iphone wont syn with exchange

Please read through my Article, check your settings, run the tests on the test site and report back if you get stuck.  When you run the tests, use the Exchange Activesycn Test and specifiy manual server settings.  Check the "Ignore Trust for SSL" box if you use a self-certified SSL certificate.
My Article:
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html
If you find my article helpful - please vote for it on the article page : )
 

thanks for above link to your article, extemly usefull.
I downloaded the iphone  synctest app.
It tells me the follwoing:
*************
Checking connection ...  OK
Checking applications ... FAIL

Activesync is NOT available. (activeSync is NOT available on this server.)/
**********
Only thing sevrer is sync with nokia mail for exchange and windows mobiles,
I would assume these use active sync, so not sure why server giving this error.
Thanks very much
Stephen

Are you using certificates (SSL)? Then make sure the servername you put in on the IPhone ActiveSync Tester App is the same as the name on your SSL certificate e.g. mail.yourdomain.com

Have you tried setting up another windows mobile again, to see if that still synchs over activeSync to your server?

Otherwise try www.testexchangeconnectivity.com to test ActiveSync (as alanhardisty has already mentioned)

Would be interested in the results of testexchangeconnectivity site.

hi guys,
my fqdn is same as cetificate surely,

to make things more curies, i have a client with iphone with vodafone and it works fine, I have contacted o2 numourous times and im getting all is fine there end.

I have tried with and without ssl certs.
Here are the results:
Everything cam back as sound though :-(.

thanks
stpehen

**************************************
Testing Exchange ActiveSync
 Exchange ActiveSync was tested successfully
 Test Steps
 Attempting to resolve the host name web.goodside.ie in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 95.*.*.*

Testing TCP Port 443 on host web.mydomain.ie to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname web.mydomain.ie in Certificate Subject Common name

Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
 Additional Details
 Certificate is valid: NotBefore = 6/10/2009 10:31:08 AM, NotAfter = 6/10/2014 10:31:08 AM"



Testing Http Authentication Methods for URL https://web.goodside.ie/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

Attempting an ActiveSync session with server
 Testing an ActiveSync session completed successfully
 Test Steps
 Attempting to send OPTIONS command to server
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 3.0.4215.0
MS-ASProtocolVersions: 1.0,2.0,2.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Notify
Content-Length: 0
Date: Fri, 26 Mar 2010 16:40:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting FolderSync command on ActiveSync session
 FolderSync command completed successfully.
 Additional Details
 Number of Folders: 70

Attempting initial sync (no data) for Inbox folder
 Completed Sync Command successfully
 Additional Details
 Status: 1

Attempting to test GetItemEstimate command for Inbox Folder
 Successfully received GetItemEstimate Response from Server
 Additional Details
 Estimate: 7293 messages

Well that suggests all is well.

What settings are you using when creating the account?

You need:

Email Address
Server - fqdn - should match certificate
Domain - should be internal domain name e.g. Microsoft
User Name
Password

Is your SSL certificate self-created or 3rd Party?

Turn off 3G on the iPhone and then test (maybe you have a really weak 3G signal and that is why it is failing)

Once you get it paired and synching you can turn 3G back on (if you need and use it)

at present my cert is self-created, tought this might be issue, so I switch of ssl on iphone buit still didnt work.

i enter details as follows:

web.mydomain.ie
mydomain.local
mydomain\username
password

have messed around with these settings also,
thanks
stephen

i tried it with iphone on a wireless network but ill try again as you said.
Thanks

Make sure you turn Wireless Off when you are setting Email up.

So for your settings, try:
server = web.mydomain.ie
Domain = mydomain
Username = username
Password = password

Which you hav probably tried already, but definitely turn off 3G and wireless and test

i tried above, but for some reason it still doesnt work, the app on iphone points to active sync,
i check o2 xda but that worked fine,
Any other ideas?
Could it be certificate?
can i install cert on iphone?

You don't need to install a cert on the iPhone - the security is so crap - it doesn't care!
What OS is on the iPhone?
Can you reset the iPhone to factory settings please, upgrade it if necessary and try again.

have reset a few times, but havnt upgraded firmware, ill try that and get back to you. thanks

Hi All,
I upgraded firmware but still it wont sync,
its strnage when setup account intialy in iphone it verifys account,
however when go into mailbox i get:
"The connection to the server failed"
Not sure what to try next..
Thanks
stephen

Can you create a new mailbox on the server and put 1 message in the mailbox (send it a message) and then try and get the IPhone to pair with that mailbox?

Just a thought - what version of Exchange are you using?  Not sure we know and I'm guessing 2003, but would be nice to confirm.

hi im using 2003 exchange on an sbs 2003 box, have upgraded to service pack 2 also.
I will try the new mailbox also.

