully validated the certificate name
      Additional Details
       Found hostname mail.pendletonschool.org in Certificate Subject Common name
      Testing certificate date to ensure validity
       Date Validation passed. The certificate is not expired.
      Additional Details
       Certificate is valid: NotBefore = 7/12/2009 5:00:00 PM, NotAfter = 7/13/2010 4:59:59 PM
      Testing Http Authentication Methods for URL https://mail.pendletonschool.org/Microsoft-Server-Activesync/
       Http Authentication Methods are correct
      Additional Details
       Found all expected authentication methods and no disallowed methods. Methods Found: Basic
      Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
       
      Attempting to send OPTIONS command to server
       OPTIONS response was successfully received and is valid
      Additional Details
       Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 16 Jul 2009 18:22:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
       
      Tell me more about this issue and how to resolve it
      Additional Details
       Exchange Activesync returned an HTTP 500 response.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24872207
Can you please check the properties of the Default website and let me know what the IP Address listed there is.
If it is set to all unassigned, please change it to the IP address of your server and retest.
Thanks
Alan
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24872282
It was on all unassigned.  I changed it to the server's address, did iis restart and reran the test.



Test Details
Copy to Clipboard      Expand/Collapse       
      Testing Exchange Activesync for host https://mail.pendletonschool.org/Microsoft-Server-Activesync/
       Exchange Activesync test Failed
      Test Steps
       
      Attempting to Resolve the host name mail.pendletonschool.org in DNS.
       Host successfully Resolved
      Additional Details
       IP(s) returned: 67.78.136.114
      Testing TCP Port 443 on host mail.pendletonschool.org to ensure it is listening/open.
       The port was opened successfully.
      Testing SSL Certificate for validity.
       The certificate passed all validation requirements.
      Test Steps
       
      Validating certificate name
       Successfully validated the certificate name
      Additional Details
       Found hostname mail.pendletonschool.org in Certificate Subject Common name
      Testing certificate date to ensure validity
       Date Validation passed. The certificate is not expired.
      Additional Details
       Certificate is valid: NotBefore = 7/12/2009 5:00:00 PM, NotAfter = 7/13/2010 4:59:59 PM
      Testing Http Authentication Methods for URL https://mail.pendletonschool.org/Microsoft-Server-Activesync/
       Http Authentication Methods are correct
      Additional Details
       Found all expected authentication methods and no disallowed methods. Methods Found: Basic
      Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
       
      Attempting to send OPTIONS command to server
       OPTIONS response was successfully received and is valid
      Additional Details
       Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 16 Jul 2009 18:36:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
       
      Tell me more about this issue and how to resolve it
      Additional Details
       Exchange Activesync returned an HTTP 500 response.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24872334
Can you email me a set of test credentials that I can use plus the other details so that I can test them out on my iPhone?
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24872389
just sent it
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24872429
Thanks - will test in a jiffy!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24872870
Okay - all setup happily, but sending fails.
Can you send a test message to the account please.
Thank
Alan
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24872955
okay, done
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24873075
Nothing received - are you up for some remote assistance on your server?
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24873143
Actually, I'm about to go home for the day.  Maybe tomorrow?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24873276
Sure - no problems.  Email me when you are ready, willing and able!
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24916105
Okay, I'm back.  I found a kb article about getting a 500 error in this situation and it said that if you only have one server this can happen.  Well that is the case for me, I only have one server and it is not a front end server so they're saying that is the cause.  So I did the steps at http://support.microsoft.com/kb/817379 but it is still getting a 500 error.  Any ideas what could have gone wrong here?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24916348
Can you check the Exchange Virtual Server and make sure that Forms Based Authentication is not turned on.
Open Exchange System Manager, Expand Servers, Expand your server, Expand Protocols, Expand HTTP.  Right-click Exchange Virtual Server and choose properties.
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24916592
I did turn it off to make the copy for the new virtual directory, but it's on now because at the end of the article it said to turn it back on.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24916632
Turn it off.  It will fail if left on.
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24917464
Okay, it's off and still a 500 error.  Also, I forgot to say that I did http://support.microsoft.com/default.aspx?kbid=883380 before I did http://support.microsoft.com/kb/817379.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24917716
Thanks - the 883380 is a good document.
What is the IP address set to on the Default Web Site in IIS?
If it is set to a specific IP - please set it to All Unassigned then test again.
 
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24917825
When I change to All Unassigned, I get a 403 error instead of 500.  Changing back to the single ip gives me the 500 again.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 24917932
When I test I get the following:

 Attempting to Resolve the host name www.mycompany.co.uk in DNS.
 Host successfully Resolved
Additional Details
 IP(s) returned: xxx.xxx.xxx.xxx
Testing TCP Port 443 on host www.mycompany.co.uk to ensure it is listening/open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
Test Steps
 Validating certificate name
 Successfully validated the certificate name
Additional Details
 Found hostname www.mycompany.co.uk in Certificate Subject Common name
Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
Additional Details
 Certificate is valid: NotBefore = 6/3/2009 1:55:54 PM, NotAfter = 6/3/2011 1:55:54 PM
 
Testing Http Authentication Methods for URL https://www.mycompany.co.uk/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic
Attempting an Activesync session with server
 Errors were encountered while testing the ActiveSync session
Test Steps
 Attempting to send OPTIONS command to server
 Testing the OPTIONS command failed. See Additional Details for more info
Additional Details
 A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
I used to get a 403 error at the end, but I can sync and also with an iPhone.
Can you remove your settings from the iPhone and set them up again please and see how far you get.  You might be working.
0
 
LVL 2

Author Comment

by:james_j69_2001
ID: 24918059
You're right, it works even with the 403.  Thank you so much for your help.  This has gotten me out of a really tight spot.
0
 
LVL 2

Author Closing Comment

by:james_j69_2001
ID: 31603932
Thanks again for your help and patience.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24918085
Thank goodness for that - I was running out of options there.
Alan
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now