IPhone and Exchange

Hi

I'm trying to get my Iphone to connect to Exchange 2003 but not having any joy. Keep getting "exchange account verification failed" when I set the account up and "connection to the server failed" when I try to synch.

I have ssl cert from GoDaddy and OWA works ok. To add to this, I can browse to https://mail.mydomain.com/exchange and that works fine. Not what I'm after though!

What am I missing?
JyteesAsked:
Who is Participating?
 
JyteesAuthor Commented:
Good news! Finally got the testexchangeconnectivity test to work.

I fired up diag logging to the max and waited for a couple of days. Sure enough a new problem popped up: Event ID 1776 - The description for Event ID ( 1776 ) in Source ( DAVEX ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: - Along with this error I noticed people were complaining of IE not working correctly with OWA. When users tried to log in the folders would just show "loading" in the window and were unable to view their mail. Being a Firefox user I wasn't aware of this problem but sure enough when I tried IE I got the same problem.

Thankfully, the fix was a pretty simple one. I installed MSXML SP7 as per this http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/e3f137d1-5184-4b3b-9698-a9ca23dfb0c2

Hallelujiah, the exchange connectivity test worked as did IE with OWA!

Unfortunately, although I'm sure it's almost cracked, when I try to connect with the I Phone I still get the error "canot get mail the connection to the server failed"

Any ideas?
0
 
Alan HardistyCo-OwnerCommented:
Please run through my FAQ which should guide you through the IIS settings, tests to see what is not working and fixes to make it work if it is broken:
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=1 
0
 
JyteesAuthor Commented:
Ran the Active Sync tester for windows and received the following:

Explanation - ActiveSync detected but not correctly configured
ActiveSync has been detected on your Exchange server but the tool has detected an unexpected HTTP response (HTTP Error 500). This issue can occur if:
Forms-based authentication is enabled on the Exchanger server
Integrated Windows authentication is not enabled on the Exchange virtual directory
The Exchange virtual directory in Microsoft Internet Information Server (IIS) is configured to accept only Secure Sockets Layer (SSL) connections


Actions - For Exchange 2003 ONLY
AccessMyLan Knowledge Base:
How to create a second virtual directory for Exchange...
Microsoft Technet articles:
(817379) Exchange ActiveSync and Outlook Mobile Access...

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Alan HardistyCo-OwnerCommented:
Please therefore run through http://support.microsoft.com/kb/817379, then re-run the test and see what that throws up.
0
 
JyteesAuthor Commented:
Which method applies to me?
0
 
Alan HardistyCo-OwnerCommented:
Are you using Forms-Based Authentication (FBA) when using Outlook Web Access?  (Pretty login screen or just asks for username / password in a plain windows box)
If you are using FBA then please follow Method 2 - "Create a secondary virtual directory for Exchange server", if not, please follow "Disable the forms-based authentication for the Exchange virtual directory"
0
 
JyteesAuthor Commented:
We are using FBA in that case.

"Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server."

With our server being the only server in the organisation is it not a front end server?
0
 
Satya PathakLead Technical ConsultantCommented:
Please find IIS authentication type and the SSL requirement for Exchange 2003
1) Default Website : Annonymous & Integrated      NO SSL
2) Exadmin : Integrated                                          NO SSL
3) Exchweb : Annonymous                                      NO SSL
4) Exchange: Basic                                                  SSL Optional
5) RPC     : Basic                                                      SSL Required
6) OMA     : Basic                                                     SSL Optional
7) Public  : Basic+Integrated                                   SSL Optional
8) exchange-oma : Basic & Integrated                    NO SSL
9) Microsoft-Server-ActiveSync : Basic                     SSL Required
After that need to restart IIS service and check it.

0
 
Alan HardistyCo-OwnerCommented:
You will be fine to just create the exchange-oma virtual directory.
By default, you are a back-end server.
0
 
Satya PathakLead Technical ConsultantCommented:

Check that you have an exchange-oma virtual directory in the IIS Manager console.
If you don't, follow the instructions in Microsoft KB article 817379 to recreate it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;817379
0
 
Alan HardistyCo-OwnerCommented:
@SatyaPathak - please read the entire thread before posting - this has already been discussed and is what the posts above are all about.
0
 
JyteesAuthor Commented:
OK.

Follwed the steps in method 2. Now I have no OWA or anything!
0
 
Alan HardistyCo-OwnerCommented:
Okay - not a problem.
Can you please follow method 2 of KB883380 to rebuild the IIS metabase - http://support.microsoft.com/kb/883380
When deleting the IIS Virtual Directories, please also delete the exchange-oma virtual directory.
Then re-run Method 2 of KB817379 - http://support.microsoft.com/default.aspx?scid=kb;en-us;817379
0
 
JyteesAuthor Commented:
Okay, back to square one.

ActiveSync detected, but not correctly configured. [HTTP 500: Forms-based auth enabled?]

0
 
Alan HardistyCo-OwnerCommented:
Okay, please disable FBA and re-test then advise if anything has changed.
0
 
JyteesAuthor Commented:
Disabled FBA, same error as before.
0
 
Alan HardistyCo-OwnerCommented:
Okay - please can you re-visit my FAQ and follow the part that starts with
"After following KB883380 and if Activesync still does not work and it keeps coming up with HTTP 500 errors, please do the following:"

0
 
JyteesAuthor Commented:
" Test activesync without SSL selected - Doesn't work, Failed to connect to server (network unreachable)
0
 
Alan HardistyCo-OwnerCommented:
Are you forwarding port 80 to your server?

Is your default website set to all unassigned and port 80 / 443?
0
 
JyteesAuthor Commented:
Sorry, had the port 80 rule disabled on router.

Tested again and this time

ActiveSync:
      Checking for application ................. OK
      Checking version ......................... FAIL

Result:
      Username or Password incorrect.
0
 
Alan HardistyCo-OwnerCommented:
Which test are you running?  Website or app?

Please use the website version and report the results.
0
 
JyteesAuthor Commented:
I was using Activesync tester for Windows.

Which website version?
0
 
Alan HardistyCo-OwnerCommented:
Https://testexchangeconnectivity.com -run the exchange activesync test and manually enter the server settings.

If you are using a self-certified ssl certificate, tick the ignore trust for ssl box.
0
 
JyteesAuthor Commented:
Attempting FolderSync command on ActiveSync session
  FolderSync command test failed
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response
 
0
 
Alan HardistyCo-OwnerCommented:
If you have followed my FAQ to the letter in regards to the 500 error then the next step is to call Microsoft I am afraid.

I have had this a few times but don't have an answer yet I'm afraid.

If you do call them and get it resolved, I would love to know what fixed it.
0
 
JyteesAuthor Commented:
I'll keep you posted then.
0
 
Alan HardistyCo-OwnerCommented:
Thanks - would really appreciate it.

Sorry I can't get this one resolved for you.
0
 
Satya PathakLead Technical ConsultantCommented:
What error message you are getting is there any event id in your server?
I would suggest you please brows your Active sync internally also.
0
 
JyteesAuthor Commented:
Nothing in the Evnt log. What do you mean brows AS internally?
0
 
Alan HardistyCo-OwnerCommented:
If the test site works - did you get a happy - everything should work response?
0
 
JyteesAuthor Commented:
The only slight hiccup is the exclamation validating certificate trust. re only working with windows mobile 6. Shouldn't be affected by this should it?

Testing Exchange ActiveSync
 Exchange ActiveSync was tested successfully
 Test Steps
 Attempting to resolve the host name mail.mydomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 8x.xx.xxx.xxx

Testing TCP Port 443 on host mail.mydomain.com to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname mail.mydomain.com in Certificate Subject Common name

Validating certificate trust for Windows Mobile Devices
 The test passed with some warnings encountered. Please expand additional details.
 Additional Details
 Certificate is only trusted on Windows Mobile 6.0 and later. Windows Mobile 5.0 and 5.0 + MSFP devices will not be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
 Additional Details
 Certificate is valid: NotBefore = 12/23/2009 11:47:08 AM, NotAfter = 12/23/2012 11:47:08 AM"



Testing Http Authentication Methods for URL https://mail.mydomain.com/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

Attempting an ActiveSync session with server
 Testing an ActiveSync session completed successfully
 Test Steps
 Attempting to send OPTIONS command to server
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 3.0.4215.0
MS-ASProtocolVersions: 1.0,2.0,2.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Notify
Content-Length: 0
Date: Fri, 22 Jan 2010 16:41:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting FolderSync command on ActiveSync session
 FolderSync command completed successfully.
 Additional Details
 Number of Folders: 12

Attempting initial sync (no data) for Inbox folder
 Completed Sync Command successfully
 Additional Details
 Status: 1

Attempting to test GetItemEstimate command for Inbox Folder
 Successfully received GetItemEstimate Response from Server
 Additional Details
 Estimate: 208 messages
Attempting to test Sync of Inbox Folder
 Completed Sync Command successfully
 Additional Details
 Number of items synchronized: 208



Activesync Tester for Windows

Communications:
      Doing DNS lookup on mail.mydomain.com  OK (81.xx.xxx.xxx)
      Testing TCP to 81.xx.xxx.xx port 443 .... OK
SSL Certificate:
      Receiving ................................ OK
      Ensuring not Self-Signed ................. OK
      Verifying certificate .................... OK
ActiveSync:
      Checking for application ................. OK
      Checking version ......................... OK (3.0.4215.0)
      Checking protocols ....................... OK (1.0,2.0,2.1)
User Permissions:
      Checking "mydomain/username" ......... OK

Result:
      ActiveSync IS available.
0
 
Alan HardistyCo-OwnerCommented:
That's good - the WM6 issue is not a problem if you have WM6 phones, and can be rectified by installing a root certificate from GoDaddy if you do:
Install the valicert_class2_root.cer from - https://certs.godaddy.com/anonymous/repository.seam
Other than that - your Activesync should be working :-)
Is it though?
When you configure the account - do you accept the certificate prompt?
Have you installed the Activesync Test App on the iPhone to see what it comes back with?
https://store.accessmylan.com/main/diagnostic-tools 
0
 
JyteesAuthor Commented:
When the account's configured I don't get prompted to install any cert. It just says synchronised. I then goto open up the mail and get the error message.

I've installed the AS test for the IPhone and it passes all tests with no problem.
0
 
Alan HardistyCo-OwnerCommented:
You won't get prompted to install a certificate - all the iPhone usually comes up with is the Accept / Deny option for the certificate.
Security on the iPhone is not as strict as a Windows Mobile phone.
Are you getting the "Connection to the server failed" error?
Can you use Wi-Fi to sync successfully in your building where the server is located?
0
 
JyteesAuthor Commented:
When creating the account I receive the message "Exchange Account Verified". It then configures synchronisation for the account successfully.

I then go into mail and receive the error, "cannot get mail, the connection to the server failed"

I receive this error from within the lan connected wirelessly also.
0
 
Alan HardistyCo-OwnerCommented:
Can you please add the following Registry reservations (Carefully as Registry editing is not for the feint-hearted and can mess up your server) for Standard Ports and then reboot the server, then test mail again on the phone.  Hopefully this might nail the problem.
http://support.microsoft.com/kb/956189 
0
 
JyteesAuthor Commented:
Which standard ports do you suggest? 80, 443?
0
 
Alan HardistyCo-OwnerCommented:
Neither of those are in the article I posted the link for!
These are the relevant ports to make reservations for:
  • 1645-1646
  • 1701-1701
  • 1718-1719
  • 1745-1745
  • 1812-1813
  • 2883-2883
  • 3500-3619
  • 4500-4500
0
 
JyteesAuthor Commented:
Made the change to the registry, rebooted...no connection!!!!!!!!
0
 
Alan HardistyCo-OwnerCommented:
Can you check that you have Exchange Service Pack 2 installed please - you should see the following screen when you right-click on your server name in Exchange System Manager.
Exchange-Server-Version.jpg
0
 
JyteesAuthor Commented:
Sorry for the delay folks.

Left things as they were for a while, went back with a clear head and followed Allan's faq again. After recreating the vdirs I had success!

I think this  MSXML SP7 http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/e3f137d1-5184-4b3b-9698-a9ca23dfb0c2 fixed the initial problem but all the messing around I had done before that had screwed things up. Following Alan's faq after the MSXML SP7 fix has fiinally done the trick.

Many, many thasnks Alanhardisty!

0
 
Alan HardistyCo-OwnerCommented:
Great news - glad my FAQ helped you.  Not come across the SP7 fix for MSXML before though.  Will have a good look.
 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.