Is Exchange on Service Pack 2 also?

i have service pack 2 also on exchange,
thanks for help

Can you please email me account details for a test account as something is decidely odd here.  If your Nokia's are working, so should the iPhone as they use Activesync also.
I won't publish the details - just would like to use my iPhone to test your settings out.
I will need the following:
FQDN - e.g., mail.yourdomain.com
Username
Password
Internal Domain Name - e.g., yourdomain
Email Address
My email is alan @ it-eye.co.uk.
Thanks

hi alan,
i really feel the same and appreciate what you are doing.
Thank you very much.
I will also post results back here.

Another potential issue is the fact that you have an HTTP redirect from your website to HTTPS.  Not sure if this will get in the way at the moment - just wanted to flag it.

On a totally separate note - your MX record has a priority of 0 (zero), which some servers will have problems with - please change it to anything other than 0.
Your server responds and yourdomain.ie not mail.yourdomain.ie - this should be change in Exchange System Manager> Servers> Your Server> Protocols> SMTP> SMTP Virtual Server Properties> Delivery Tab> Advanced Button.

I'll give that a go surely, only thing, I have some of the clients at atlantic. My.... clients using outlook with rpc/http and I know this is very sensitive to certs, also the 2nd domain I gave I'm sure has correct cert. Only thing is 3 domains I gave u have  self generated. Thanks again and I'll try exactly what u said.

I'll give that a go surely, only thing, I have some of the clients at atlantic. My.... clients using outlook with rpc/http and I know this is very sensitive to certs, also the 2nd domain I gave I'm sure has correct cert. Only thing is 3 domains I gave u have  self generated. Thanks again and I'll try exactly what u said.

Above should read "Your server responds as" not and.

Based on the credentials you gave me and the FQDN used to connect to Activesync, your certificate is wrong.
If you have HTTPs over RPC clients, you would be better off buying a 3rd party cert as you won't then have to install the cert on each client.
If you change the cert now - you will break the HTTPs over RPC clients!!!
To request a new cert from somewhere like GoDaddy - you need to remove the current cert, so it will break one way or another.  How many HTTPs over RPC clients have you got to play with?

I only have around 5 with above domain but I have at least 20 with the other I.e web.gps....a.ie doman.  Maybe I should get cert and see then, did you get error with other domains?

web.gps.....ie also has a .local certificate issued - that's a problem.
Other site I can't even bring up properly via https://web.good.........ie

hi alam,
when you say a local certificate you mean on generated from sbs itself, are you saying I should get a certificate from a third party i.e. trusted cert.
Thanks
stephen

A .local certificate is the name that the certificate has been named e.g., mail.yourdomain.local.  This, when installed on a computer, will try to resolve the domain against what it is trying to validate and as there are no internet domains called .local, will fail every time.  The certificate should end .com, .co.uk, .ie, etc.
You can regenerate a new certificate on your SBS box, but if you have multiple sites, I would recommend for about $40, to buy a certificate per domain from somewhere like GoDaddy which are about the cheapest about (www.godaddy.com).

What I don't get is in cstephen100's post #28698992 the cert was fine

Probably using the Ignore Trust for SSL check box.

hi all,
i think i may have moved on a step, not sure how but exchange is verifying account, however one domain works and the other doesnt, basically from going thorugh all the steps above changing iis etc it started going, after changing a lot, i needed to drop domain before the user i.e
mydomain\user
used just:  user

 so i think im close. thanks everyone for help here.
I have two seperate servers, different dns, loction etc.
 sbs created cert on both servers.
When i try sync with one server it works fine,
however when i try the other it verifys account, but when i go in for email i get
Cannot Get Mail: "The connection to the server failed".  
I ran AS tester and it comes back as if it is ok.
Hope someone had this issue before,
Thanks to all,
stephen

Please explain more about your two servers.  Are they two servers for the same domain?

no there on two seperate domains, none of the domains are interlinked in any manner.
i was just giving this as an example of how one was working and the other wasnt,
I actually have 3 domains that im working on,
2 not working, 1 is.
owa, rpc/http outlook, nokias (mail for exchange), windows mobile phones etc work on all 3 domain.
but iphone works on just 1.
hope this makes sense and im not confusing the matter.
Thanks stephen

Have you resolved your certificate problem yet?

hi alan,
im waiting to get trusted cert back, .ie takes a bit longer.
but i have a few queries re certs.
the domain gps* works fine now,
the others dont,
however i created the cert using cciew on all 3.
Im confunsed why phone sync would work on 1 but not on other 2.
I know rpc/http via outlook works on all and this is very fussy with certs.
Thanks
stephen

sorry i ment CEICW  instead of cciew.

The Connect to the Internet Wizard will only generate one Certificate and that can only have one name.
If you run it multiple times, it will replace one certificate with the next.
If you have requested a certificate and then abandoned the request to run the Wizard, you have probably scuppered the plans to install the 3rd party certificate and may need to re-request a certificate using the Certificate Signing Request, send that off, re-key your certificate when you get it issued, then download the certificate and then install it.
Once you have generated a Certificate Signing Request, don't re-run the Connect to the Internet Wizard.