Setting up exchange for iPhone

smary
smary used Ask the Experts™
on
How do I set up iPhone for exchange server ?
We have an exchange server which is internal and I use port forwarding for all things. So can I forward a port and setup for iPhone ? Or how can I set it up ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Hello,

you need to make sure that exchange activesync is enabled on your server.

can you please provide more details:
1- Exchange server version (2003, 2007)
2 - iPhone Operating System Version (v1, v2, v3)

once provided, i will guide you through the configuration steps.

thanks,
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Version of Exchange?
If you are already using OWA then you do not need to do anything else for port forwarding. You just need to enable ActiveSync (if Exchange 2003).
http://www.amset.info/exchange/mobile-setup.asp

Simon.

Author

Commented:
Thank you for your feedback guys.

I'm using Exchange server 2003 and iPhone version is 3.0

Mestha: I followed the steps from your link but didint work :(
I still get "Exchange account verification failed"

What should check now ?

Thank you
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Hello smary,
Listen, once you activate activesync, you need to publish it through ISA Server (if ISA Server exists), also, are you using SSL ?, if no, then you need to configure iPhone to not use SSL, and make sure to enter the name of the exchange server manually on the iPhone.
additionally, make sure that the server name you are using can be resolved on the internet.
Please let me know if this works,
thanks!

Commented:
allow me to add, if you are using SSL, make sure that it is "on" on the iPhone and that the certificate used on the activesync server is issued from a trusted certifying authority.
can you please send me the name of the server so that i can test activesync functionality for you ?
one more nice thing :), you can use the following link to test your exchange activesync funtionality directly from microsoft:
https://www.testexchangeconnectivity.com      <--- this tool is from microsoft

Author

Commented:
Hi Ksalameh,

I dont have a trusted certificate for SSL, so I've configured iPhone to not use SSL. Now the iPhone asks for my password, but when I issue the password it says password incorrect and keeps asking me. I know for sure the password is right.

I also tired using the tool you provided me. It goes to the second step to test SSL for validity and fails.

Does this mean I can not configure iPhone for Exchange ?

Commented:
No sir, you can, i have exchange configured on my iPhone.
i Think that the authentication method on your Exchange ActiveSync Must be changed, try the following:
On the exchange server, open INETMGR (Internet Information Services Console), then navigate to the default website -> Microsoft-Server-Active-Sync
Right Click on the Microsoft-Server-Active-Sync, properties, go to the security tab, click edit security, and make sure that only Basic Authentication is selected, in the realm and domain section below, click select and choose your domain name.
click ok on all dialog boxes and run IISReset from the run menu, then try.
hope this works.
 
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
You will save yourself a lot of hassle if you put a trusted SSL certificate on to the server. Without the use of an SSL certificate everything is going across the internet in the clear. A trusted SSL certificate costs US$30year. http://certificatesforexchange.com/ 

Simon.

Author

Commented:
Mestha: I'll definitely put a trusted SSL certificate. But for now I want to get it to work. If it becomes very useful than I'll buy a certificate.

Ksalameh: I followed the steps you provided:

On the properties on 'Microsoft-Server-Active-Sync' > 'Directory Security' tab > I clicked on 'Authentication and Access control' > then clicked on 'Basic Authentication' and selected Default domain and Relam and reset IIS server.

But I still got the same problem. It still shows incorrect password on my iPhone. Anything else I can do ? Any other way to trouble shoot whats wrong ?


Thank you :)
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
If the test site is still failing, then you must be putting in wrong information - either incorrect domain, username or password, or the host name that you are entering for the ActiveSync test is not correct.

Simon.

Commented:
Hi,
did you try accessing your activesync virtual directory using a broswer ?
try it : http://Servername.domainname.xyz/Microsoft-Server-Active-Sync
then authenticate yourself, if it works you should see HTTP 500 or HTTP 505 Error Message, this means that Active-Sync is working.
Please try it

Author

Commented:
Hi,

I just want to make sure the steps I've taken so far.

Go to ESM > Global Settings > Properties of Mobile Services > Clicked everything here > Go to Device Security > Click on Enforce password on device.

Then I go to INETMGR and follow the steps I've written above.

When I test it using this website, it fails testing SSL certificate for validity.
https://www.testexchangeconnectivity.com/

When I try to test it with browser (http://domainname/Microsoft-Server-Active-Sync) it gives me the 404 page not found error.

Please let me know if I am missing some step. I'm still not able to connect. Please let me know if you need anything else to better understand the problem.

I think that I would need some port forwarding, because I have one static IP and other servers/services in the LAN but I'm not really sure.

Thank you

Commented:
Hi,
All you need for active sync is HTTP or HTTPS to be forwarded to the Exchange Access Server.
can you please try to access the server name internally, meaning that i want you to access a URL from the internal network:
http://InternalServerName/Microsoft-Server-Active-Sync
 

Author

Commented:
Hi,

I tried to access from internal network too (https://intetnalserver/Microsoft-Server-Active-Sync), but still gives the same error 'HTTP Error 404'. :-(

However when I did this http://internalserver/oma then it asked me for password and then said:

'The device type you are using is not supported. Press Ok to continue'

and then showed my emails in text mode. I dont really know what this is but it was in the link given above (http://www.amset.info/exchange/mobile-setup.asp)

Thank you,
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
OMA is a basically a plain text version of OWA.
In my article that you have linked to I suggest using OMA to start with, because it shares the same backend as Exchange ActiveSync. In most cases if OMA works then EAS will work. They are not the same though.

