Solved

Setting up OWA on an iphoneiphone 4

Posted on 2011-03-07
26
887 Views
Last Modified: 2012-05-11
Hello EE. I am having a hell of a time trying to get one iphone4 user to to access OWA on Exchange 2010. I was able to successfyully set up 3 others with no problem. It keeps giving me "Exchange Account Unable to verify account information."
The only difference between her phone and the others is the OS is running 4.2.1 and the others are running 4.1. Inheritable permissions is checked on her AD profile. I was getting event id 1503:

 Exchange ActiveSync doesn't have sufficient permissions to create the "CN=User,OU=XXXXX_XXXXX Administrators,DC=MHACS,DC=local" container under Active Directory user "Active Directory operation failed on MHAS.MHACS.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

Details:%3

After checking allow inheritable rights in security tab I stopped getting that error but I still can not sync the phone. I tried with and without SSL. I do have a valid SSL ceert from GoDaddy. The other 3 phones gave no problems.. I have Exchange 2010 running on Windows 2008 R2 standard with a DC running Win 2008 R2 Enterprise. My luck she happens to be an Executive Administrator and is a domain admin as well. Any help would be appreciated.
0
Comment
Question by:InSearchOf
  • 13
  • 12
26 Comments
 
LVL 6

Expert Comment

by:expert02232010
ID: 35059809
You have verified that ActiveSync is enabled for the mailbox in exchange?

Can the user use the web browser to access OWA through the phone?
0
 

Author Comment

by:InSearchOf
ID: 35060403
Yes on both counts.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35060920
Are you adding /owa to the end of the Fully Qualified Domain Name that you are configuring your iPhone with?  If you are - you should not be - you only should be entering something like mail.domain.com and not mail.domain.com/owa

FYI - OWA is Outlook Web Access and has nothing to do with getting mail to an iPhone.  What you are referring to is Activesync.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:InSearchOf
ID: 35061106
Well I am trying to configure the iPhone to get email. Where it asks for the server i put the OWA link with the /owa. I will try it without it
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35061148
With Activesync - you Never add anything after .com and if anyone tells you otherwise, they are wrong!
0
 

Author Comment

by:InSearchOf
ID: 35061210
So what should I be adding when trying to configure email on the iPhone?
0
 

Author Comment

by:InSearchOf
ID: 35061254
I tried it without anything after .com but no change
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35061310
Email Address: users email address e.g. user@domain.com
Server: Whatever the certificate name includes e.g. mail.domain.com or www.domain.com or whatever you have configured
Domain: Internal Domain Name e.g., internaldomain (not internaldomain.local
Username: Users username e.g., user
Password: Users network password
Description: Whatever takes your fancy to describe the account on the phone.
0
 

Author Comment

by:InSearchOf
ID: 35061373
thats way i tried it and no go
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35061518
Okay - can you please run the Exchange Activesync Test (Not Exchange Activesync Autodiscover Test) on https://testexchangeconnectivity.com and port the results (hiding your domain name / IP Address).

Please run one for the working user and one for the non-working user and post both results.

Thanks

Alan
0
 

Author Comment

by:InSearchOf
ID: 35061766
I do not have access to the wtestorking one but this is what I got from the non working one

 
Microsoft-Exchange-Server-Remote.htm
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35061820
Sorry - that doesn't work - you can copy / paste the results but the .htm page doesn't show anything other than the Initial site page.

Alan
0
 

Author Comment

by:InSearchOf
ID: 35061860
Bummer. It would not let me copy and paste. It complained about browser sttings
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35061998
Can't you click on Copy on the results page and then paste them to EE?
0
 

Author Comment

by:InSearchOf
ID: 35062089
It won't let me copy. It complains about the security settings in my browse. Let me try something different.
0
 

Author Comment

by:InSearchOf
ID: 35062099
The last part of the test failed. this is what it said.

An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  The OPTIONS response was successfully received and is valid.
   Additional Details
  Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.1
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Mon, 07 Mar 2011 21:37:22 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

 
 
 Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Exchange ActiveSync returned an HTTP 500 response.
 
 
 
 
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35062104
What browser are you using?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35062125
Okay - you say you have checked the Inherited permissions - please uncheck - apply - then re-check and apply - then test again.
0
 

Author Comment

by:InSearchOf
ID: 35062199
I checked it earlier but when I went back and checked it, it unchecked again.
0
 

Author Comment

by:InSearchOf
ID: 35062246
I checked and it runs. How can I keep this from happening?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 35062273
0
 

Author Comment

by:InSearchOf
ID: 35065920
Yes, the user is an admin
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35066953
In that case, please read the links I have provided in my last comment.
0
 

Author Comment

by:InSearchOf
ID: 35109530
Thanks for the help. My problem has been resolved thanks to your useful posts.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35109541
Great news.  Was it the inherited permissions?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35109650
Please don't forget to close down the question if you have finished and the problem is solved, which you have said it is.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now