DNS Server Change Now iPhones not Receiving Emails

Hello Everyone,

We have a primary and secondary DNS server on our network (both are Windows 2000 Adv - the remaining servers on the network are all Windows 2003). As of yesterday, we brought the Secondary one down and all seems to be working fine EXCEPT that the iPhone/Droid users who connect to the Exchange server are not able to send or receive emails. However, users on the BES work fine. Not sure what it could be and am hoping someone could assist in trying to figure it out.

Much appreciated.

Thanks,
D
davideleeAsked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Your IIS permissions on the microsoft-server-activesync virtual directory are not correct ("Anonymous isn't a supported authentication method for this scenario")

Please check my article for the correct IIS settings (assuming we are dealing with Exchange 2003):

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
Acosta Technology ServicesCommented:
Run the active sync tests from here:

https://www.testexchangeconnectivity.com/

Let us know the results.
0
 
davideleeAuthor Commented:
Thanks. The results are below:

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Test Steps
   Attempting to test potential Autodiscover URL https://churchillmanagement.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name churchillmanagement.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 64.209.128.53
 
 Testing TCP port 443 on host churchillmanagement.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.churchillmanagement.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.churchillmanagement.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.churchillmanagement.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Test Steps
   Attempting to resolve the host name autodiscover.churchillmanagement.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.churchillmanagement.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.churchillmanagement.com in DNS.
  The Autodiscover SRV record wasn't found in DNS.
   Tell me more about this issue and how to resolve it
 
 
 
 
 
 
 
 
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
Acosta Technology ServicesCommented:
Can you bring back up the old DNS serve to make sure the zones were all transferred correctly to the 2nd DNS server?  It looks like you might be missing autodiscover records.  
0
 
davideleeAuthor Commented:
Sadly, I'm not sure if that's an option anymore. The old DNS server was demoted.
0
 
Alan HardistyCo-OwnerCommented:
Can you please run the Exchange Activesync Test - not the Exchange Activesync Autodiscover test (I think you have run that by the look of the results).

Specify manual server settings and if you have a self-issued SSL certificate, tick the "Ignore Trust for SSL" check box.

Then post the results again please.
0
 
davideleeAuthor Commented:
TEST RESULTS:

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.churchillmanagement.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: xx.xx.xx.xx
 
 Testing TCP port 443 on host cmgmail.churchillmanagement.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name cmgmail.churchillmanagement.com was found in the Certificate Subject Common name.
 
 Validating certificate trust for Windows Mobile devices.
  The test passed with some warnings encountered. Please expand the additional details.
   Additional Details
  The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 8/27/2010 12:00:00 AM, NotAfter = 8/26/2012 11:59:59 PM
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Testing HTTP Authentication Methods for URL https://mail.churchillmanagement.com/Microsoft-Server-Activesync/.
  The HTTP authentication test failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
 
 
 
0
 
davideleeAuthor Commented:
Performed multiple DNS tools to fix certain issues with the unsuccessful demotion of the Secondary DC(used ADSI, transferred FSMO, seized roles, etc.)

Apparently certain IIS>Exchange settings had changed. Not sure if it was coincidental or how it was changed but we did the following: IIS>Exchange>Right-click, select Properties, Directory Security. Under Authentication and Access Control, click Edit.. be sure there's a check mark where it says Intergrated Windows authentication. Once that setting was back in place all communication with the Smartphones were successful.

Hope this helps others.

Thanks alan and oper for your help in trying to get this fixed.

D
0
 
Glen KnightCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
All Courses

From novice to tech pro — start learning today.