Solved

iPad and Exchange

Posted on 2010-09-07
46
681 Views
Last Modified: 2012-05-10
I keep getting the error message below

Cannot Get Mail

the connection to the server failed.


it happens with some user accounts only

can someone help
0
Comment
Question by:winperez
  • 25
  • 9
  • 8
  • +1
46 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33621704
did you enable OMA on the user that is not working?
0
 

Author Comment

by:winperez
ID: 33621750
OMA is enabled, still no luck
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33621948
are they using same wireless access point? (pretend your IPADs are WI-FI one)

and IMAP must be enabled under the user's profile.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33622113
what version of exchange ?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33622588
If you have Exchange 2007 or Exchange 2010 and have migrated from an earlier version, please check your inherited permissions outlined in my article:

http://www.experts-exchange.com/A_2861.html

This is the most common reason for some accounts working and others not.
0
 

Author Comment

by:winperez
ID: 33623346
i am using exchange 2003 and it was migrated from 2000 a long time ago. Activesync works on a few user accounts except on one account and any newly created ones...
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33623405
Can you create a test account and see if EAS works there ?
if it does
> Exmerge the users mailbox as a PST and import it back into the new account.
> create an alias for the old email address so that all mails going to that address is delivered in the new mailbox.
0
 

Author Comment

by:winperez
ID: 33623652
I created a new user account, but no luck. I will create another user with domain admin rights only
0
 

Author Comment

by:winperez
ID: 33623697
I just found out that the sync issue is happening with all new users after the exchange migration.

the user account that I am trying to sync was created after the migration as well
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 33624439
Have you checked the Mailbox Features of the new accounts to see if Push Mail etc is enabled?

Failing that, please run through my article on Exchange 2003 / Activesync:

http://www.experts-exchange.com/A_1798.html
0
 

Author Comment

by:winperez
ID: 33625652
Where do I check if push mail is enabled for exchange 2003 users?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33625927
Active Directory Users & Computers, Properties for the user account, Exchange Features Tab, "Outlook Mobile Access" and "User Initiated Synchronization" and "Up-To-Date Notifications" - all should be enabled.
0
 

Author Comment

by:winperez
ID: 33626316
all those feature are enabled. Still doesn't work
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33626341
Okay - please run through the last link I posted to my Exchange 2003 / Activesync article and make sure your settings are correct, run the test on the test site and report back any errors.
0
 

Author Comment

by:winperez
ID: 33626627
     
As you can see below the test failed below. But how come it works for all users that were migrated from exchange 2000 to 2003?   It just doesn't work for the new accounts created in 2003

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name Mail.mydomain.net in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned:xx.xx.xx.xx
      Testing TCP Port 443 on host  Mail.mydomain.net to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name Mail.mydomain.nett does not match any name found on the server certificate CN=mailserver.mydomain.net t, OU=xx, O=yy, L=zz, S=NY, C=US
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33626725
Okay - the response here says you are using the wrong FQDN for Activesync because your certificate name is different:
Host name Mail.mydomain.nett does not match any name found on the server certificate CN=mailserver.mydomain.net t, OU=xx, O=yy, L=zz, S=NY, C=US
Please use mailserver.mydomain.net instead of mail.mydomain.net for the Server Name and re-run the test.
0
 

Author Comment

by:winperez
ID: 33627456
I just tried with mailserver.mydomain.net and got the following result

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mailserver.mydomain.net in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: xx.xx.xx.xx  (THIS IP IS DIFFERENT FROM THE ONE WHEN USING MAIL.MYDOMAIN.NET)
 
 Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
  The port was opened successfully.
 ExRCA is testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   The certificate name is being validated.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name mailserver.uswa.net does not match any name found on the server certificate CN=mail.mydomain.net, OU=Domain Control Validated, O=mail.mydomain.net


***mail.mydomain.net   maps to ip xx.xx.xx.xx***mailserver.mydomain.net  maps to ip zz.zz.zz.zz
 
 
 
 
 

 
0
 

Author Comment

by:winperez
ID: 33628625
Please help
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33629018
You either need to rename your certificate, or make mailserver.yourdomain.net point to the same IP as mail.mydomain.net.
Which one is easier for you?
0
 

Author Comment

by:winperez
ID: 33629928
I already made mailserver.uswa.net point to the same ip. But is not working. I dont know if i have to wait 24 hours for this to work
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33630513
It will take time for the iPad to catch up with the changes.  The airtime providers over here usually take 24 hours to refresh their records.

Re-run the test using mailserver.yourdomain.net and see if the test passes.  The site should use live data not cached (he says optimistically).
0
 

Author Comment

by:winperez
ID: 33630677
I think we made some progress here.

after changing the Mail.mydomain.net  and Mailserver.mydomain.net point to the same IP the error I was getting went away.



ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mailserver.mydomain.net in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: xx.xx.xx.xx  (THIS IS THE CORRECT IP)
      Testing TCP Port 443 on host mailserver.mydomain.net to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Successfully validated the certificate name
       
      Additional Details
       Found hostname mailserver.mydomain.net in Certificate Subject Common name
      Validating certificate trust for Windows Mobile Devices
       Certificate trust validation failed.
       
      Additional Details
       The certificate chain couldn't be built. You may be missing required intermediate certificates. For more information, see Microsoft Knowledge Base article KB 927465.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33630733
You probably need to install the intermedite certificate form your certificate provider or refer to kb927465 for more info.

Who did you get the certificate from?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33630974
he mentioned it works for some users and i dont' really think that's a server side issue, please correct me if i am wrong
0
 

Author Comment

by:winperez
ID: 33631437
that is correct Justinyeung,   some users can still connect through ActiveSync.

all user accounts with mailboxes created under exchange 2000 still work after the Migrating to 2003.  New user account created with exchange 2003 can't connect.

However, alanhardisty is right about my certificate not working 100%.  
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33631465
I have seen numerous issues with Activesync that works for some users and not for others on Exchange 2003 and this is purely down to bad configuration.
I have not seen this before on Exchange 2003 - but after migrating from Exchange 2003 to Exchange 2007 / 2010, there are issues which are addressed in my article.  Not sure if this is relevant, but worth a check:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33631755
a) Check the KB - method 2
http://support.microsoft.com/kb/927465

b) Can you segregate the devices for which EAS works and the ones for which EAS doesnt ?
WM 5/6 and above - does it work ?
New Droids does it work / fail.

Also let us know the devices for which EAS is failing.

Check alan's article first.
0
 

Author Comment

by:winperez
ID: 33633037
I have checked both aticles and followed all instructions, but no luck.

As I mentioned earlier.  

all user accounts created on exchange 2000 and then migrated to exchange 2003  have no problems.
I have tested with droid, iPhone, and iPad (works)

new users created on the exchange 2003 do not work at all on any ActiveSync Device.
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33633617
Can the non-working user account browse to your OMA webpage?

ie. webmail.yourdomain.com/oma

if it does able to browse to it, that will not be an exchange issue. Are those accounts are binded to a single OU?
0
 

Author Comment

by:winperez
ID: 33636142
I tested  mail.mydomain.net/oma from an outside connection (PC) using both a non-working and working user account.  They both worked.  

the non-working account are located on different OUs.
0
 

Author Comment

by:winperez
ID: 33636324
I am using a home grown cert that is located on both ISA 2006 and Exchange 2003.  Do you suggest to buy a third party cert from (e.g Godaddy.com) and replace the homegrown cert on both the ISA and Exchange Servers?


I would like to thank everyone in advance for trying to help on this project.
0
 

Author Comment

by:winperez
ID: 33636443
Also, I get the following error message when I use owa

 There is a problem with this website's security certificate.
 
   
 The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
 


If I click "continue to this website" (not recommended)
it will still work

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33636971
The security certificate presented by this website was not issued by a trusted certificate
>> that's fine.
Thats the error which you will get if you use a self-signed cERT.
0
 

Author Comment

by:winperez
ID: 33637107
ok.

so the problem has nothing to do with cert.  I think it is some security setting or permission enabled on the mailbox of new users created on exchange 2003.

the mailboxes that were migrated from 2000 work perfectly fine
0
 

Author Comment

by:winperez
ID: 33637963
any more suggestions?
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33638363
try to move one of the non-working account to a different OU or create a new test OU and see if that resolve the issue.

it doesn't seems like that is an exchange issue at all.
0
 

Author Comment

by:winperez
ID: 33638526
I just tried ActiveSync and get the following error also:  

setup could not finish

Unable to open connection to server due to security error

I get this error with both (iPad working accounts and iPad non-working account)

syncing with the Droid was possible before, but not anymore
0
 

Author Comment

by:winperez
ID: 33638647
I already created a new OU, no luck.  Now I have found some old users that were created pre-migration and they don't work either.  so the assumption that all user created before the migration works is no true anymore.

0
 

Author Comment

by:winperez
ID: 33639013
anybody can help?
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33639394
do you have a front end server on exchange?
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33639437
check the mobile service under exchange system manager.

see if you check unsupported device as well
i will say check all the boxes there.
0
 

Author Comment

by:winperez
ID: 33639741
Exchange is behind an ISA2006
0
 

Author Comment

by:winperez
ID: 33639771
all boxes under Mobile Services Properties are ticked.  
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33639931
i am not familiar with ISA2006, however check the log on the ISA server you will probably find something

+ I dont' that that's an exchange issue since it is working for some users.!!
0
 

Author Comment

by:winperez
ID: 33646341
I don't think this is an ISA Problem. if it was then none of the account would work.
I think it has to do with exchange 2003.

as I mentioned earlier, none of the accounts created in 2003 work
0
 

Author Closing Comment

by:winperez
ID: 33653346
IPAD issue has been resolved.

Alanhardisty, you are da man. This article: http://support.microsoft.com/default.aspx?scid=kb;en-us;937635.   Has the solution to the problem.
Again, I would like to thank all of you who tried to help, but Alanhardisty deserves all the points
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now