Link to home
Start Free TrialLog in
Avatar of winperez
winperezFlag for United States of America

asked on

iPad and Exchange

I keep getting the error message below

Cannot Get Mail

the connection to the server failed.


it happens with some user accounts only

can someone help
Avatar of Justin Yeung
Justin Yeung
Flag of United States of America image

did you enable OMA on the user that is not working?
Avatar of winperez

ASKER

OMA is enabled, still no luck
are they using same wireless access point? (pretend your IPADs are WI-FI one)

and IMAP must be enabled under the user's profile.
what version of exchange ?
If you have Exchange 2007 or Exchange 2010 and have migrated from an earlier version, please check your inherited permissions outlined in my article:

https://www.experts-exchange.com/A_2861.html

This is the most common reason for some accounts working and others not.
i am using exchange 2003 and it was migrated from 2000 a long time ago. Activesync works on a few user accounts except on one account and any newly created ones...
Can you create a test account and see if EAS works there ?
if it does
> Exmerge the users mailbox as a PST and import it back into the new account.
> create an alias for the old email address so that all mails going to that address is delivered in the new mailbox.
I created a new user account, but no luck. I will create another user with domain admin rights only
I just found out that the sync issue is happening with all new users after the exchange migration.

the user account that I am trying to sync was created after the migration as well
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Where do I check if push mail is enabled for exchange 2003 users?
Active Directory Users & Computers, Properties for the user account, Exchange Features Tab, "Outlook Mobile Access" and "User Initiated Synchronization" and "Up-To-Date Notifications" - all should be enabled.
all those feature are enabled. Still doesn't work
Okay - please run through the last link I posted to my Exchange 2003 / Activesync article and make sure your settings are correct, run the test on the test site and report back any errors.
     
As you can see below the test failed below. But how come it works for all users that were migrated from exchange 2000 to 2003?   It just doesn't work for the new accounts created in 2003

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name Mail.mydomain.net in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned:xx.xx.xx.xx
      Testing TCP Port 443 on host  Mail.mydomain.net to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name Mail.mydomain.nett does not match any name found on the server certificate CN=mailserver.mydomain.net t, OU=xx, O=yy, L=zz, S=NY, C=US
Okay - the response here says you are using the wrong FQDN for Activesync because your certificate name is different:
Host name Mail.mydomain.nett does not match any name found on the server certificate CN=mailserver.mydomain.net t, OU=xx, O=yy, L=zz, S=NY, C=US
Please use mailserver.mydomain.net instead of mail.mydomain.net for the Server Name and re-run the test.
I just tried with mailserver.mydomain.net and got the following result

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mailserver.mydomain.net in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: xx.xx.xx.xx  (THIS IP IS DIFFERENT FROM THE ONE WHEN USING MAIL.MYDOMAIN.NET)
 
 Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
  The port was opened successfully.
 ExRCA is testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   The certificate name is being validated.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name mailserver.uswa.net does not match any name found on the server certificate CN=mail.mydomain.net, OU=Domain Control Validated, O=mail.mydomain.net


***mail.mydomain.net   maps to ip xx.xx.xx.xx***mailserver.mydomain.net  maps to ip zz.zz.zz.zz
 
 
 
 
 

 
Please help
You either need to rename your certificate, or make mailserver.yourdomain.net point to the same IP as mail.mydomain.net.
Which one is easier for you?
I already made mailserver.uswa.net point to the same ip. But is not working. I dont know if i have to wait 24 hours for this to work
It will take time for the iPad to catch up with the changes.  The airtime providers over here usually take 24 hours to refresh their records.

Re-run the test using mailserver.yourdomain.net and see if the test passes.  The site should use live data not cached (he says optimistically).
I think we made some progress here.

after changing the Mail.mydomain.net  and Mailserver.mydomain.net point to the same IP the error I was getting went away.



ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mailserver.mydomain.net in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: xx.xx.xx.xx  (THIS IS THE CORRECT IP)
      Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Successfully validated the certificate name
       
      Additional Details
       Found hostname mailserver.mydomain.net in Certificate Subject Common name
      Validating certificate trust for Windows Mobile Devices
       Certificate trust validation failed.
       
