Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

IPhone and Exchange

Posted on 2010-01-07
42
Medium Priority
?
984 Views
Last Modified: 2012-05-08
Hi

I'm trying to get my Iphone to connect to Exchange 2003 but not having any joy. Keep getting "exchange account verification failed" when I set the account up and "connection to the server failed" when I try to synch.

I have ssl cert from GoDaddy and OWA works ok. To add to this, I can browse to https://mail.mydomain.com/exchange and that works fine. Not what I'm after though!

What am I missing?
0
Comment
Question by:Jytees
  • 20
  • 19
  • 3
42 Comments
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 2000 total points
ID: 26205725
Please run through my FAQ which should guide you through the IIS settings, tests to see what is not working and fixes to make it work if it is broken:
http://www.it-eye.co.uk/faqs/readQuestion.php?qid=1 
0
 

Author Comment

by:Jytees
ID: 26209732
Ran the Active Sync tester for windows and received the following:

Explanation - ActiveSync detected but not correctly configured
ActiveSync has been detected on your Exchange server but the tool has detected an unexpected HTTP response (HTTP Error 500). This issue can occur if:
Forms-based authentication is enabled on the Exchanger server
Integrated Windows authentication is not enabled on the Exchange virtual directory
The Exchange virtual directory in Microsoft Internet Information Server (IIS) is configured to accept only Secure Sockets Layer (SSL) connections


Actions - For Exchange 2003 ONLY
AccessMyLan Knowledge Base:
How to create a second virtual directory for Exchange...
Microsoft Technet articles:
(817379) Exchange ActiveSync and Outlook Mobile Access...

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26209993
Please therefore run through http://support.microsoft.com/kb/817379, then re-run the test and see what that throws up.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:Jytees
ID: 26210122
Which method applies to me?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26210305
Are you using Forms-Based Authentication (FBA) when using Outlook Web Access?  (Pretty login screen or just asks for username / password in a plain windows box)
If you are using FBA then please follow Method 2 - "Create a secondary virtual directory for Exchange server", if not, please follow "Disable the forms-based authentication for the Exchange virtual directory"
0
 

Author Comment

by:Jytees
ID: 26210421
We are using FBA in that case.

"Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server."

With our server being the only server in the organisation is it not a front end server?
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 26210545
Please find IIS authentication type and the SSL requirement for Exchange 2003
1) Default Website : Annonymous & Integrated      NO SSL
2) Exadmin : Integrated                                          NO SSL
3) Exchweb : Annonymous                                      NO SSL
4) Exchange: Basic                                                  SSL Optional
5) RPC     : Basic                                                      SSL Required
6) OMA     : Basic                                                     SSL Optional
7) Public  : Basic+Integrated                                   SSL Optional
8) exchange-oma : Basic & Integrated                    NO SSL
9) Microsoft-Server-ActiveSync : Basic                     SSL Required
After that need to restart IIS service and check it.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26210571
You will be fine to just create the exchange-oma virtual directory.
By default, you are a back-end server.
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 26210783

Check that you have an exchange-oma virtual directory in the IIS Manager console.
If you don't, follow the instructions in Microsoft KB article 817379 to recreate it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;817379
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26210820
@SatyaPathak - please read the entire thread before posting - this has already been discussed and is what the posts above are all about.
0
 

Author Comment

by:Jytees
ID: 26273080
OK.

Follwed the steps in method 2. Now I have no OWA or anything!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26273533
Okay - not a problem.
Can you please follow method 2 of KB883380 to rebuild the IIS metabase - http://support.microsoft.com/kb/883380
When deleting the IIS Virtual Directories, please also delete the exchange-oma virtual directory.
Then re-run Method 2 of KB817379 - http://support.microsoft.com/default.aspx?scid=kb;en-us;817379
0
 

Author Comment

by:Jytees
ID: 26277660
Okay, back to square one.

ActiveSync detected, but not correctly configured. [HTTP 500: Forms-based auth enabled?]

