Solved

SBS 2008 / Exchange 2007 / iPhone / Active Sync Issue

Posted on 2011-03-02
27
1,523 Views
Last Modified: 2012-05-11
Hi,

Running Small Business Server 2008 SP2 with Exchange 2007 Version: 08.01.0436.000

Most of my users are using BESX and that works flawlessly but I have two users who insist on having an iPhone and I'm having issues with Active Sync.

Device 1 is an iPhone 4 and I set that up using local WiFi and the inbuilt auto discovery routine on the phone. All works until  I disable WiFi or use remote Wifi. Then I get "Cannot Get Mail The connection to the server failed"

Device 2 is an iPhone 3 and that would not connect using local WiFi. I then read various posts on the Apple forum that said to disable Wifi and attempt auto discovery over the air. That worked and I configured the phone but as soon as I enable WiFi I get "Cannot Get Mail The connection to the server failed".

In other words the two devices do the exact opposite of each other!

Running www.testexchangeconnectivity.com I get the following:

Test Details
      ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://MyDomain.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name MyDomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: **.***.104.6
      Testing TCP port 443 on host MyDomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
Exception details:
Message: The handshake failed due to an unexpected packet format.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
      Attempting to test potential Autodiscover URL https://autodiscover.MyDomain.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.MyDomain.com in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host autodiscover.MyDomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.MyDomain.com in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host autodiscover.MyDomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.MyDomain.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it

I searched on some of these erros but the threads I found came back to configuring certificates on SBS2003 and ISA server.

By the way if I run the test and choose "Manually specify server settings" all the tests are passed.

Does any one have any ides what might be causing this?

Many thanks

Brent
0
Comment
Question by:fernbreck
  • 14
  • 11
  • 2
27 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35017465
OK, first thing is to make sure your internal DNS is configured the with the same name that is used externally, see here for how: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html

Also make sure that both devices are configured in the same way, my guide here should help with that: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3211-Configure-iPhone-for-use-with-Exchange-Server.html
0
 

Author Comment

by:fernbreck
ID: 35017809
demazter many thanks for the quick reply.

The DNS was correctly configured but for good measure I deleted and re-created it. The only difference I noticed was that under SOA I had serial 4 and after re-creation I had serial 1.

My two devices were also configured as per your second link. I was using the netbios name but tried using the email address with the same results.

Anything else I can check?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35017838
So both devices are setup with the same servername but one works on wifi and one works on the 3G but not the other way around?
0
 

Author Comment

by:fernbreck
ID: 35018178
I am reading you posts immediately but before replying I'm double checking everything so as not to waste too much time when I have the attention of the top man!

You're correct of course regarding the server names! The iPhone 4 had the internal name and the iPhone 3 owa.mydomain.com. I updated the iPhone 4 and that now connects over the air and local WiFi so there is no problem with that one. Too busy reading complicated posts and not looking at the simple things. Apologies!

iPhone 3 set up as follows:

Email: default email for the user
Server: owa.mydomain.com

domain: left blank

Username: In desperation I have tried all of the following 1. email address, 2. username, 3. domain\username, 4. domain.local\username
Password: used cut and paste to ensure it was correct

Use SSL: On

The only other thing that may be worth a mention is that this phone was probably attached to the users account about a year ago and then removed via "Manage Mobile Device" in the Exchange console.

Currently as soon as I enable WiFi connection is lost so this points to your DNS advice but I have double checked again and that all seems to be set up correctly. From a PC on the local lan I can also connect to owa.mydomain.com and from memory I set up the DNS entry to allow this.
0
 

Author Comment

by:fernbreck
ID: 35018205
One other point. The user who can connect locally and remotely is an Administrator while the user who can't is not. Mentioned in case it could be a permissions issue.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018370
If you try the user that isn't working on the 3G on the iPhone 4 can they connect?
0
 

Author Comment

by:fernbreck
ID: 35018466
Unfortunately not and I've also just changed the user credentials on the iPhone 4 and that still connects as a standard user. Back to the drawing board.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018520
So, just to confirm.  The Admin user can access their email on air or on wifi on both devices?

Can you check te inherited permissions of the one that doesn't work as per Alan Hardisty's article here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
0
 

Author Comment

by:fernbreck
ID: 35018609
No it seems to be a device issue. Both the User and Administrator can access email on the iPhone 4 either over the air or WiFi.

On the iPhone 3 access is only possible over the air for either user.

I'll check your other link now though.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018629
Ahh OK.
So, delete the exchange account in the iPhone 3, cycle te power then setup the account again with EXACTLY the same settings as the iPhone 4.

If both work on te iPhone 4 sadly the link above will not be relevant
0
 

Author Comment

by:fernbreck
ID: 35018783
No joy and to make doubly sure I tried re-creating the account with the Admin user.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018795
So it's definitely a device issue then.

Try updating the iOS software? Or performing a factory restore.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35018801
What OS is installed on the iPhone 3?  Is it the latest for that version of the iPhone?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35018805
Have you restricted the type of devices that can connect to your server so that only iPhone 4's can connect?
0
 

Author Comment

by:fernbreck
ID: 35018917
@alanhardisty

Settings>>General>> About>> Version: 4.2.1 (8C148)

As far as I know I haven't restricted iPhone3's. Where would I double check this?

Seems strange that I can sync over the air though so everything points back to the DNS issue raised by demazter. I'm worried I'm missing something there.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018951
When you're connected to the wifi can you goto settings > wifi > click the arrow on your wifi name, does it have a valid IP address?

Is there anything set in proxy?
0
 

Author Comment

by:fernbreck
ID: 35019028
Yes and checking my DHCP server the iPhone is listed with that IP. Should I try and delete the lease and reconnect?

Proxy is set to auto with the url field below blank. I've just tried to set it to OFF but I still can't connect locally.
0
 

Author Comment

by:fernbreck
ID: 35019051
Coming back to my first post should I be expecting the Remote Connectivity Analyser tests to pass or are the failures the typical Microsoft errors that don't mean much.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35019082
The fact it's working on the iPhone 4 and over the air on the iPhone 3 kind of says that's nothing to worry about.

The DHCP lease shouldn't make a difference either.

In the AppStore download the activesync tester app (search for actvesync tester)

Connect to the wifi network and run the tester, does this provide any more information?
0
 

Author Comment

by:fernbreck
ID: 35019178
Leaving the domain blank to mirror my settings I got the following:

Checking connection: FAIL
Active Sync is not available (Failed to connect to the server. [Host unreachable]

If I switch off WiFi all the tests pass.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35019258
When on wifi can you browse to OWA using safari?
0
 

Author Comment

by:fernbreck
ID: 35019503
No luck with Safari.

Using ActiveSync Tester I changed owa.mydomain.com to the internal IP of the server and all test pass except for the certificate which is as expected.

I'm going to run the Tester on the iPhone 4 and report back.
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 500 total points
ID: 35019549
OK, that's interesting!
What DNS server is showing in the wifi properties?
0
 

Author Comment

by:fernbreck
ID: 35019734
Bingo :)

The DNS was the gateway address. Deleted the DHCP lease on the server. Switched WiFi off and back on and it pulled in the correct details.

The simplest things are always the hardest to find!
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35019830
Phew! I was starting to panic !

All this was fixed with the first post as well ;)
0
 

Author Comment

by:fernbreck
ID: 35019976
I'm puzzled how he grabbed the wrong details. It must have been a year or so ago when I was setting up the network.

Thanks for all your help and for sticking with me on this one. Points well deserved !!
0
 

Author Closing Comment

by:fernbreck
ID: 35020032
Can't fault the help and advice given :)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now