winperez
asked on
iPad and Exchange
I keep getting the error message below
Cannot Get Mail
the connection to the server failed.
it happens with some user accounts only
can someone help
Cannot Get Mail
the connection to the server failed.
it happens with some user accounts only
can someone help
did you enable OMA on the user that is not working?
ASKER
OMA is enabled, still no luck
are they using same wireless access point? (pretend your IPADs are WI-FI one)
and IMAP must be enabled under the user's profile.
and IMAP must be enabled under the user's profile.
what version of exchange ?
If you have Exchange 2007 or Exchange 2010 and have migrated from an earlier version, please check your inherited permissions outlined in my article:
https://www.experts-exchange.com/A_2861.html
This is the most common reason for some accounts working and others not.
https://www.experts-exchange.com/A_2861.html
This is the most common reason for some accounts working and others not.
ASKER
i am using exchange 2003 and it was migrated from 2000 a long time ago. Activesync works on a few user accounts except on one account and any newly created ones...
Can you create a test account and see if EAS works there ?
if it does
> Exmerge the users mailbox as a PST and import it back into the new account.
> create an alias for the old email address so that all mails going to that address is delivered in the new mailbox.
if it does
> Exmerge the users mailbox as a PST and import it back into the new account.
> create an alias for the old email address so that all mails going to that address is delivered in the new mailbox.
ASKER
I created a new user account, but no luck. I will create another user with domain admin rights only
ASKER
I just found out that the sync issue is happening with all new users after the exchange migration.
the user account that I am trying to sync was created after the migration as well
the user account that I am trying to sync was created after the migration as well
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Where do I check if push mail is enabled for exchange 2003 users?
Active Directory Users & Computers, Properties for the user account, Exchange Features Tab, "Outlook Mobile Access" and "User Initiated Synchronization" and "Up-To-Date Notifications" - all should be enabled.
ASKER
all those feature are enabled. Still doesn't work
Okay - please run through the last link I posted to my Exchange 2003 / Activesync article and make sure your settings are correct, run the test on the test site and report back any errors.
ASKER
As you can see below the test failed below. But how come it works for all users that were migrated from exchange 2000 to 2003? It just doesn't work for the new accounts created in 2003
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name Mail.mydomain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned:xx.xx.xx.xx
Testing TCP Port 443 on host Mail.mydomain.net to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name Mail.mydomain.nett does not match any name found on the server certificate CN=mailserver.mydomain.net
Okay - the response here says you are using the wrong FQDN for Activesync because your certificate name is different:
Host name Mail.mydomain.nett does not match any name found on the server certificate CN=mailserver.mydomain.net t, OU=xx, O=yy, L=zz, S=NY, C=US
Please use mailserver.mydomain.net instead of mail.mydomain.net for the Server Name and re-run the test.
Host name Mail.mydomain.nett does not match any name found on the server certificate CN=mailserver.mydomain.net
Please use mailserver.mydomain.net instead of mail.mydomain.net for the Server Name and re-run the test.
ASKER
I just tried with mailserver.mydomain.net and got the following result
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mailserver.mydomain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xx.xx.xx.xx (THIS IP IS DIFFERENT FROM THE ONE WHEN USING MAIL.MYDOMAIN.NET)
Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name mailserver.uswa.net does not match any name found on the server certificate CN=mail.mydomain.net, OU=Domain Control Validated, O=mail.mydomain.net
***mail.mydomain.net maps to ip xx.xx.xx.xx***mailserver.mydomain.net maps to ip zz.zz.zz.zz
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mailserver.mydomain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xx.xx.xx.xx (THIS IP IS DIFFERENT FROM THE ONE WHEN USING MAIL.MYDOMAIN.NET)
Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name mailserver.uswa.net does not match any name found on the server certificate CN=mail.mydomain.net, OU=Domain Control Validated, O=mail.mydomain.net
***mail.mydomain.net maps to ip xx.xx.xx.xx***mailserver.mydomain.net
ASKER
Please help
You either need to rename your certificate, or make mailserver.yourdomain.net point to the same IP as mail.mydomain.net.
