• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1557
  • Last Modified:

SBS 2008 / Exchange 2007 / iPhone / Active Sync Issue

Hi,

Running Small Business Server 2008 SP2 with Exchange 2007 Version: 08.01.0436.000

Most of my users are using BESX and that works flawlessly but I have two users who insist on having an iPhone and I'm having issues with Active Sync.

Device 1 is an iPhone 4 and I set that up using local WiFi and the inbuilt auto discovery routine on the phone. All works until  I disable WiFi or use remote Wifi. Then I get "Cannot Get Mail The connection to the server failed"

Device 2 is an iPhone 3 and that would not connect using local WiFi. I then read various posts on the Apple forum that said to disable Wifi and attempt auto discovery over the air. That worked and I configured the phone but as soon as I enable WiFi I get "Cannot Get Mail The connection to the server failed".

In other words the two devices do the exact opposite of each other!

Running www.testexchangeconnectivity.com I get the following:

Test Details
      ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://MyDomain.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name MyDomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: **.***.104.6
      Testing TCP port 443 on host MyDomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
Exception details:
Message: The handshake failed due to an unexpected packet format.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
      Attempting to test potential Autodiscover URL https://autodiscover.MyDomain.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.MyDomain.com in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host autodiscover.MyDomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.MyDomain.com in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host autodiscover.MyDomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.MyDomain.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it

I searched on some of these erros but the threads I found came back to configuring certificates on SBS2003 and ISA server.

By the way if I run the test and choose "Manually specify server settings" all the tests are passed.

Does any one have any ides what might be causing this?

Many thanks

Brent
0
fernbreck
Asked:
fernbreck
  • 14
  • 11
  • 2
2 Solutions
 
Glen KnightCommented:
OK, first thing is to make sure your internal DNS is configured the with the same name that is used externally, see here for how: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html

Also make sure that both devices are configured in the same way, my guide here should help with that: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3211-Configure-iPhone-for-use-with-Exchange-Server.html
0
 
fernbreckAuthor Commented:
demazter many thanks for the quick reply.

The DNS was correctly configured but for good measure I deleted and re-created it. The only difference I noticed was that under SOA I had serial 4 and after re-creation I had serial 1.

My two devices were also configured as per your second link. I was using the netbios name but tried using the email address with the same results.

Anything else I can check?
0
 
Glen KnightCommented:
So both devices are setup with the same servername but one works on wifi and one works on the 3G but not the other way around?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
fernbreckAuthor Commented:
I am reading you posts immediately but before replying I'm double checking everything so as not to waste too much time when I have the attention of the top man!

You're correct of course regarding the server names! The iPhone 4 had the internal name and the iPhone 3 owa.mydomain.com. I updated the iPhone 4 and that now connects over the air and local WiFi so there is no problem with that one. Too busy reading complicated posts and not looking at the simple things. Apologies!

iPhone 3 set up as follows:

Email: default email for the user
Server: owa.mydomain.com

domain: left blank

Username: In desperation I have tried all of the following 1. email address, 2. username, 3. domain\username, 4. domain.local\username
Password: used cut and paste to ensure it was correct

Use SSL: On

The only other thing that may be worth a mention is that this phone was probably attached to the users account about a year ago and then removed via "Manage Mobile Device" in the Exchange console.

Currently as soon as I enable WiFi connection is lost so this points to your DNS advice but I have double checked again and that all seems to be set up correctly. From a PC on the local lan I can also connect to owa.mydomain.com and from memory I set up the DNS entry to allow this.
0
 
fernbreckAuthor Commented:
One other point. The user who can connect locally and remotely is an Administrator while the user who can't is not. Mentioned in case it could be a permissions issue.
0
 
Glen KnightCommented:
If you try the user that isn't working on the 3G on the iPhone 4 can they connect?
0
 
fernbreckAuthor Commented:
Unfortunately not and I've also just changed the user credentials on the iPhone 4 and that still connects as a standard user. Back to the drawing board.
0
 
Glen KnightCommented:
So, just to confirm.  The Admin user can access their email on air or on wifi on both devices?

