• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1619
  • Last Modified:

Iphone won't authenticate to exchange server

I am having issues authenticating to the exchange server. I have tried using outlook via RPC/http and that will not authenticate. I am also trying to connect my iphone to the server and that doesn't authenticate either.
There is a self assigned certificate installed on this exchange2003 server, but the certificate has been installed on both the computer trying to use outlook and the iphone.

In addition, I have verified the following settings:
Exchange Virtual Directory
·         Authentication = Integrated & Basic  
·         Default Domain = NETBIOS domain name - e.g., yourcompany  
·         Realm = yourcompany.com  
·         IP Address Restrictions = Granted Access  
·         Secure Communications = Require SSL NOT ticked  

Microsoft-Server-Activesync Virtual Directory
·         Authentication = Basic  
·         Default Domain = NETBIOS domain name - e.g., yourcompany  
·         Realm = NETBIOS name  
·         IP Address Restrictions = Granted Access  
·         Secure Communications = Require SSL NOT ticked  

OMA  Virtual Directory
·         Authentication = Basic  
·         Default Domain = \  
·         Realm = NETBIOS name  
·         IP Address Restrictions = Granted Access  
·         Secure Communications = Require SSL NOT ticked  
 
I am able to log into OWA just fine. In addition, when I access IIS and try to log into the OMA it works fine. So does MS exchange activesync in IIS. I have run several tests and it seems that it connects to the server, but just won't accept any credentials.

PLEASE HELP!
0
etcs
Asked:
etcs
  • 12
  • 11
1 Solution
 
thompsonwirelessCommented:
We just started using the iphone with Exchange.  We put in the domain name, the http address to the server and user credentials.  No other setting changes are required.  We also didn't use a certificate except for OWA.  Try a FQDN, IP address or domain.local if necessary.  
0
 
Alan HardistyCo-OwnerCommented:
Please report back the results when testing on https://testexchangeconnectivity.com for the Exchange Activesync Test (specify manual server settings and check the Ignore Trust for SSL) as you have a self-certified certificate.
0
 
etcsAuthor Commented:
Testing Exchange ActiveSync
       Exchange ActiveSync test Failed
       
      Test Steps
       
      Attempting to resolve the host name mail.wincocontractors.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 67.95.44.166
      Testing TCP Port 443 on host mail.wincocontractors.com to ensure it is listening and open.
       The port was opened successfully.
      Testing SSL Certificate for validity.
       The certificate passed all validation requirements.
       
      Test Steps
       
      Validating certificate name
       Successfully validated the certificate name
       
      Additional Details
       Found hostname mail.wincocontractors.com in Certificate Subject Common name
      Testing certificate date to ensure validity
       Date Validation passed. The certificate is not expired.
       
      Additional Details
       Certificate is valid: NotBefore = 3/27/2010 6:51:17 PM, NotAfter = 3/27/2015 6:51:17 PM"
      Testing Http Authentication Methods for URL https://mail.wincocontractors.com/Microsoft-Server-Activesync/
       Http Authentication Methods are correct
       
      Additional Details
       Found all expected authentication methods and no disallowed methods. Methods Found: Basic
      Attempting an ActiveSync session with server
       Errors were encountered while testing the ActiveSync session
       
      Test Steps
       
      Attempting to send OPTIONS command to server
       Testing the OPTIONS command failed. See Additional Details for more info
       
      Additional Details
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
etcsAuthor Commented:
     
      Additional Details
       A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown
0
 
Alan HardistyCo-OwnerCommented:
A 401 error is usually a bad username or password problem. Can you try a different account or reset a password so that you are 100% sure of what it is please.
0
 
Alan HardistyCo-OwnerCommented:
This can also occur in the following circumstances:

Integrated Windows authentication is not enabled on the Exadmin virtual directory on the mailbox server.
0
 
etcsAuthor Commented:
If you look at my original post it shows all the directories and what is enabled on them.
0
 
Alan HardistyCo-OwnerCommented:
Your original post does not show the exadmin virtual directory.  Please can you check.
0
 
etcsAuthor Commented:
Sorry about that. I just checked it and the Integrated Windows authentication is the only one checked.
0
 
Alan HardistyCo-OwnerCommented:
What about my username / password comment?  Did you try that out too?
0
 
etcsAuthor Commented:
Ya, I have tried 3 different accounts already. None of them are working
0
 
etcsAuthor Commented:
update:
I recently tried turning off SSL on the iphone because it is a self assigned certificate, but it still will not authenticate.

Other ideas anyone?
0
 
Alan HardistyCo-OwnerCommented:
Can you drop me an email with some user details (a test account) and password, domain, servername etc so that I can test for you?  Would make life easier.  Will appreciate if you can't or don't want to for security reasons.
Alan
0
 
etcsAuthor Commented:
Judging by your rank I will trust you; however, that does not mean other users will not see this. I will send you some credentials to a personal email of yours.
What email is best for you?
0
 
Alan HardistyCo-OwnerCommented:
Thanks - your trust will not be abused.
alanhardisty @ experts-exchange.com which forwards to alan @ it-eye.co.uk
0
 
etcsAuthor Commented:
I sent the email sir
0
 
Alan HardistyCo-OwnerCommented:
Nothing yet!
0
 
Alan HardistyCo-OwnerCommented:
Greylisted for the 1st attempt - should come through again soon.
0
 
etcsAuthor Commented:
I sent an additional email directly to the forwarded address. Did you recieve it yet?
0
 
Alan HardistyCo-OwnerCommented:
Thanks - using the Activesync test on my iPhone, then app report s all is well apart from the Certificate.
When testing without SSL - it passes all tests.
My suggestion would be to buy a GoDaddy SSL certificate for about $40 and install that.  You don't need a SAN / UCC certificate and this will rectify the problem the moment the certificate is installed.
Just going to test on https://testexchangeconnectivity.com
0
 
etcsAuthor Commented:
There is an option when setting up emails on the iPhone to turn off SSL. Wouldn't that be the same thing? When I try that it still doesn't work....
0
 
Alan HardistyCo-OwnerCommented:
This may all be down to your domain being 16 characters long and you can only use 15 of them when entering the domain name anywhere.  If you lose the 's' from the domain name and try again, you should be fine.
On the server, click on Start> Run> {type} cmd {press enter}
Type Set {press Enter}
Look for UserDomain - that should display win..........or not win..............ors
 

Activesync.jpg
0
 
etcsAuthor Commented:
That works! Thank you so much!!
0
 
Alan HardistyCo-OwnerCommented:
All down to an extra character!  Glad it worked - thanks for the points,
Don't forget to delete the test account.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 12
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now