We help IT Professionals succeed at work.

connect an iPhone to Windows SBS 2003

934 Views
Last Modified: 2012-05-09
Hi Experts,

 I need to connect an iphone to windows SBS 2003 SP2 domain controller.  The users credentials are being rejected on the iphone yet the user can log in remotely from laptop and connect to exchange.
In the process of attempting to resolve this issue I discovered that when I enter http://companyweb into the browser, i receive a prompt for a username and password.  In spite of entering the admininstrator credentials, I receive a "you are not authorized ..." page. Staff have told me that companyweb had been working ok so I'm assuming that an update is responsive for this issue.  Also while OWA is accessible internally( localhost), I cannot access it over the WAN.  Could these issues be related?  Thank you for your help
Comment
Watch Question

CERTIFIED EXPERT
Author of the Year 2010
Top Expert 2010
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
If you get stuck anywhere with my article, please let me know.

Author

Commented:
THanks Alan,
I'm woriking through it at them moment.

Author

Commented:
Hi again Alan
I have gone through the settings.  The server does not have an SSL Certificate - only the default one. SSL has been switched ON.  But even if I switch SSL off, connection is still being rejected on the basis of the password.  I know the password is correct as it is the users windows password and he also used the same password for VPN connectivity  any suggestions welcome. Thanks

Author

Commented:
More Info
Assigned the static IP to a dyndns address in order to test active sync with the link you provided above,  Everything went fine until it came to te certificate.  Host name ncbc.homelinux.com does not match any name found on the server certificate CN=server01.ncbc.local, CN=companyweb, CN=SERVER01, CN=localhost, CN=SERVER01.ncbc.local.  This is the problem I think?  Cannot get permission to purchase a cert until Tuesday.  Is there a temporary work-around?
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
With SBS 03 you just need to re-run thte Connect to the Internet Wizard and within that process, you can re-issue a new certificate with the name you need.

With an iPhone there is no need to buy a certificate - it will work happily with the one SBS provides it.

Click on Start, Server Management, To Do List, Connect to the Internet.  Change nothing apart from when you get to the certificate, then create a new certificate and name it ncbc.homelinux.com.

Author

Commented:
Overcame the cert issue, I think.  Ran the Exchange Remote connectivity Analyser (ERCA) on active sync and it works.  Following setup, t he iPhone displays a message that states that the certificate cannot be verified with an accept or cancel option.  After Accept is selected, the password is requested.  The password is subsequently rejected!.  Phew! Any ideas?
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
If you are being asked for a password after the Certificate is accepted, that sugests you are either entering the wrong info into one of the boxes, or the password is wrong.
If the Activesync Test passes (make sure you uncheck the "Ignore Trust for SSL" when running the test), please post the results, just to make sure.
Thanks

Author

Commented:
Hi Alan
Test failed this time! Here are the results:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name ncbc.homelinux.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 83.71.163.185

Testing TCP Port 443 on host ncbc.homelinux.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 The certificate name is being validated.
 Successfully validated the certificate name
 Additional Details
 Found hostname ncbc.homelinux.com in Certificate Subject Common name

The certificate date is being confirmed to ensure the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 Certificate is valid: NotBefore = 6/5/2010 2:16:10 PM, NotAfter = 6/5/2015 2:16:10 PM"

The IIS configuration is being checked for client certificate authentication.
Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates not configured.

Testing Http Authentication Methods for URL https://ncbc.homelinux.com/Microsoft-Server-Activesync/
 The HTTP authentication methods are correct.
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the ActiveSync session
 Test Steps
 ExRCA is attempting to send the OPTIONS command to the server.
 Testing of the OPTIONS command failed. For more information, see Additional Details.
 Additional Details
 A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown
Co-Owner
CERTIFIED EXPERT
Top Expert 2011
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Alan
I went through your document again. Still getting the same error.  IThe username and password are correct for the user, He can logs on to the network and VPN with no difficulty. The only ip restriction is on the exchange-oma virtual directory (127.0.0.1 and 192.168.16.2 server ip).  The companyweb website prompts for username and password every time and returns a "you are not authorized..." page.  Could be part of the same problem?   Thanks for your help. I'm baffled!

Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
As this is SBS, please can you run the Connect to the Internet Wizard but change nothing, unless you re-ran this to sort the certificate out.

Then try the test site again.

