IPhone will not sync with Exchange 2003

We have set up our server for iphone users to access their emails about a month ago for 3 users.

We have now been asked to set it up for another user and the Iphone will not sync for that particular user.
The only users that it will work for is the 3 orginal users we set it up for a month ago.

We are getting a Cannot get mail, connection to server failed.

I have tried copying one of the original users profiles and it will not work either.

any help would be appriciated greatly
jgpk
LVL 1
jgpkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Narayan_singhCommented:
If you have SSL on Exchange server please follow method 2 of KB 817379 and use http://support.apple.com/kb/ht2480 for configuring iPhone for ActiveSync.
0
Alan HardistyCo-OwnerCommented:
Please have a read through my article before attempting the above and check your IIS settings, run the test on the test site and the report back any errors that are not covered by my article:
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pro4iaCommented:
usually caused by IIS permission settings..

you should create exchange-oma virtual directory with the appropriate settings and make the registry addition as indicated by the MS documentation.

There's also an online ActiveSync tool
https://www.testexchangeconnectivity.com

and offline ActiveSync tool you can use to test your ActiveSync... as you know, this is the technology being used for Iphone sync and needs to function ok.
https://store.accessmylan.com/main/diagnostic-tools
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Alan HardistyCo-OwnerCommented:
@Pro4ia - please read my article which covers all that you have mentioned ; )
0
Pro4iaCommented:
just quickly glanced at it now.. didn't read it before. wish i saw your article before when I was troubleshooting my issue. :)

yes you're right..  it pretty much states what I typed in
0
Alan HardistyCo-OwnerCommented:
Sorry you didn't see it before.  Hopefully it would have helped you : )
0
jgpkAuthor Commented:
hi guys

thanks for you replies.
i have went through all the above and still no luck. when i use the activesync tester it works with one of the original users and when i change the name and password to somebody else if fails. i have checked to make sure the usr has rights etc.

its just weird - can anybody help?

jgpk
0
MegaNuk3Commented:
Create a test user with test mailbox with 1 item in it then test again via the testexchangeconnectivity.com website. Do not put the user into any groups.

What happened? Paste the error or editted screen dump if it failed to work.
0
Alan HardistyCo-OwnerCommented:
I have seen many cases of some users working and some not.  This is usually down to the IIS settings mentioned in my article.
Have you read the article and checked your settings carefully?
For the users that fail - what error do you get?
What information are you entering on the test site (not specifics), e.g., domain\username, mail.yourdomain.com etc.
0
jgpkAuthor Commented:
on the testsite "accessmylan" activesync tester -

your location - On internet

Exchange Server details
Name/Ip Addr: "Public IP Address" (xx.xx.xx.xx)
Test For SSL Support is checked

User mailbox Details:
Username: john doe
Password: xxxxxxx
Domain: I have tried leaving blank and putting in domain.local

Result : ActiveSync detected, but access denied [HTTP 403: Disabled for this user]
0
Alan HardistyCo-OwnerCommented:
Do you get the same error from https://testexchangeconnectivity.com?
If you do - then you would be advised to follow KB817379 - Method 2
0
jgpkAuthor Commented:
This is what i get when using https://testexchangeconnectivity.com

 Testing Exchange ActiveSync  
  Exchange ActiveSync test Failed
   Test Steps
   Attempting to resolve the host name xx.xx.xxx.xx in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: xx.xx.xx.xxx
 
 Testing TCP Port 443 on host xx.xx.xx.xx to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The SSL Certificate failed one or more certificate validation checks.
   Test Steps
   Validating certificate name
  Certificate name validation failed
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name xx.xxx.xx.xx does not match any name found on the server certificate

but if i use the iphone with that same user details it works!!
i cant see how it would work for one or two users and noone else!!
0
MegaNuk3Commented:
Ensure the user is allowed the Mobile features on their "Exchange Features" tab from AD Users & Computers
0
Alan HardistyCo-OwnerCommented:
Are you using the IP Address to access the server instead of an FQDN e.g., mail.yourdomain.com?
If you are then the certificate needs to have an IP address in it.  It is not recommended to use an IP.  What is the name on your certificate?  If you use that name instead when testing, what results do you get?
0
jgpkAuthor Commented:
The mobile features are enabled for everyuser
We are using a self signed certificate on this server.
0
Alan HardistyCo-OwnerCommented:
Okay - did you tick the Ignore Trust for SSL when testing on the test site (as per my article)?
0
jgpkAuthor Commented:
Yes i did
0
Alan HardistyCo-OwnerCommented:
And what did you enter for the Activesync Server detail?  IP or FQDN?
What is the name on the certificate?  IP or FQDN.
Are you using the same detail in the test site for Activesync Server detail as the name on the certificate?
0
jgpkAuthor Commented:
i have tried both the ip address and the cert name - the name on the certificate is example.domain.local

