Solved

SBS + iPhone

Posted on 2010-09-14
36
766 Views
Last Modified: 2013-11-05
Hi Guys,

I have an sbs box that if i setup the iphone to recivie on an administrator account via imap or the exchange option it works. However if i set it up with a normal user i get a username or password error on the iphone.

Now i know the username and password works as webmail logs in and i have copyied the domain permissions and groups as a test from the admin users to normal users and i still get the same error.

Anyone have any ideas?

Rich
0
Comment
Question by:TangibleIT
  • 17
  • 11
  • 2
  • +2
36 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670052
Is this SBS 2003 or 2008?
0
 

Author Comment

by:TangibleIT
ID: 33670061
Sorry SBS 2003
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670081
Please have a read through my Exchange 2003 / Activesync article and check your settings for IIS, run the test on the test site and shout if you get stuck.

Sounds very much like a configuration issue.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33670101
Please have a read of [reference to my removed] Alan Hardisty's Exchange 2003 / Activesync article which is pretty comprehensive and should have you up and running in no time:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Exchange ActiveSync test will be helpful
www.testexchangeconnectivity.com/

Please try this and follow the article, and if still you face the issue, revert back

Thanks
Mohammed

0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33670109
Sorry Alan, you are bit faster then me, posted the same thread which you posted earlier.


0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670254
I don't mind you posting links to my article, but please don't copy / paste the comments I make, especially the ones about whose article it is.  That is a little bit naughty : )
0
 

Author Comment

by:TangibleIT
ID: 33670443
Ive followed the Article Which was very helpful. However now when i run the ExRCA Im getting the following error

Validating certificate trust for Windows Mobile Devices
       Certificate trust validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain did not end in a trusted root. Root = CN=subdomain.domain.com, CN=companyweb, CN=servername01, CN=localhost, CN=servername01.domainname.local

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670468
As you have SBS and you are using the Self-Signed certificate, you need to tick the "Ignore Trust for SSL" check box.
If you buy a 3rd party SSL certificate, you can test without the "Ignore Trust for SSL" check box.
0
 
LVL 3

Expert Comment

by:woodmouse
ID: 33670615
I would truly recommend to buy a certificate.
They aren't that expensive if you search a bit (I had mine for less that $90 for two years).

ps. rapidSSL offers you a 30-day grace period... without having to pay anything !

It sure made my life very easy to implement both Nokia & iPhones to my Exchange server !

Greetz, Michel.
0
 

Author Comment

by:TangibleIT
ID: 33670645
I would buy a certificate, however in the next few months we are changing the email. We are not sure to what yet, it could be hosted exchange or it could be Google mail Premier. So I'm conscious of not spending any more then necessary.
0
 
LVL 3

Expert Comment

by:woodmouse
ID: 33670671
Wouldn't it then be better to wait all together, until you move to one of the two platforms.
What you could do, is try out a certificate for free for 30 days.

If that works out okay, you can still go for a one year cert, which is maybe about $50... (I even think it might be less, because you are upgrading your freeSSL - you can check for a discount).

If $50 is too much, then I would wait until you move to a new platform... or go for the 30-day trial - then you can see how simple life can be (for 30 days - lol)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670684
With SBS - the iPhone does not care too much about the SSL certificate or who provided it, as long as the name on the certificate matches the FQDN you specify when configuring the iPhone, it will be happy.
Windows Mobile Phones need the certificate installed on the device otherwise they won't work. Droids are like the iPhone - they are not too fussy.
A 3rd party SSL certificate is useful, especially if you plan on or are using RPC over HTTPS, but it is not essential.
Having said that, GoDaddy offer a $30 1 year single name certificates (about the cheapest around) and they can save you time / money in the long run, but for the short time you would use it, I would not bother - just use the SBS certificate.
0
 

Author Comment

by:TangibleIT
ID: 33670717
Unfortunetly due to a new MD in place that is insisiting on using his iPhone, doing nothing until the change is not an option. I will look into a 30 day certificate to buy some time untill the desicions have been made.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670738
You don't need to buy one.  Please read my last comment.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670743
If you want some specific advice, please post your domain name which I will obscure and can advise if your certificate name is configured correctly, then advise how to change it if it is not named properly.
Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670808
What is the initial part of the Fully Qualified Domain Name you are using to access Activesync with?
e.g., mail.    yourdomain.co.uk
0
 

Author Comment

by:TangibleIT
ID: 33670819
Its mailgate.

Rich
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33670851
That fails miserably when trying https://mailgate.yourdomain.co.uk in IE.
The name resolves in DNS to IP 87.xxx.xxx.219 - is that correct?  Is that the IP Address of your SBS server?
Do you have HTTPS open and forwarded on your router?
0
 

Author Comment

by:TangibleIT
ID: 33670945
Looks like the permissions on the IIS directories have all gone Tits up. Will follow the posted Guide again. I think its something to do with the whole IP Deny on some of the virtual directories.
.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33671031
If it was denying IP's I would expect a different error : )
Will wait to hear how you get on with IIS.
Alan
0
 

Author Comment

by:TangibleIT
ID: 33671056
One question: on the guide it says REALM: Yourcompany.com

Would this be the mailgate address or the root domain? or the actual company.local domain ?

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33671113
It is your internal domain e.g., yourinternaldomain.local
That part is not essential - but I have seen instances where simply adding it fixes Activesync !!!!
0
 

Author Comment

by:TangibleIT
ID: 33671277
https should now work i belive.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33671318
Looking good and the name is correct.
Please re-run the test on the test site and tick the "Ignore Trust for SSL" then complete the test.
Fingers crossed for all green lights.
0
 

Author Comment

by:TangibleIT
ID: 33671337
Getting further but not quite there!

      An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the ActiveSync session
       
      Test Steps
       
      ExRCA is attempting to send the OPTIONS command to the server.
       Testing of the OPTIONS command failed. For more information, see Additional Details.
       
      Additional Details
       A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 33671350
Aha - 401 is either a bad username / password combination (which I doubt), or an IP restriction somewhere that shouldn't be.
Please re-check my article and check your IIS settings.
0
 

Author Comment

by:TangibleIT
ID: 33671379
The test passes when i use an administrator account, but fails with a normal user. Which is eaxactly the problem I had before. But I no the password is spot on correct and the username is also too!

Have checked the IP Permissions as well and these are all the same as the permissions in the article.

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33671402
Are all the Push Mail features enabled on the Exchange Features tab of the user account in Active Directory Users & Computers?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33671422
Stupid question!  Are you filling in the fields on the test site correctly?
Sorry to ask!
0
 

Author Closing Comment

by:TangibleIT
ID: 33671522
Thanks For your help!

The numpty, sorry user supplied me with the wrong password!

Brilliant stuff!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33671566
LOL - PEBCAK:
Problem
Exists
Between
Chair
And
Keyboard
Gotta love them users!!
Glad you are sorted and thanks for the points.  Happy Push Mailing : )
0
 

Expert Comment

by:dlogan83
ID: 35242563
Hi Guys, This post is fantastic. Im almost there!!.

Howere there are a couple of this i am not sure about. Our srever name is different from our "web Domain" the we domain is hosted by BT, do i need to create a domain to have the records point to the server's IP?.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35242584
@dlogan83 - Posting in a closed question is not likely to get you much assistance.  If you post your own question, then I can assist you (as can other Experts).  At the moment - you only have the attention of 3 Experts.

Please post a link here or drop me an email using the address in my profile with the link to your own question.

Thanks

Alan
0
 

Expert Comment

by:dlogan83
ID: 35253642
cheers alan, I will post as new.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now