We help IT Professionals succeed at work.

Setting Up Exchange Email on Apple IPAD

Plancom
Plancom asked
on
Hi can someone help me set up exchange emails on my ipad as I am really struggling to get it to work.

I am putting in the following credentials onto  set up on the ipad:

email: firstname.surname@domain.co.uk
server: exchange server IP address
username: majid.ali
password: *******
.
When i submit I get message "Unable to verify certificate" but it still gives me option to ACCEPT.
It then gives me error: Exchange Account - Unable to. verify account.

I can access my exchange emails externally via https://exchange-server-IP-address/exchange.

I am running exchange server 2003 on Windows Server 2003, both on same machine. Do i need to tick on "this is a front end server" not sure whether this is the problem?

Can someone please advise?

Comment
Watch Question

Turn of using the certificate unless you're connecting to a https web server.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Please have a read through my Exchange 2003 / Activesync article for details of how the Server should be setup, which may be the root cause of your problem.  Check your settings / pre-requisites, run the tests and if you get any errors, run through the errors section:
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2003-Activesync-Connection-Problems-FAQ.html 

Author

Commented:
Hi Alan,

I am currently working through your guide. Couple of questions:

Netbios name: I have inserted domain name
Realm: When i click on browse and select domain, it reads as domain.local and not domain.com, is this correct?

I registered the IIS certificate as servername.domain.local, and on the certificate is shows it was issued by mail.domain.com, is this correct? The FQDN on the DNS underver Host A record is set to servername.domain.local

Under iphone settings:

Server: mail.domain.com? or should it be servername.domain.local?
Domain: SHould this just be domain name on its own or domain.local

Sorry to be a pain, i just want to make sure i have done everything correctly.

Many Thanks

Majid

Author

Commented:
I ran the test on https://testexchangeconnectivity.com and got the following results:

ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.domainname.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: *.*.*.*

Testing TCP Port 443 on host mail.domainname.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name mail.domainname.com does not match any name found on the server certificate CN=www.domainname.de, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=www.domainname.de

Any suggestions?






You missed obscuring your domain name here, so I have obscured it for you.

Alan Hardisty
Zone Advisor

Open in new window

Co-Owner
Top Expert 2011
Commented:
Okay - answers to your questions:

netbios name should be the name displayed when you type set at a command prompt - use the USERDOMAIN variable, but only the first 15 characters if you have a long name.

Realm is fine

Any certificate issued to a .local address will never work.  It has to be a name that resolves in DNS so you will need to reissue your certificate with something like mail.domain.com

FQDN locally is fine as an A record.

iPhone settings:
Server - mail.domain.com (needs to resolve in DNS and match the name on the certificate)
Domain - just domain

You will never be a pain.  If you are not sure - asking is the best way to find out and if I have not spelled it out in my article, that's my fault ; )
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - your certificate is a Thawte certificate issued to mail.yourdomain.de.  You need to use the same name for Activesync as the server, then you stand a chance.

Author

Commented:
Hi,

When i remove the certificate, and add a new one, i am going through the following steps:

IIS Sertificate Wizrd

Select Create new certificate..Click Next
Select Send the request immediately to an online certification authroity..Click Next
Type Name for new certificate: mail.domainname.de
Bit Length = 1024
Click Next
Organisaton: Name
Organanisation: Name
Click next
Common Name for site: mail.domainname.de
Click Next
Geographical Information
Click Next
SSL Port: 443
Click Next
Certification Authorities has a name in the drop down as... servername.domainname.local\mail.domainname.com (Do i need to change this to servername.domainname.com\mail.domainnme.de?? If so how do  I change it?

Thanks
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Why are you removing the certificate?

Just tell activesync to use mail.yourdomain.de as the server name and it will be happier.

Author

Commented:
Sorry I am new to all of this, how do i tell the activesyc to use mail.yourdomain.de?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
When you configure the iPad, you need to tell it your email address, domain, username, password and then, if it cannot auto-find your server, it asks for the Server.  The Server field, should be mail.yourdomain.de.
The name you use for the server HAS to match the name on the certificate and as your certificate is mail.yourdomain.de, then that is what you need to enter.

Author

Commented:
Right I get you...i will give it a go...

Just out of interest are the certificate settings correct, the ones posted on 17/06/10 10:54 AM, or are they irrelevant?

Author

Commented:
https://testexchangeconnectivity.com/

When I run the test on the above I am getting the same error:

Host name mail.domainname.de does not match any name found on the server certificate CN=www.domainname.de, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=www.domainname.de
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Ah - sorry.  Sounds like you need to be using www.domainname.de.  Is your website hosted on your own server?
If yes - use www instead of mail.
If no - then you need to re-issye your certificate for mail.domainname.de or whatever resolves in DNS to your server's IP address.
From your last post:
"Host name mail.domainname.de does not match any name found on the server certificate CN=www.domainname.de, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=www.domainname.de"

Author

Commented:
Hi,

No my website is not hosted on my server, it is hosted with 3rd party web hosting company.

Whats the best way to reissue the certificate with these credentials? I am really not getting this whole thing...
Alan HardistyCo-Owner
Top Expert 2011

Commented:
You will need to remove your existing certificate from your website, then create a new certificate signing request, take the output from the CSR to Thawte and re-key your certificate using the CSR which will generate a new certificate with the name you need to use, then install that onto your server.

Author

Commented:
sorry Im not clued up on certificates. Is there a link you can send me for a step by step guide for the things you need me to do?

Author

Commented:
I have sorted it. Installed a new certificate. Used a mail.domainname.co.uk which actually terminates at the server address. And it has now been resolved.

Thanks for your help mate.

Author

Commented:
Very helpful :)