Author

Commented:
Hi Alan
Sorry! Same Result!

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name ncbc.homelinux.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 83.71.163.185

Testing TCP Port 443 on host ncbc.homelinux.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 The certificate name is being validated.
 Successfully validated the certificate name
 Additional Details
 Found hostname ncbc.homelinux.com in Certificate Subject Common name

The certificate date is being confirmed to ensure the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 Certificate is valid: NotBefore = 6/5/2010 2:16:10 PM, NotAfter = 6/5/2015 2:16:10 PM"



The IIS configuration is being checked for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates not configured.

Testing Http Authentication Methods for URL https://ncbc.homelinux.com/Microsoft-Server-Activesync/
 The HTTP authentication methods are correct.
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

An ActiveSync session is being attempted with the server.
 Errors were encountered while testing the ActiveSync session
 Test Steps
 ExRCA is attempting to send the OPTIONS command to the server.
 Testing of the OPTIONS command failed. For more information, see Additional Details.
 Additional Details
 A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Is Activesync enabled for the user under Active Directory Users and Computers> Exchange Features?

Author

Commented:
The follwing items are enabled:
1. services
  Outlook Mobile Service
  User Initiated Synchonization
  Up-to-Date Notifications

2. Protols
  POP3
  IMAP
  Outlook Web Access

Hope this Helps.  Amny thanks for all you help

Author

Commented:
Alan
Please note! Up-to-Dat notificatiob was NOT enabled. I enabled it on the user account and this was the result:

ExRCA is testing Exchange ActiveSync.
 Exchange ActiveSync was tested successfully.
 Test Steps
 Attempting to resolve the host name ncbc.homelinux.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 83.71.163.185

Testing TCP Port 443 on host ncbc.homelinux.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 The certificate name is being validated.
 Successfully validated the certificate name
 Additional Details
 Found hostname ncbc.homelinux.com in Certificate Subject Common name

The certificate date is being confirmed to ensure the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 Certificate is valid: NotBefore = 6/5/2010 2:16:10 PM, NotAfter = 6/5/2015 2:16:10 PM"



The IIS configuration is being checked for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates not configured.

Testing Http Authentication Methods for URL https://ncbc.homelinux.com/Microsoft-Server-Activesync/
 The HTTP authentication methods are correct.
 Additional Details
 Found all expected authentication methods and no disallowed methods. Methods Found: Basic

An ActiveSync session is being attempted with the server.
 Testing an ActiveSync session completed successfully
 Test Steps
 ExRCA is attempting to send the OPTIONS command to the server.
 OPTIONS response was successfully received and is valid
 Additional Details
 Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Sun, 06 Jun 2010 10:11:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET



ExRCA is attempting the FolderSync command on the Exchange ActiveSync session.
 The FolderSync command completed successfully.
 Additional Details
 Number of Folders: 62

ExRCA is attempting the initial sync to the Inbox folder. This initial sync won't return any data.
 The Sync command completed successfully.
 Additional Details
 Status: 1

ExRCA is attempting to test the GetItemEstimate command for the Inbox folder.
 Successfully received GetItemEstimate Response from Server
 Additional Details
 Estimate: 28 messages

ExRCA is attempting to test synchronization of the Inbox folder.
 The Sync command completed successfully.
 Additional Details
 Number of items synchronized: 28

It seemed to work!
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - that looks promising.  Now what happens on the phone?

Author

Commented:
will check this later today

Author

Commented:
Hi Alan
checked iPhone using same settings as ExRCA.  Keeps rejecting password whether SSL is on or off.

Author

Commented:
Ex RCA works every time with username in the format <domain\<username> but not in the format <username>@<domain> or  <username>@<domain>. Interesting
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
What settings are you entering on the iPhone?
There are separate fields for username and domain, so make sure you split them.

Author

Commented:
Hi Alan
Finally got it to work!  My main focus was on the server and I assumed that the problem was there.  It was initially but your configuration guidance resolved that.  The problem was with the settings on the iPhone.  I deleted the previous settings and created a new exchange connection - and it worked!  Backed up the server and iPhone settings.  
Really appreciate your help.  Many Thanks.

Author

Commented:
Super support from probably the best in the business.
Many Thanks
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Excellent news.  I was running out of ideas there.

Thanks for the points and the kind words : )

Alan
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.