Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 775
  • Last Modified:

SBS + iPhone

Hi Guys,

I have an sbs box that if i setup the iphone to recivie on an administrator account via imap or the exchange option it works. However if i set it up with a normal user i get a username or password error on the iphone.

Now i know the username and password works as webmail logs in and i have copyied the domain permissions and groups as a test from the admin users to normal users and i still get the same error.

Anyone have any ideas?

Rich
0
TangibleIT
Asked:
TangibleIT
  • 17
  • 11
  • 2
  • +2
1 Solution
 
Alan HardistyCommented:
Is this SBS 2003 or 2008?
0
 
TangibleITAuthor Commented:
Sorry SBS 2003
0
 
Alan HardistyCommented:
Please have a read through my Exchange 2003 / Activesync article and check your settings for IIS, run the test on the test site and shout if you get stuck.

Sounds very much like a configuration issue.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
v_9mhdrfCommented:
Please have a read of [reference to my removed] Alan Hardisty's Exchange 2003 / Activesync article which is pretty comprehensive and should have you up and running in no time:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Exchange ActiveSync test will be helpful
www.testexchangeconnectivity.com/

Please try this and follow the article, and if still you face the issue, revert back

Thanks
Mohammed

0
 
v_9mhdrfCommented:
Sorry Alan, you are bit faster then me, posted the same thread which you posted earlier.


0
 
Alan HardistyCommented:
I don't mind you posting links to my article, but please don't copy / paste the comments I make, especially the ones about whose article it is.  That is a little bit naughty : )
0
 
TangibleITAuthor Commented:
Ive followed the Article Which was very helpful. However now when i run the ExRCA Im getting the following error

Validating certificate trust for Windows Mobile Devices
       Certificate trust validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain did not end in a trusted root. Root = CN=subdomain.domain.com, CN=companyweb, CN=servername01, CN=localhost, CN=servername01.domainname.local

Thanks
0
 
Alan HardistyCommented:
As you have SBS and you are using the Self-Signed certificate, you need to tick the "Ignore Trust for SSL" check box.
If you buy a 3rd party SSL certificate, you can test without the "Ignore Trust for SSL" check box.
0
 
woodmouseCommented:
I would truly recommend to buy a certificate.
They aren't that expensive if you search a bit (I had mine for less that $90 for two years).

ps. rapidSSL offers you a 30-day grace period... without having to pay anything !

It sure made my life very easy to implement both Nokia & iPhones to my Exchange server !

Greetz, Michel.
0
 
TangibleITAuthor Commented:
I would buy a certificate, however in the next few months we are changing the email. We are not sure to what yet, it could be hosted exchange or it could be Google mail Premier. So I'm conscious of not spending any more then necessary.
0
 
woodmouseCommented:
Wouldn't it then be better to wait all together, until you move to one of the two platforms.
What you could do, is try out a certificate for free for 30 days.

If that works out okay, you can still go for a one year cert, which is maybe about $50... (I even think it might be less, because you are upgrading your freeSSL - you can check for a discount).

If $50 is too much, then I would wait until you move to a new platform... or go for the 30-day trial - then you can see how simple life can be (for 30 days - lol)
0
 
Alan HardistyCommented:
With SBS - the iPhone does not care too much about the SSL certificate or who provided it, as long as the name on the certificate matches the FQDN you specify when configuring the iPhone, it will be happy.
Windows Mobile Phones need the certificate installed on the device otherwise they won't work. Droids are like the iPhone - they are not too fussy.
A 3rd party SSL certificate is useful, especially if you plan on or are using RPC over HTTPS, but it is not essential.
Having said that, GoDaddy offer a $30 1 year single name certificates (about the cheapest around) and they can save you time / money in the long run, but for the short time you would use it, I would not bother - just use the SBS certificate.
0
 
TangibleITAuthor Commented:
Unfortunetly due to a new MD in place that is insisiting on using his iPhone, doing nothing until the change is not an option. I will look into a 30 day certificate to buy some time untill the desicions have been made.
0
 
Alan HardistyCommented:
You don't need to buy one.  Please read my last comment.
0
 
Alan HardistyCommented:
If you want some specific advice, please post your domain name which I will obscure and can advise if your certificate name is configured correctly, then advise how to change it if it is not named properly.
Alan
0
 
Alan HardistyCommented:
What is the initial part of the Fully Qualified Domain Name you are using to access Activesync with?
e.g., mail.    yourdomain.co.uk
0
 
TangibleITAuthor Commented:
Its mailgate.