      Additional Details
       The certificate chain couldn't be built. You may be missing required intermediate certificates. For more information, see Microsoft Knowledge Base article KB 927465.
You probably need to install the intermedite certificate form your certificate provider or refer to kb927465 for more info.

Who did you get the certificate from?
he mentioned it works for some users and i dont' really think that's a server side issue, please correct me if i am wrong
that is correct Justinyeung,   some users can still connect through ActiveSync.

all user accounts with mailboxes created under exchange 2000 still work after the Migrating to 2003.  New user account created with exchange 2003 can't connect.

However, alanhardisty is right about my certificate not working 100%.  
I have seen numerous issues with Activesync that works for some users and not for others on Exchange 2003 and this is purely down to bad configuration.
I have not seen this before on Exchange 2003 - but after migrating from Exchange 2003 to Exchange 2007 / 2010, there are issues which are addressed in my article.  Not sure if this is relevant, but worth a check:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html 
a) Check the KB - method 2
http://support.microsoft.com/kb/927465

b) Can you segregate the devices for which EAS works and the ones for which EAS doesnt ?
WM 5/6 and above - does it work ?
New Droids does it work / fail.

Also let us know the devices for which EAS is failing.

Check alan's article first.
I have checked both aticles and followed all instructions, but no luck.

As I mentioned earlier.  

all user accounts created on exchange 2000 and then migrated to exchange 2003  have no problems.
I have tested with droid, iPhone, and iPad (works)

new users created on the exchange 2003 do not work at all on any ActiveSync Device.
Can the non-working user account browse to your OMA webpage?

ie. webmail.yourdomain.com/oma

if it does able to browse to it, that will not be an exchange issue. Are those accounts are binded to a single OU?
I tested  mail.mydomain.net/oma from an outside connection (PC) using both a non-working and working user account.  They both worked.  

the non-working account are located on different OUs.
I am using a home grown cert that is located on both ISA 2006 and Exchange 2003.  Do you suggest to buy a third party cert from (e.g Godaddy.com) and replace the homegrown cert on both the ISA and Exchange Servers?


I would like to thank everyone in advance for trying to help on this project.
Also, I get the following error message when I use owa

 There is a problem with this website's security certificate.
 
   
 The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
 


If I click "continue to this website" (not recommended)
it will still work

The security certificate presented by this website was not issued by a trusted certificate
>> that's fine.
Thats the error which you will get if you use a self-signed cERT.
ok.

so the problem has nothing to do with cert.  I think it is some security setting or permission enabled on the mailbox of new users created on exchange 2003.

the mailboxes that were migrated from 2000 work perfectly fine
any more suggestions?
try to move one of the non-working account to a different OU or create a new test OU and see if that resolve the issue.

it doesn't seems like that is an exchange issue at all.
I just tried ActiveSync and get the following error also:  

setup could not finish

Unable to open connection to server due to security error

I get this error with both (iPad working accounts and iPad non-working account)

syncing with the Droid was possible before, but not anymore
I already created a new OU, no luck.  Now I have found some old users that were created pre-migration and they don't work either.  so the assumption that all user created before the migration works is no true anymore.

anybody can help?
do you have a front end server on exchange?
check the mobile service under exchange system manager.

see if you check unsupported device as well
i will say check all the boxes there.
Exchange is behind an ISA2006
all boxes under Mobile Services Properties are ticked.  
i am not familiar with ISA2006, however check the log on the ISA server you will probably find something

+ I dont' that that's an exchange issue since it is working for some users.!!
I don't think this is an ISA Problem. if it was then none of the account would work.
I think it has to do with exchange 2003.

as I mentioned earlier, none of the accounts created in 2003 work
IPAD issue has been resolved.

Alanhardisty, you are da man. This article: http://support.microsoft.com/default.aspx?scid=kb;en-us;937635.   Has the solution to the problem.
Again, I would like to thank all of you who tried to help, but Alanhardisty deserves all the points