Which one is easier for you?
Which one is easier for you?
ASKER
I already made mailserver.uswa.net point to the same ip. But is not working. I dont know if i have to wait 24 hours for this to work
It will take time for the iPad to catch up with the changes. The airtime providers over here usually take 24 hours to refresh their records.
Re-run the test using mailserver.yourdomain.net and see if the test passes. The site should use live data not cached (he says optimistically).
Re-run the test using mailserver.yourdomain.net and see if the test passes. The site should use live data not cached (he says optimistically).
ASKER
I think we made some progress here.
after changing the Mail.mydomain.net and Mailserver.mydomain.net point to the same IP the error I was getting went away.
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mailserver.mydomain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xx.xx.xx.xx (THIS IS THE CORRECT IP)
Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Successfully validated the certificate name
Additional Details
Found hostname mailserver.mydomain.net in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed.
Additional Details
The certificate chain couldn't be built. You may be missing required intermediate certificates. For more information, see Microsoft Knowledge Base article KB 927465.
after changing the Mail.mydomain.net and Mailserver.mydomain.net point to the same IP the error I was getting went away.
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mailserver.mydomain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: xx.xx.xx.xx (THIS IS THE CORRECT IP)
Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Successfully validated the certificate name
Additional Details
Found hostname mailserver.mydomain.net in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed.
Additional Details
The certificate chain couldn't be built. You may be missing required intermediate certificates. For more information, see Microsoft Knowledge Base article KB 927465.
You probably need to install the intermedite certificate form your certificate provider or refer to kb927465 for more info.
Who did you get the certificate from?
Who did you get the certificate from?
he mentioned it works for some users and i dont' really think that's a server side issue, please correct me if i am wrong
ASKER
that is correct Justinyeung, some users can still connect through ActiveSync.
all user accounts with mailboxes created under exchange 2000 still work after the Migrating to 2003. New user account created with exchange 2003 can't connect.
However, alanhardisty is right about my certificate not working 100%.
all user accounts with mailboxes created under exchange 2000 still work after the Migrating to 2003. New user account created with exchange 2003 can't connect.
However, alanhardisty is right about my certificate not working 100%.
I have seen numerous issues with Activesync that works for some users and not for others on Exchange 2003 and this is purely down to bad configuration.
I have not seen this before on Exchange 2003 - but after migrating from Exchange 2003 to Exchange 2007 / 2010, there are issues which are addressed in my article. Not sure if this is relevant, but worth a check:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
I have not seen this before on Exchange 2003 - but after migrating from Exchange 2003 to Exchange 2007 / 2010, there are issues which are addressed in my article. Not sure if this is relevant, but worth a check:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
a) Check the KB - method 2
http://support.microsoft.com/kb/927465
b) Can you segregate the devices for which EAS works and the ones for which EAS doesnt ?
WM 5/6 and above - does it work ?
New Droids does it work / fail.
Also let us know the devices for which EAS is failing.
Check alan's article first.
http://support.microsoft.com/kb/927465
b) Can you segregate the devices for which EAS works and the ones for which EAS doesnt ?
WM 5/6 and above - does it work ?
New Droids does it work / fail.
Also let us know the devices for which EAS is failing.
Check alan's article first.
ASKER
I have checked both aticles and followed all instructions, but no luck.
As I mentioned earlier.
all user accounts created on exchange 2000 and then migrated to exchange 2003 have no problems.
I have tested with droid, iPhone, and iPad (works)
new users created on the exchange 2003 do not work at all on any ActiveSync Device.
As I mentioned earlier.
all user accounts created on exchange 2000 and then migrated to exchange 2003 have no problems.