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26277796
Okay, please disable FBA and re-test then advise if anything has changed.
0
 

Author Comment

by:Jytees
ID: 26278380
Disabled FBA, same error as before.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26281573
Okay - please can you re-visit my FAQ and follow the part that starts with
"After following KB883380 and if Activesync still does not work and it keeps coming up with HTTP 500 errors, please do the following:"

0
 

Author Comment

by:Jytees
ID: 26285549
" Test activesync without SSL selected - Doesn't work, Failed to connect to server (network unreachable)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26285600
Are you forwarding port 80 to your server?

Is your default website set to all unassigned and port 80 / 443?
0
 

Author Comment

by:Jytees
ID: 26286091
Sorry, had the port 80 rule disabled on router.

Tested again and this time

ActiveSync:
      Checking for application ................. OK
      Checking version ......................... FAIL

Result:
      Username or Password incorrect.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26286139
Which test are you running?  Website or app?

Please use the website version and report the results.
0
 

Author Comment

by:Jytees
ID: 26286328
I was using Activesync tester for Windows.

Which website version?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26286424
Https://testexchangeconnectivity.com -run the exchange activesync test and manually enter the server settings.

If you are using a self-certified ssl certificate, tick the ignore trust for ssl box.
0
 

Author Comment

by:Jytees
ID: 26286754
Attempting FolderSync command on ActiveSync session
  FolderSync command test failed
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response
 
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26286895
If you have followed my FAQ to the letter in regards to the 500 error then the next step is to call Microsoft I am afraid.

I have had this a few times but don't have an answer yet I'm afraid.

If you do call them and get it resolved, I would love to know what fixed it.
0
 

Author Comment

by:Jytees
ID: 26287253
I'll keep you posted then.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26287500
Thanks - would really appreciate it.

Sorry I can't get this one resolved for you.
0
 

Accepted Solution

by:
Jytees earned 0 total points
ID: 26379763
Good news! Finally got the testexchangeconnectivity test to work.

I fired up diag logging to the max and waited for a couple of days. Sure enough a new problem popped up: Event ID 1776 - The description for Event ID ( 1776 ) in Source ( DAVEX ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: - Along with this error I noticed people were complaining of IE not working correctly with OWA. When users tried to log in the folders would just show "loading" in the window and were unable to view their mail. Being a Firefox user I wasn't aware of this problem but sure enough when I tried IE I got the same problem.

Thankfully, the fix was a pretty simple one. I installed MSXML SP7 as per this http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/e3f137d1-5184-4b3b-9698-a9ca23dfb0c2

Hallelujiah, the exchange connectivity test worked as did IE with OWA!

Unfortunately, although I'm sure it's almost cracked, when I try to connect with the I Phone I still get the error "canot get mail the connection to the server failed"

Any ideas?
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 26380183
What error message you are getting is there any event id in your server?
I would suggest you please brows your Active sync internally also.
0
 

Author Comment

by:Jytees
ID: 26381832
Nothing in the Evnt log. What do you mean brows AS internally?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26381849
If the test site works - did you get a happy - everything should work response?
0
 

Author Comment

by:Jytees
ID: 26382067
The only slight hiccup is the exclamation validating certificate trust. re only working with windows mobile 6. Shouldn't be affected by this should it?

Testing Exchange ActiveSync
 Exchange ActiveSync was tested successfully
 Test Steps
 Attempting to resolve the host name mail.mydomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 8x.xx.xxx.xxx

Testing TCP Port 443 on host mail.mydomain.com to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname mail.mydomain.com in Certificate Subject Common name

Validating certificate trust for Windows Mobile Devices
 The test passed with some warnings encountered. Please expand additional details.
 Additional Details
 Certificate is only trusted on Windows Mobile 6.0 and later. Windows Mobile 5.0 and 5.0 + MSFP devices will not be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
 Additional Details
 Certificate is valid: NotBefore = 12/23/2009 11:47:08 AM, NotAfter = 12/23/2012 11:47:08 AM"



Testing Http Authentication Methods for URL https://mail.mydomain.com/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

Attempting an ActiveSync session with server
 Testing an ActiveSync session completed successfully
 Test Steps
 Attempting to send OPTIONS command to server
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 3.0.4215.0
MS-ASProtocolVersions: 1.0,2.0,2.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Notify
Content-Length: 0
Date: Fri, 22 Jan 2010 16:41:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting FolderSync command on ActiveSync session
 FolderSync command completed successfully.
 Additional Details
 Number of Folders: 12

Attempting initial sync (no data) for Inbox folder
 Completed Sync Command successfully
 Additional Details
 Status: 1

Attempting to test GetItemEstimate command for Inbox Folder
 Successfully received GetItemEstimate Response from Server
 Additional Details
 Estimate: 208 messages
Attempting to test Sync of Inbox Folder
 Completed Sync Command successfully
 Additional Details
 Number of items synchronized: 208



Activesync Tester for Windows

Communications:
      Doing DNS lookup on mail.mydomain.com  OK (81.xx.xxx.xxx)
      Testing TCP to 81.xx.xxx.xx port 443 .... OK
SSL Certificate:
      Receiving ................................ OK
      Ensuring not Self-Signed ................. OK
      Verifying certificate .................... OK
ActiveSync:
      Checking for application ................. OK
      Checking version ......................... OK (3.0.4215.0)
      Checking protocols ....................... OK (1.0,2.0,2.1)
User Permissions:
      Checking "mydomain/username" ......... OK

Result:
      ActiveSync IS available.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26382154
That's good - the WM6 issue is not a problem if you have WM6 phones, and can be rectified by installing a root certificate from GoDaddy if you do:
Install the valicert_class2_root.cer from - https://certs.godaddy.com/anonymous/repository.seam
Other than that - your Activesync should be working :-)
Is it though?
When you configure the account - do you accept the certificate prompt?
Have you installed the Activesync Test App on the iPhone to see what it comes back with?
https://store.accessmylan.com/main/diagnostic-tools 
0
 

Author Comment

by:Jytees
ID: 26387968
When the account's configured I don't get prompted to install any cert. It just says synchronised. I then goto open up the mail and get the error message.

I've installed the AS test for the IPhone and it passes all tests with no problem.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26388201
You won't get prompted to install a certificate - all the iPhone usually comes up with is the Accept / Deny option for the certificate.
Security on the iPhone is not as strict as a Windows Mobile phone.
Are you getting the "Connection to the server failed" error?
Can you use Wi-Fi to sync successfully in your building where the server is located?
0
 

Author Comment

by:Jytees
ID: 26397565
When creating the account I receive the message "Exchange Account Verified". It then configures synchronisation for the account successfully.

I then go into mail and receive the error, "cannot get mail, the connection to the server failed"

I receive this error from within the lan connected wirelessly also.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26397687
Can you please add the following Registry reservations (Carefully as Registry editing is not for the feint-hearted and can mess up your server) for Standard Ports and then reboot the server, then test mail again on the phone.  Hopefully this might nail the problem.
http://support.microsoft.com/kb/956189 
0
 

Author Comment

by:Jytees
ID: 26397836
Which standard ports do you suggest? 80, 443?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26397883
Neither of those are in the article I posted the link for!
These are the relevant ports to make reservations for:
  • 1645-1646
  • 1701-1701
  • 1718-1719
  • 1745-1745
  • 1812-1813
  • 2883-2883
  • 3500-3619
  • 4500-4500
0
 

Author Comment

by:Jytees
ID: 26402111
Made the change to the registry, rebooted...no connection!!!!!!!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26402352
Can you check that you have Exchange Service Pack 2 installed please - you should see the following screen when you right-click on your server name in Exchange System Manager.
Exchange-Server-Version.jpg
0
 

Author Comment

by:Jytees
ID: 26529289
Sorry for the delay folks.

Left things as they were for a while, went back with a clear head and followed Allan's faq again. After recreating the vdirs I had success!

I think this  MSXML SP7 http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/e3f137d1-5184-4b3b-9698-a9ca23dfb0c2 fixed the initial problem but all the messing around I had done before that had screwed things up. Following Alan's faq after the MSXML SP7 fix has fiinally done the trick.

Many, many thasnks Alanhardisty!

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26529314
Great news - glad my FAQ helped you.  Not come across the SP7 fix for MSXML before though.  Will have a good look.
 
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article summarizes the problem of addictive cell phone usage that college students across the country are facing. It covers the issues with obsessive cell phone addiction, reasons why this is happening, and what we can do to solve this problem.
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question