the name example.domain.local does not resolve to the ip address externally only internally
0
Alan HardistyCo-OwnerCommented:
You cannot use a certificate with .local in it.
As you have stated SBS in the Zones - please re-run the Connect To The Internet Wizard and change nothing apart from when you get to the certifcate and then create a new certificate name example.domain.com (or whatever your external domain is and something that points to your IP address).
Once completed - please re-test.
To run the Wizard - Please click on Start> Server Management> To-Do List> Connecto the the Internet
 
0
jgpkAuthor Commented:
i have done what you said but now the example.domain.com is resolving to our mail host ip address and not the physical server. we use a pop3 connector on the exchange box.

when i ping example.domain.com i get the IP of the host company and not our public ip address!!
0
Alan HardistyCo-OwnerCommented:
Do you have an FQDN that points to your server?  If so - rename your certificate to use this FQDN - if not - set one up in DNS and then rename your certificate and then test again.
To work, your phones have to resolve the name of the server they are given when you configure them to the IP of your Exchange server providing them mail.  If it cannot resolve, then it will not work.
The certificate has to match the name you use to point the phones to your server.
0
Pro4iaCommented:
also try to test with SSL required "unchecked" and with an IP address.. this will give you a clue whether is a cert issue or not..

but as mentioned, your cert should have the same name as your external DNS record.. such as mail.yourdomain.com (which points to your mail server's external translated ip address)
0
jgpkAuthor Commented:
I now have the example.domain.com responding with the correct IP adress.

i have tested it with https://testexchangeconnectivity.com and here are the results

Testing Exchange ActiveSync
 Exchange ActiveSync test Failed
 Test Steps
 Attempting to resolve the host name example.domain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: xx.xx.xx.xx

Testing TCP Port 443 on host exampl.domain.com to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname example.domain.com in Certificate Subject Common name

Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
 Additional Details
 Certificate is valid: NotBefore = 4/28/2010 11:53:45 AM, NotAfter = 4/28/2015 11:53:45 AM"



Testing Http Authentication Methods for URL https://example.domain.com/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

Attempting an ActiveSync session with server
 Errors were encountered while testing the ActiveSync session
 Test Steps
 Attempting to send OPTIONS command to server
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Wed, 28 Apr 2010 14:23:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting FolderSync command on ActiveSync session
 FolderSync command test failed
 Additional Details
 An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>

0
Pro4iaCommented:
your test result looks very similar to what i ran into recently..

have you created a custom virtual dir called exchange-oma and made the registry change? this is what got it kicking for me
0
jgpkAuthor Commented:
exchange-oma is already there, do i need to do it again.

can you please give me the steps for this?
0
MegaNuk3Commented:
Is this an SBS server? Apologies if you have mentioned it already.
0
jgpkAuthor Commented:
Yes its an SBS server 2003
0
Pro4iaCommented:
did you make the registry change?
0
Pro4iaCommented:
one thing i noticed was that.. when i added the exchange-oma folder, the offline activesync tester tested OK from that point on..

the online tester however was still giving an error msg.

iphone sync started working at this point
0
jgpkAuthor Commented:
what registry change is that, sorry i am after looking at so many possible solutions i dont know which registry change you are referring to?
0
Pro4iaCommented:
from this MS doc -
http://support.microsoft.com/kb/817379


Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

Right-click Parameters, click to New, and then click String Value.

Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.

In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.

Quit Registry Editor.

Restart the IIS Admin service. To do this, follow these steps:

Click Start, click Run, type services.msc, and then click OK.

In the list of services, right-click IIS Admin service, and then click Restart.

