Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS Server Change Now iPhones not Receiving Emails

Posted on 2011-03-08
10
Medium Priority
?
887 Views
Last Modified: 2012-05-11
Hello Everyone,

We have a primary and secondary DNS server on our network (both are Windows 2000 Adv - the remaining servers on the network are all Windows 2003). As of yesterday, we brought the Secondary one down and all seems to be working fine EXCEPT that the iPhone/Droid users who connect to the Exchange server are not able to send or receive emails. However, users on the BES work fine. Not sure what it could be and am hoping someone could assist in trying to figure it out.

Much appreciated.

Thanks,
D
0
Comment
Question by:davidelee
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:Acosta Technology Services
ID: 35072771
Run the active sync tests from here:

https://www.testexchangeconnectivity.com/

Let us know the results.
0
 

Author Comment

by:davidelee
ID: 35073187
Thanks. The results are below:

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Test Steps
   Attempting to test potential Autodiscover URL https://churchillmanagement.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name churchillmanagement.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 64.209.128.53
 
 Testing TCP port 443 on host churchillmanagement.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.churchillmanagement.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.churchillmanagement.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.churchillmanagement.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Test Steps
   Attempting to resolve the host name autodiscover.churchillmanagement.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.churchillmanagement.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.churchillmanagement.com in DNS.
  The Autodiscover SRV record wasn't found in DNS.
   Tell me more about this issue and how to resolve it
 
 
 
 
 
 
 
 
0
 
LVL 8

Expert Comment

by:Acosta Technology Services
ID: 35074834
Can you bring back up the old DNS serve to make sure the zones were all transferred correctly to the 2nd DNS server?  It looks like you might be missing autodiscover records.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:davidelee
ID: 35074954
Sadly, I'm not sure if that's an option anymore. The old DNS server was demoted.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35075233
Can you please run the Exchange Activesync Test - not the Exchange Activesync Autodiscover test (I think you have run that by the look of the results).

Specify manual server settings and if you have a self-issued SSL certificate, tick the "Ignore Trust for SSL" check box.

Then post the results again please.
0
 

Author Comment

by:davidelee
ID: 35075852
TEST RESULTS:

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.churchillmanagement.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: xx.xx.xx.xx
 
 Testing TCP port 443 on host cmgmail.churchillmanagement.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name cmgmail.churchillmanagement.com was found in the Certificate Subject Common name.
 
 Validating certificate trust for Windows Mobile devices.
  The test passed with some warnings encountered. Please expand the additional details.
   Additional Details
  The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 8/27/2010 12:00:00 AM, NotAfter = 8/26/2012 11:59:59 PM
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://mail.churchillmanagement.com/Microsoft-Server-Activesync/.
  The HTTP authentication test failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
 
 
 
0
 

Author Comment

by:davidelee
ID: 35087525
Performed multiple DNS tools to fix certain issues with the unsuccessful demotion of the Secondary DC(used ADSI, transferred FSMO, seized roles, etc.)

Apparently certain IIS>Exchange settings had changed. Not sure if it was coincidental or how it was changed but we did the following: IIS>Exchange>Right-click, select Properties, Directory Security. Under Authentication and Access Control, click Edit.. be sure there's a check mark where it says Intergrated Windows authentication. Once that setting was back in place all communication with the Smartphones were successful.

Hope this helps others.

Thanks alan and oper for your help in trying to get this fixed.

D
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 35088920
Your IIS permissions on the microsoft-server-activesync virtual directory are not correct ("Anonymous isn't a supported authentication method for this scenario")

Please check my article for the correct IIS settings (assuming we are dealing with Exchange 2003):

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35372840
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question