The directory name you were given to test was wrong.

It should be

http://server/Microsoft-Server-ActiveSync - although that doesn't really prove a great deal.

Simon.

Author

Commented:
Hi,

http://server/Microsoft-Server-ActiveSync works. It prompts me for password. After I authenticate, it gives me a certificate error and shows 'HTTP/1.1 501 Not Implemented'.

But on my iPhone it still says incorrect password. Could this be because, on my firewall I have port 80 forward set to an other internal server and not the Exchange server ?

Commented:
Hi Smary,
on your iphone, are you trying to connect to the internal name or the external one ?
also, did you try HTTP://servername or just the server name immediatly ?
can you please try to connect from the internal network so that we can skip the firewall configuration for now, and once it works internally we wil work it out externally.
 

Author

Commented:
Hi,

In my iPhone, I've given the external name, and not the internal name of the server.

From my internal network I tried http://internal_server_name/Microsoft-Server-ActiveSync and it gave me that error of 501 Not Implemented.

While I'm in my internal network connect to my wi-fi, I tried to authenticate from my iPhone, but still gives me the same password incorrect error.

Commented:
Hi Smary,
Error 501 Not Implemented means that exchange activesync is working fine on the server side.
I could'nt find a clear answer from you regarding trying the internal name on the iPhone, did you do that ?

Author

Commented:
Hi,

Sorry, I might have misunderstood it.

You want me to write the internal server name in the 'Server' section on my iPhone ?

i.e. internal_server_name.domain_name

Commented:
yes please

Author

Commented:
I tried that but no luck :(

When I open my account it still says 'Connection to the server failed' and I cant see any items in my inbox.

Anything I can do to fix it ?

Thank you

Author

Commented:
Since last couple of times when I add an account on iPhone, during the final step it didnt said Authentication Failed (which it used to say earlier). It says Syncing Exchange but when I go to mail and open account it gives an error saying 'Connection to the server failed'.

May be this helps..

Commented:
Hello Smary,
am staying here till you solve your problem mate ;)
Listen, i found a nice article that should help you configure Exchange 2003 SP2 to run with iphone.
http://www.5limes.com.au/blog/index.php/microsoft-exchange-2003-direct-push-and-the-apple-iphone-3g.html
follow all steps except when it comes to HTTPS (meaning that anything related to HTTPS make it HTTP instead) i believe you have some missing configuration on Exchange 2003 that this article should solve.
Also remember, test the configuration with the internal server name first then we will move to the External Server Name, we don't want to have issues that are related to the firewall ;)
Please try and let me know,
Cheers,

Author

Commented:
Thanks mate.

I couldnt do anything yesterday. I had to spend whole day without internet :(
I've almost lost hope on this but I'm gonna read further on this article and try to get it fix. I read it at a glance but I dont think I'm missing anything, but I'll read it another time.

Just to make sure. The password it asks me on my iPhone is my domain password right ? cause everytime I enter my password it says incorrect password.

Cheers !!

Author

Commented:
Nothing seems to be working :(
Alan HardistyCo-Owner
Top Expert 2011
Commented:
You need to make sure that you have Exchange Server 2003 Service Pack 2 Installed - http://www.microsoft.com/downloads/details.aspx?FamilyID=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en
Open Up Exchange System Manager - Start, Programs, Microsoft Exchange, System Manager.  Expand Servers, Right-Click your server and choose properties.  This will display whether you have SP2 installed or not.
If you have installed SP2, check on https://testexchangeconnectivity.com running the Exchange Activesync check.  You may need to tick the Ignore Trust for SSL check box if you have a self-signed certificate as these always fail.
Please check and mirror the settings below - Open up IIS and expand the default website then Click on the Directory Security Tab:
 
Exchange Virtual Directory
·         Authentication = Integrated & Basic  
·         Default Domain = NETBIOS domain name - e.g., yourcompany  
·         Realm = yourcompany.com  
·         IP Address Restrictions = Granted Access  
·         Secure Communications = Require SSL NOT ticked  

Microsoft-Server-Activesync Virtual Directory
·         Authentication = Basic  
·         Default Domain = NETBIOS domain name - e.g., yourcompany  
·         Realm = NETBIOS name  
·         IP Address Restrictions = Granted Access  
·         Secure Communications = Require SSL NOT ticked  

OMA  Virtual Directory
·         Authentication = Basic  
·         Default Domain = \  
·         Realm = NETBIOS name  
·         IP Address Restrictions = Granted Access  
·         Secure Communications = Require SSL NOT ticked  
 