Rich
0
 
Alan HardistyCommented:
That fails miserably when trying https://mailgate.yourdomain.co.uk in IE.
The name resolves in DNS to IP 87.xxx.xxx.219 - is that correct?  Is that the IP Address of your SBS server?
Do you have HTTPS open and forwarded on your router?
0
 
TangibleITAuthor Commented:
Looks like the permissions on the IIS directories have all gone Tits up. Will follow the posted Guide again. I think its something to do with the whole IP Deny on some of the virtual directories.
.
0
 
Alan HardistyCommented:
If it was denying IP's I would expect a different error : )
Will wait to hear how you get on with IIS.
Alan
0
 
TangibleITAuthor Commented:
One question: on the guide it says REALM: Yourcompany.com

Would this be the mailgate address or the root domain? or the actual company.local domain ?

Thanks
0
 
Alan HardistyCommented:
It is your internal domain e.g., yourinternaldomain.local
That part is not essential - but I have seen instances where simply adding it fixes Activesync !!!!
0
 
TangibleITAuthor Commented:
https should now work i belive.
0
 
Alan HardistyCommented:
Looking good and the name is correct.
Please re-run the test on the test site and tick the "Ignore Trust for SSL" then complete the test.
Fingers crossed for all green lights.
0
 
TangibleITAuthor Commented:
Getting further but not quite there!

      An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the ActiveSync session
       
      Test Steps
       
      ExRCA is attempting to send the OPTIONS command to the server.
       Testing of the OPTIONS command failed. For more information, see Additional Details.
       
      Additional Details
       A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown
0
 
Alan HardistyCommented:
Aha - 401 is either a bad username / password combination (which I doubt), or an IP restriction somewhere that shouldn't be.
Please re-check my article and check your IIS settings.
0
 
TangibleITAuthor Commented:
The test passes when i use an administrator account, but fails with a normal user. Which is eaxactly the problem I had before. But I no the password is spot on correct and the username is also too!

Have checked the IP Permissions as well and these are all the same as the permissions in the article.

Thanks
0
 
Alan HardistyCommented:
Are all the Push Mail features enabled on the Exchange Features tab of the user account in Active Directory Users & Computers?
0
 
Alan HardistyCommented:
Stupid question!  Are you filling in the fields on the test site correctly?
Sorry to ask!
0
 
TangibleITAuthor Commented:
Thanks For your help!

The numpty, sorry user supplied me with the wrong password!

Brilliant stuff!
0
 
Alan HardistyCommented:
LOL - PEBCAK:
Problem
Exists
Between
Chair
And
Keyboard
Gotta love them users!!
Glad you are sorted and thanks for the points.  Happy Push Mailing : )
0
 
dlogan83Commented:
Hi Guys, This post is fantastic. Im almost there!!.

Howere there are a couple of this i am not sure about. Our srever name is different from our "web Domain" the we domain is hosted by BT, do i need to create a domain to have the records point to the server's IP?.
0
 
Alan HardistyCommented:
@dlogan83 - Posting in a closed question is not likely to get you much assistance.  If you post your own question, then I can assist you (as can other Experts).  At the moment - you only have the attention of 3 Experts.

Please post a link here or drop me an email using the address in my profile with the link to your own question.

Thanks

Alan
0
 
dlogan83Commented:
cheers alan, I will post as new.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 17
  • 11
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now