We help IT Professionals succeed at work.

How do I configure exchange 2007 to allow iPhone/iPad to work.

thorptech
thorptech asked
on
Hi Everyone,

I have a server running Windows Server 2003 x64 Standard with Exchange 2007.  The server was allowing iPhone's and iPad's to connect using the mail program until this week.   I've been working two days on this and still cannot find a solution please help.

On the iPhone or iPad it displays (Cannot Get Mail    The connection to the server failed.)

OWA and Outlook Clients work perfectly.

I've ran the exchange analyzer https://testexchangeconnectivity.com/ here are the results of the Exchange ActiveSync test.


      ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name (my domain name) in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: (server ip)
      Testing TCP Port 443 on host (my domain name) to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Successfully validated the certificate name
       
      Additional Details
       Found hostname (my domain name) in Certificate Subject Common name
      Validating certificate trust for Windows Mobile Devices
       Certificate trust validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain did not end in a trusted root. Root = CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Comment
Watch Question

Author

Commented:
Outlook Anywhere (RPC over HTTP) Test

      ExRCA is testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name (my domain name) in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: (server ip)
      Testing TCP Port 443 on host (my domain name) to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
       
      The certificate name is being validated.
       Successfully validated the certificate name
       
      Additional Details
       Found hostname (my domain name) in Certificate Subject Common name
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Additional Details
       The Certificate chain has be validated up to a trusted root. Root = CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
      The certificate date is being confirmed to ensure the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       Certificate is valid: NotBefore = 6/17/2008 7:13:11 PM, NotAfter = 6/18/2010 7:13:11 PM"
      The IIS configuration is being checked for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       Accept/Require Client Certificates not configured.
      Testing Http Authentication Methods for URL https://(my domain name)/rpc/rpcproxy.dll
       The HTTP authentication methods are correct.
       
      Additional Details
       Found all expected authentication methods and no disallowed methods. Methods Found: Basic
      SSL mutual authentication with the RPC proxy server is being tested.
       Mutual authentication was verified successfully.
       
      Additional Details
       Certificate common name (my domain name) matches msstd:(my domain name)
      Attempting to Ping RPC Proxy (my domain name)
       RPC Proxy was pinged successfully.
       
      Additional Details
       Completed with HTTP status 200 - OK
      Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server (my domain name)
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime

Commented:
Can you telnet the server on port 6001? what is the message?

Author

Commented:
Yes  the message is

ncacn_http/1.0

Author

Commented:
iPhone or iPad also displays (Exchange Account Unable to verify account information)

Author

Commented:
I've download a tool called ActiveSync Tester from https://store.accessmylan.com/ 

When I run the test this is the result I get.


Testing (my domain name) (SSL, On Internet):

Communications:
      Doing DNS lookup on (my domain name) OK (server ip)
      Testing TCP to (server ip) port 443 ....... OK
SSL Certificate:
      Receiving ................................ OK
      Ensuring not Self-Signed ................. OK
      Verifying certificate .................... OK
ActiveSync:
      Checking for application ................. FAIL

Result:
      ActiveSync detected, but access denied. [HTTP 403: Disabled for this user]

      (For more detailed diagnosis and possible solutions, see www.accessmylan.com )

Commented:
Hey Thorp:

Set the following on your mailbox 2003 server:
- IIS > Default Web Site ...Properties > Security Tab > Uncheck Anonymous > Check Integrated Windows.. > Close properties window > Restart IIS

Since your mailbox is on 2003... you will get error if you are testing @ https://testexchangeconnectivity.com/ ...

User your iphone.. or windows mobile phone... to sync... n have fun...

Author

Commented:
madetis1

I gave that a try and now OWA has stopped working and the iphone still does not work.  Also https://testexchangeconnectivity.com still displays the same error.

OWA is displaying (440 Login Timeout)

Author

Commented:
Used the following Microsoft article to fix the owa issues.
http://support.microsoft.com/kb/941201

iPhone/iPad still not working.

Commented:
Autodiscover is working? can you test and confirm that please with https://testexchangeconnectivity.com.