Then issue IISRESET from Start, Run
Make sure that the name on the certificate that you are using matches the FQDN that you are connecting to e.g., mail.microsoft.com.  If it does not match, either re-issue the certificate if you created it yourself, or re-key the certificate from your SSL certificate provider.
Ensure that the IP for the Default Website is set to All Unassigned
Ensure that Forms Based Authentication is NOT turned on under HTTP Virtual Server under Exchange Protocols.
ASP.NET should be set to version 1.1 for all virtual directories listed above.
Once you have checked all of the above, you should hopefully find that the iPhone can sync.
Awarded 2009
Top Expert 2010

Commented:
Ok it is fairly straight forward to setup do you want to e-mail me your domain details (e-mail address on my profile az you probably won't want to post here) and I can try to get this resolved for you

Author

Commented:
alanhardisty: I checked and followed all the steps you've given me. After that when I test my configuration with https://testexchangeconnectivity.com/. I still get an error. I dont have any SSL certificate. Here's the error I get:

Test Details
      
      Testing Exchange Activesync for host https://<DOMAIN_NAME>.ca/Microsoft-Server-Activesync/
       Exchange Activesync test Failed
      Test Steps
       
      Attempting to Resolve the host name <DOMAIN_NAME>.ca in DNS.
       Host successfully Resolved
      Additional Details
       IP(s) returned: <IP_OF_SERVER>
      Testing TCP Port 443 on host <DOMAIN_NAME>.ca to ensure it is listening/open.
       The port was opened successfully.
      Testing SSL Certificate for validity.
       The SSL Certificate failed one or more certificate validation checks.
      Test Steps
       
      Validating certificate name
       Certificate name validation failed

On my iPhone, after setting up my account, it asks me for password and when I give my domain password it says incorrect password, always, and then connection to the server cannot be established.


demazter: What domain info should I email you ? Just the domain name ?


Also while I was doing this, I got this problem:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24614861.html
Awarded 2009
Top Expert 2010

Commented:
Just your domain name is fine.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
It sonds like the FQDN you are using to access your server is not the same name as on your certificate.  Generate yourself another certificate with the same name and you should be fine - for that part at least!

Author

Commented:
But that wont solve the main problem right ? After generating the new certificate, it wont start syncing, right ?

I dont understand why on my iPhone it says password incorrect.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
It won't sync with the wrong certificate - that's for sure.
It may sync with the right certificate, but without the right certificate, we won't know what else needs changing (if anything) to get you working.

Author

Commented:
Thank you alanhardisty. Just making sure, if I'm doing something wrong. I've a hardware firewall and port forwarding policies set up on it. As far as I understand, the query will first go to the firewall right ? So do I need to generate a self certificate for that firewall ?

If I need to create if for the server, are these steps good ?

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html 

Please let me know.

Thank you.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
The query runs through the firewall - it does not need a certificate.  All that is needed is to open port 443 up and forward it to the server handling Exchange / IIS and off you go.
The document should work happily - so follow the instructions and you should be fine.
You would be better off buying one though from someone like GoDaddy for about US$ 80 for 5 years - cheapest around and it will give less problems all round.  Self-signed certificates can cause problems and are harder to deploy.

Author

Commented:
After generating a new self signed certificate, I'm getting following error now while testing at https://testexchangeconnectivity.com/. It passed the SSL error


      Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
Alan HardistyCo-Owner
Top Expert 2011

Commented:
I get that response on Exchange 2003 but Activesync works like a charm.
Have you tried wiping the account on the phone and setting it up again?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Now that you have a new cert - you will need to wipe and re-accept the cert.

Author

Commented:
I created it again on iphone, but still it says password incorrect and doesnt sync...
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Are you using the same credentials that you used on the test?

Author

Commented:
Yeah. Same user account, same server and same password
Awarded 2009
Top Expert 2010

Commented:
From the appstore on the iphone download  ActiveSync tester it's free enter the details you are using for your iphone exchange e-mail configuration and run the test.
Post back any results you receive.
Awarded 2009
Top Expert 2010

Commented:
Also on the iphone under settings they should be:

server: this needs to be either your external facing IP address or the DNS name that responds to the external IP address, for example mail.yourdomain.com nothing on the end like /owa or /eachange just the domain name.  no https:// either
domain: this should be the internal name of your domain for example yourdomain.local
username: this should be the username you use when loging into the computer (just the username no domain prefix or suffix)
password: the password you normally use to login on the computers in the network
Use SSL: set to ON
Awarded 2009
Top Expert 2010

Commented:
Also double check in IIS that the following virtual directories do not have any restrictions under the Directory Security tab IP Address and domain name restrictions (click Edit)

-> Microsoft-Server-ActiveSync

Author

Commented:
I downloaded the utility and following is the error I received:

ActiveSync IS NOT available.
(ActiveSync detected, but access denied. [HTTP 403: Disabled for this user])

I checked the Microsoft-Server-ActiveSync directory and there is no restriction.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Do you have a user restriction under Active Directory Users and Computers?  Exchange Features Tab for this user.
Awarded 2009
Top Expert 2010
Commented:
Can you confirm you have followed this document: http://support.microsoft.com/kb/937635
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Glen - this is not SBS and I think I have those steps covered in my earlier post, although always best to err on the side of caution ;-p

Author

Commented:
Thank you very much...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial