Solved

DNS Server Change Now iPhones not Receiving Emails

Posted on 2011-03-08
10
873 Views
Last Modified: 2012-05-11
Hello Everyone,

We have a primary and secondary DNS server on our network (both are Windows 2000 Adv - the remaining servers on the network are all Windows 2003). As of yesterday, we brought the Secondary one down and all seems to be working fine EXCEPT that the iPhone/Droid users who connect to the Exchange server are not able to send or receive emails. However, users on the BES work fine. Not sure what it could be and am hoping someone could assist in trying to figure it out.

Much appreciated.

Thanks,
D
0
Comment
Question by:davidelee
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 8

Expert Comment

by:Acosta Technology Services
Comment Utility
Run the active sync tests from here:

https://www.testexchangeconnectivity.com/

Let us know the results.
0
 

Author Comment

by:davidelee
Comment Utility
Thanks. The results are below:

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Test Steps
   Attempting to test potential Autodiscover URL https://churchillmanagement.com/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name churchillmanagement.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 64.209.128.53
 
 Testing TCP port 443 on host churchillmanagement.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.churchillmanagement.com/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.churchillmanagement.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.churchillmanagement.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Test Steps
   Attempting to resolve the host name autodiscover.churchillmanagement.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.churchillmanagement.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.churchillmanagement.com in DNS.
  The Autodiscover SRV record wasn't found in DNS.
   Tell me more about this issue and how to resolve it
 
 
 
 
 
 
 
 
0
 
LVL 8

Expert Comment

by:Acosta Technology Services
Comment Utility
Can you bring back up the old DNS serve to make sure the zones were all transferred correctly to the 2nd DNS server?  It looks like you might be missing autodiscover records.  
0
 

Author Comment

by:davidelee
Comment Utility
Sadly, I'm not sure if that's an option anymore. The old DNS server was demoted.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Can you please run the Exchange Activesync Test - not the Exchange Activesync Autodiscover test (I think you have run that by the look of the results).

Specify manual server settings and if you have a self-issued SSL certificate, tick the "Ignore Trust for SSL" check box.

Then post the results again please.
0
 

Author Comment

by:davidelee
Comment Utility
TEST RESULTS:

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.churchillmanagement.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: xx.xx.xx.xx
 
 Testing TCP port 443 on host cmgmail.churchillmanagement.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name cmgmail.churchillmanagement.com was found in the Certificate Subject Common name.
 
 Validating certificate trust for Windows Mobile devices.
  The test passed with some warnings encountered. Please expand the additional details.
   Additional Details
  The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 8/27/2010 12:00:00 AM, NotAfter = 8/26/2012 11:59:59 PM
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://mail.churchillmanagement.com/Microsoft-Server-Activesync/.
  The HTTP authentication test failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
 
 
 
0
 

Author Comment

by:davidelee
Comment Utility
Performed multiple DNS tools to fix certain issues with the unsuccessful demotion of the Secondary DC(used ADSI, transferred FSMO, seized roles, etc.)

Apparently certain IIS>Exchange settings had changed. Not sure if it was coincidental or how it was changed but we did the following: IIS>Exchange>Right-click, select Properties, Directory Security. Under Authentication and Access Control, click Edit.. be sure there's a check mark where it says Intergrated Windows authentication. Once that setting was back in place all communication with the Smartphones were successful.

Hope this helps others.

Thanks alan and oper for your help in trying to get this fixed.

D
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
Your IIS permissions on the microsoft-server-activesync virtual directory are not correct ("Anonymous isn't a supported authentication method for this scenario")

Please check my article for the correct IIS settings (assuming we are dealing with Exchange 2003):

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now