Solved

Exchange 2010 and iPhones

Posted on 2011-03-10
14
800 Views
Last Modified: 2012-08-14
I have a basic setup of exchange 2010 with hub transport, client access, mailbox and unified messaging on one server. Mailboxes were migrated from SBS 2003. Active sync is configured out of the box as well as self signed certificate. I need to connect a bunch of iPhones and have few questions.

1. Is active sync out of the box ready to go, or does something need to be changed?

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?

3. Can i use self signed cert for this or do I need to buy a public one?

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?

5. Does someone have a step by step guide to set this up?


Thanks, any feedback is appreciated
0
Comment
Question by:Bendi71
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35102755
1. Is active sync out of the box ready to go, or does something need to be changed?
its out of box ready to go

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?
yes even this is set up out of box

3. Can i use self signed cert for this or do I need to buy a public one?
You can use a Self signed, but u will have to import it on all the client machines

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?
U can go with SAN (my preference)
u need to have the following in the certificate
1 CAS FQDN
2 OWA URL
3 externaldomain.com
4 internaldomain.com
5 autodiscover.externaldomain.com

5. Does someone have a step by step guide to set this up?
this works out of box
0
 

Author Comment

by:Bendi71
ID: 35103060
Could I just use an exchange cert and then import to all clients or do I have to have PKI infrastructure for this?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103141
Personally I use a 3rd party SSL SAN / UCC certificate from GoDaddy (or a reseller account because they can be cheaper) as you simply install the certificate and everything falls into place.

The names you would need on a SAN / UCC certificate are:

mail.domain.com (or whatever you choose to use)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername

For Autodiscover to work externally, you will need to create an Autodiscover A Record in your External Domains DNS Control Panel and point it to the IP Address of your Exchange 2010 server.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Bendi71
ID: 35103175
But what do I need in order to use a self signed one? Do I need PKI infrastructure in place?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103217
Exchange already installed a Self-signed certificate and you can use that but you have to start changing the internal URL's for the various settings of Exchange and I personally think this is incredibly messy when for $90 you can buy a 3rd party one from GoDaddy which is trusted.

MS recommends using a 3rd party SSL Certificate too!
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35103294
u can create a self signed certificate using the command (just change the domain name according to ur requirement)

New-ExchangeCertificate -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName woodgrovebank.com, example.com -PrivateKeyExportable $true


NO PKI required

0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35103475
for the above command no pki is required u just need to enable the certificate once created and ur good to go :)


take that cert and install on all client machines and ur work is done
0
 

Author Comment

by:Bendi71
ID: 35103557
I agree with alanhardisty, I dont think I have the desire or time to mess with it. I have to set up 6 locations. However, I want to try using a self signed one as test.

You can create a cert from within EMC which would equal the commandlet. Where do I specify the needed info?

mail.domain.com (or whatever you choose to use)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103597
EMC> Server Configuration> Actions Pane> New Exchange Certificate.

Follow the Wizard and that will generate the Certificate for you.
0
 

Author Comment

by:Bendi71
ID: 35103734
I will try that. Thanks.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35105893
OR GO to EMS and try this command

New-ExchangeCertificate -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName mail.domain.com (or whatever you choose to use), autodiscover.domain.com, internalservername.internaldomain.local, Externaldomain.com -PrivateKeyExportable $true
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35106187
The first post isn't technically correct.

Here are the answers to the questions:

1. Is active sync out of the box ready to go, or does something need to be changed?
ActiveSync will work out of the box, the only think you need to do is forward port 443 from your router/firewall to the internal address of the CAS server.  You will also need to configure an A record in your external DNS to point to your public IP address.   To find out what your public IP is goto http://whatsmyip.org from inside your network.

If you also plan to use the iphones on an internal wireless network then you will need to configure a forward lookup zone on your internal DNS that matches the A record you have configured in your External DNS, otherwise you will have to keep reconfiguring the device.  See my guide here on how to do this: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?
The iphones will use Autodiscover if it is configured, for this to work you need to have configued an A record in your external DNS for autodiscover.domainname.com (where domainname.com is the part after the @ in your primary email address.  Exchange 2007 and 2010 are configured to use AutoDiscover out of the box and apart from the DNS entry and the SSL Certificate there is nothing else required.

3. Can i use self signed cert for this or do I need to buy a public one?
Technically, yes you can, but the name on the certificate must match the A record you created in Question 1 otherwise the devices will reject it.  However, for full support you will require a SAN/UCC certificate with the A record mentioned previously and the autodiscover.domainname.com record.

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?
Whilst a wildcard certificate will technically work, I am yes to see it work 100% sucessfully, myself and a couple of other of EE's top Exchange experts have tried it and it's frought with issues.  Simply buy a SAN/UCC certificate. they don't cost a great deal and will save you a whole bunch of time.  The names alanhardisty mentioned in http:#35103141 are what are required at an absolute minimum.

5. Does someone have a step by step guide to set this up?
Funny, you should ask, see step 7 of my guide here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html

But seriously, use the wizard, it will do all the hard work for you, using the command line if you are not familiar with it will only cause you distress and will lead to this taking hours instead of minutes.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35109161
were u able to create a certificte ?
0
 

Author Comment

by:Bendi71
ID: 35112162
I haven't had tiime to do it yet. EMC or command line is fine. Dont mind either one. I will let you guys soon how it went with self signed cert. I will definatelly buy one for production environment. Thanks for all the help.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In-place Upgrading Dirsync to Azure AD Connect
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question