0
jgpkAuthor Commented:
The registry had already those details - see botom of that article also

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
0
MegaNuk3Commented:
Another thing you can test is OMA....
From the failing iPhone, open Safari and see if you can go to https://mail.yourdomain.com/oma, see if it will let you login and see the mails or not. If it gives you an error or works that will help quite a bit in diagnosing your problem.

Are you seeing any events in the Application event log relating to Activesync or not?
0
Pro4iaCommented:
good just wanted to make sure.  as I mentioned previously, can you take off require SSL and test w/o SSL?
0
Alan HardistyCo-OwnerCommented:
All of these errors are covered by my Article.
For a 403 error - KB817379
For a 500 Error - KB883380
 
0
jgpkAuthor Commented:
OMA is working fine for all users -

One of the errors in application logs is as follows

Unexpected Exchange mailbox server error: Servr:
[servername.domain.local] User: [johndoe@domain.com] HTTP
status code: [409]. Verify that the Exchange mailbox Server is working correctly
0
MegaNuk3Commented:
Are you aware that OMA is completely different to ActiveSync? OMA is a crappy version of OWA meant for the old WAP phones...
0
jgpkAuthor Commented:
yes i am aware of that, but it is activesync that the Iphone works with!
0
Alan HardistyCo-OwnerCommented:
Can you please re-run the Connect To The Internet Wizard - change nothing and then complete the wizard.
This should reset the settings / permissions on the relevant IIS virtual directories.
Once done - please re-test on https://testexchangeconnectivity.com and post results.
Do not add /anything for the Activesync servername - make sure the Activesync servername is something like mail.yourdomain.com which resolves to your server.
0
jgpkAuthor Commented:
Testing Exchange ActiveSync
 Exchange ActiveSync test Failed
 Test Steps
 Attempting to resolve the host name example.domain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: xx.xx.xx.xx

Testing TCP Port 443 on host exampl.domain.com to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname example.domain.com in Certificate Subject Common name

Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
 Additional Details
 Certificate is valid: NotBefore = 4/28/2010 11:53:45 AM, NotAfter = 4/28/2015 11:53:45 AM"



Testing Http Authentication Methods for URL https://example.domain.com/Microsoft-Server-Activesync/
 Http Authentication Methods are correct
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

Attempting an ActiveSync session with server
 Errors were encountered while testing the ActiveSync session
 Test Steps
 Attempting to send OPTIONS command to server
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Wed, 28 Apr 2010 14:23:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



Attempting FolderSync command on ActiveSync session
 FolderSync command test failed
 Additional Details
 An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>

0
Alan HardistyCo-OwnerCommented:
Okay - 403 error is resolved by KB817379 - please follow method 2 carefully.
http://support.microsoft.com/kb/817379 
0
jgpkAuthor Commented:
I am using small business server 2003 is the KB above not just for Server 2003?
0
jgpkAuthor Commented:
RESOLVED!!!

Got working went back to basics checking IIS settings - the KB settings hlped again here - test using Active Sync Tester and hey presto all fine -

Follow the steps in the following KB and it may help you too

http://support.microsoft.com/kb/937635

thanks to everyone who replied to my question
0
MegaNuk3Commented:
The KB is for environments where there is only one Exchange 2003 server, be it SBS or normal.

As the article states:
"If you are receiving the errors that are described in the "Symptoms" section on Small Business Server 2003, run the Configure E-Mail and Internet Connection Wizard. The wizard should help you reconfigure the /Exchange virtual directory and forms-based authentication to work with Outlook Mobile Access and with Exchange ActiveSync."

The CEICW should of configured the directories correctly for you, but sometimes it doesn't.

0
jgpkAuthor Commented:
RESOLVED!!!

Got working went back to basics checking IIS settings - the KB settings hlped again here - test using Active Sync Tester and hey presto all fine -

Follow the steps in the following KB and it may help you too

http://support.microsoft.com/kb/937635

thanks to everyone who replied to my question
0
MegaNuk3Commented:
The other thing you can try as per alanhardisty's article:
open up Exchange System Manager, Global Settings, Mobile Services Properties, Device Security Button, Exceptions Button, then add your account to the exceptions list

Then test again and see if you get the 403 error again or something else.
0
MegaNuk3Commented:
Glad it is resolved.
0
Pro4iaCommented:
great!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
iPhone

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.