Can you check te inherited permissions of the one that doesn't work as per Alan Hardisty's article here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
0
 
fernbreckAuthor Commented:
No it seems to be a device issue. Both the User and Administrator can access email on the iPhone 4 either over the air or WiFi.

On the iPhone 3 access is only possible over the air for either user.

I'll check your other link now though.
0
 
Glen KnightCommented:
Ahh OK.
So, delete the exchange account in the iPhone 3, cycle te power then setup the account again with EXACTLY the same settings as the iPhone 4.

If both work on te iPhone 4 sadly the link above will not be relevant
0
 
fernbreckAuthor Commented:
No joy and to make doubly sure I tried re-creating the account with the Admin user.
0
 
Glen KnightCommented:
So it's definitely a device issue then.

Try updating the iOS software? Or performing a factory restore.
0
 
Alan HardistyCo-OwnerCommented:
What OS is installed on the iPhone 3?  Is it the latest for that version of the iPhone?
0
 
Alan HardistyCo-OwnerCommented:
Have you restricted the type of devices that can connect to your server so that only iPhone 4's can connect?
0
 
fernbreckAuthor Commented:
@alanhardisty

Settings>>General>> About>> Version: 4.2.1 (8C148)

As far as I know I haven't restricted iPhone3's. Where would I double check this?

Seems strange that I can sync over the air though so everything points back to the DNS issue raised by demazter. I'm worried I'm missing something there.
0
 
Glen KnightCommented:
When you're connected to the wifi can you goto settings > wifi > click the arrow on your wifi name, does it have a valid IP address?

Is there anything set in proxy?
0
 
fernbreckAuthor Commented:
Yes and checking my DHCP server the iPhone is listed with that IP. Should I try and delete the lease and reconnect?

Proxy is set to auto with the url field below blank. I've just tried to set it to OFF but I still can't connect locally.
0
 
fernbreckAuthor Commented:
Coming back to my first post should I be expecting the Remote Connectivity Analyser tests to pass or are the failures the typical Microsoft errors that don't mean much.
0
 
Glen KnightCommented:
The fact it's working on the iPhone 4 and over the air on the iPhone 3 kind of says that's nothing to worry about.

The DHCP lease shouldn't make a difference either.

In the AppStore download the activesync tester app (search for actvesync tester)

Connect to the wifi network and run the tester, does this provide any more information?
0
 
fernbreckAuthor Commented:
Leaving the domain blank to mirror my settings I got the following:

Checking connection: FAIL
Active Sync is not available (Failed to connect to the server. [Host unreachable]

If I switch off WiFi all the tests pass.
0
 
Glen KnightCommented:
When on wifi can you browse to OWA using safari?
0
 
fernbreckAuthor Commented:
No luck with Safari.

Using ActiveSync Tester I changed owa.mydomain.com to the internal IP of the server and all test pass except for the certificate which is as expected.

I'm going to run the Tester on the iPhone 4 and report back.
0
 
Glen KnightCommented:
OK, that's interesting!
What DNS server is showing in the wifi properties?
0
 
fernbreckAuthor Commented:
Bingo :)

The DNS was the gateway address. Deleted the DHCP lease on the server. Switched WiFi off and back on and it pulled in the correct details.

The simplest things are always the hardest to find!
0
 
Glen KnightCommented:
Phew! I was starting to panic !

All this was fixed with the first post as well ;)
0
 
fernbreckAuthor Commented:
I'm puzzled how he grabbed the wrong details. It must have been a year or so ago when I was setting up the network.

Thanks for all your help and for sticking with me on this one. Points well deserved !!
0
 
fernbreckAuthor Commented:
Can't fault the help and advice given :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 14
  • 11
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now