I have tested with droid, iPhone, and iPad (works)
new users created on the exchange 2003 do not work at all on any ActiveSync Device.
Can the non-working user account browse to your OMA webpage?
ie. webmail.yourdomain.com/oma
if it does able to browse to it, that will not be an exchange issue. Are those accounts are binded to a single OU?
ie. webmail.yourdomain.com/oma
if it does able to browse to it, that will not be an exchange issue. Are those accounts are binded to a single OU?
ASKER
I tested mail.mydomain.net/oma from an outside connection (PC) using both a non-working and working user account. They both worked.
the non-working account are located on different OUs.
the non-working account are located on different OUs.
ASKER
I am using a home grown cert that is located on both ISA 2006 and Exchange 2003. Do you suggest to buy a third party cert from (e.g Godaddy.com) and replace the homegrown cert on both the ISA and Exchange Servers?
I would like to thank everyone in advance for trying to help on this project.
I would like to thank everyone in advance for trying to help on this project.
ASKER
Also, I get the following error message when I use owa
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
More information
If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see "Certificate Errors" in Internet Explorer Help.
If I click "continue to this website" (not recommended)
it will still work
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
More information
If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see "Certificate Errors" in Internet Explorer Help.
If I click "continue to this website" (not recommended)
it will still work
The security certificate presented by this website was not issued by a trusted certificate
>> that's fine.
Thats the error which you will get if you use a self-signed cERT.
>> that's fine.
Thats the error which you will get if you use a self-signed cERT.
ASKER
ok.
so the problem has nothing to do with cert. I think it is some security setting or permission enabled on the mailbox of new users created on exchange 2003.
the mailboxes that were migrated from 2000 work perfectly fine
so the problem has nothing to do with cert. I think it is some security setting or permission enabled on the mailbox of new users created on exchange 2003.
the mailboxes that were migrated from 2000 work perfectly fine
ASKER
any more suggestions?
try to move one of the non-working account to a different OU or create a new test OU and see if that resolve the issue.
it doesn't seems like that is an exchange issue at all.
it doesn't seems like that is an exchange issue at all.
ASKER
I just tried ActiveSync and get the following error also:
setup could not finish
Unable to open connection to server due to security error
I get this error with both (iPad working accounts and iPad non-working account)
syncing with the Droid was possible before, but not anymore
setup could not finish
Unable to open connection to server due to security error
I get this error with both (iPad working accounts and iPad non-working account)
syncing with the Droid was possible before, but not anymore
ASKER
I already created a new OU, no luck. Now I have found some old users that were created pre-migration and they don't work either. so the assumption that all user created before the migration works is no true anymore.
ASKER
anybody can help?
do you have a front end server on exchange?
check the mobile service under exchange system manager.
see if you check unsupported device as well
i will say check all the boxes there.
see if you check unsupported device as well
i will say check all the boxes there.
ASKER
Exchange is behind an ISA2006
ASKER
all boxes under Mobile Services Properties are ticked.
i am not familiar with ISA2006, however check the log on the ISA server you will probably find something
+ I dont' that that's an exchange issue since it is working for some users.!!
+ I dont' that that's an exchange issue since it is working for some users.!!
ASKER
I don't think this is an ISA Problem. if it was then none of the account would work.
I think it has to do with exchange 2003.
as I mentioned earlier, none of the accounts created in 2003 work
I think it has to do with exchange 2003.
as I mentioned earlier, none of the accounts created in 2003 work
ASKER
IPAD issue has been resolved.
Alanhardisty, you are da man. This article: http://support.microsoft.com/default.aspx?scid=kb;en-us;937635. Has the solution to the problem.
Again, I would like to thank all of you who tried to help, but Alanhardisty deserves all the points
Alanhardisty, you are da man. This article: http://support.microsoft.com/default.aspx?scid=kb;en-us;937635. Has the solution to the problem.
Again, I would like to thank all of you who tried to help, but Alanhardisty deserves all the points