Author

Commented:
Exchange ActiveSync Autodiscover Test

 ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
   Test Steps
   ExRCA is attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Test Steps
   Attempting to test potential AutoDiscover URL https://(my domain name)/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name (my domain name) in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: (server ip)
 
 Testing TCP Port 443 on host (my domain name) to ensure it is listening and open.
  The port was opened successfully.
 ExRCA is testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   The certificate name is being validated.
  Successfully validated the certificate name
   Additional Details
  Found hostname (my domain name) in Certificate Subject Common name
 
 Certificate trust is being validated.
  The certificate is trusted and all certificates are present in the chain.
   Additional Details
  The Certificate chain has be validated up to a trusted root. Root = CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
 
 The certificate date is being confirmed to ensure the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  Certificate is valid: NotBefore = 6/17/2008 7:13:11 PM, NotAfter = 6/18/2010 7:13:11 PM"
 
 
 
 The IIS configuration is being checked for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates not configured.
 
 ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
   Test Steps
   Attempting to Retrieve XML AutoDiscover Response from url https://(my domain name)/AutoDiscover/AutoDiscover.xml for user (username)@(my domain name)
  Failed to obtain AutoDiscover XML response.
   Additional Details
  A Web Exception occurred because an HTTP 405 - MethodNotAllowed response was received from Unknown
 
 Attempting to test potential AutoDiscover URL https://autodiscover.(my domain name)/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.(my domain name) in DNS.
  The Host could not be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.(my domain name) could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
 
 
 
 
 ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Test Steps
   Attempting to resolve the host name autodiscover.(my domain name) in DNS.
  The Host could not be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.(my domain name) could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
 
 
 
 
 ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
  Failed to contact AutoDiscover using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.(my domain name) in DNS.
  The Autodiscover SRV record wasn't found in DNS.
   Tell me more about this issue and how to resolve it

Commented:
ok. you got a general Autodiscover problem. please confirm that with a second method:

1. press CTRL and click on the Outlook tray-icon
2. choose "test email autoconfiguration"
3. fill in the details and and choose only "use autodiscover"
4. post the result of the "results" and the "log" tab

Author

Commented:
Outlook Test Results
Autoconfiguration has started, this may take up to a minute
Autoconfiguration found the following settings:

Protocal: IMAP
Server: (my domain name)
Port: 993
Login Name: (username)
SPA: Yes
SSL: Yes

1.jpg
2.jpg
3.jpg
4.jpg
5.jpg
6.jpg

Author

Commented:
When I login into the autodiscover site this is what happens.

https://mail.(my domain)/Autodiscover/Autodiscover.xml

  <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover>
- <!--  This is a placeholder file -->
  </Autodiscover>

Author

Commented:
Outlook Test Autodiscover only
1a.jpg
2a.jpg
3a.jpg

Commented:
Hi Thorp,

Is CAS n 2003 in same domain? ... just wondering the cause... as your env. seems same as what I am handling... and I had same issue before till I took care of auth issue on IIS...

Dint mean to scare you ... 440 time out is lil nasty but even before you troubleshoot that.... just make sure on CAS IIS auth is form based and nothing else and on 2003 mailbox server IIS auth is just Integ windows...

Madetiz

Commented:
Just to add more...

Auto discover is not mandatory for testing purposes... its just an add in to ease life... you can still do without   it ... you ll have to manually type in your server name...

Also am sure you are good at iphone but still an advice... while typing the server name.. just type in CAS fqdn name you published with your isp... you dont need to type in https or /exchange-server-activsync....

Thanks

Commented:
It is as I assumed: a general autodiscover problem. not just specific to iphone.

would you mind sending me your domain name? I want to analyse the IIS messages. It's ok of you don't want to - it just takes more time.

Author

Commented:
Hi Madetis1

Yes CAS is in the same domain.  
I’m not trying to setup auto discover; manual config is fine.  That was how I was using it before it stopped working.  I’m entering the server name manually on the iphone but it will not connect.    

i"m entering just mail.domain.com

ok I want to make sure i'm modifly the setting in the correct place.  Where do I go to check these settings.  
CAS IIS auth is form based and nothing else and on 2003 mailbox server IIS auth is just Integ windows

owa.jpg

Author

Commented:
I'm not sure if this matters but IMAP is enabled and does work on the iphone but the exchange option on the iphone does not work.  

Author

Commented:
I'm not sure if this matters but IMAP is enabled and does work on the iphone but the exchange option on the iphone does not work.  
I've solved the problem.  I just needed to delete and recreate the ActiveSync Virtual Directory.  After that the iphone's and ipad's started syncing perfectly.         :)

http://technet.microsoft.com/en-us/library/bb125170(EXCHG.80).aspx

Thanks for the help guys

Author

Commented:
iphone's and ipad's are now syncing perfectly

Author

Commented:
iphone's and ipad's are now syncing perfectly

Author

Commented:
iphone's and ipad's are now syncing perfectly

Author

Commented:
iphone's and ipad's are now syncing perfectly