Solved

iPhone: Unable to verify account information

Posted on 2011-03-22
23
2,768 Views
Last Modified: 2012-05-11
I hope you all can help me with this agonizing issue, I get “Exchange Account: Unable to verify account information” after every attempt to connect an iPhone to my exchange server.  I have read many articles, some conflicting, and cannot find a solution or what do even test next.  Here are the particulars:

I have an SBS 2003 Premium environment with the exchange server on a separate box plus 2 terminal servers. We use a Cisco PIX 501 as the router with each server having a separate IP address for remote access and services. DNS records are correct for mail.domain.com.  OWA is active and working well, users get access to it with: http://mail.domain.com/exchange then entering domain\username and password to get in to the OWA site.  I can get the user “judy” into the OWA site ok.  Her email address is Judy@domain.com.

The iPhone is a 3G, model number MB046LL, OS Version: 4.0.2 (8A400), firmware version: 05.13.04 and the carrier is ATT. I have tried every combination I can think of, the current account settings in the iPhone are:
Email = judy@domain.com
Server = mail.domain.com/exchange
Domain = domain
UserName = domain\Judy
Password = …
SSL = Off

While trying to get connected I installed the IMAP and RPC over HTTP features according to Microsoft and Petri websites.  The router has ports 25, 80, 443, 4125, 587, 465, 993 and IMAP4 (143) opened to the exchange server.
0
Comment
Question by:THEarle
  • 8
  • 7
  • 6
  • +2
23 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Take /exchange off the end of the server name
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Please review your IIS settings using my Exchange 2003 / Activesync article, make sure you settings match mine, run the test on the test site and fix any errors you find with the relevant section from my article.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

If you get stuck anywhere - please ask.

Alan
0
 
LVL 10

Expert Comment

by:Hutch_77
Comment Utility
Email is correct
server is correct if that is what you use for OWA
Domain can be filled in or left blank
username can be somain\judy or judy if domain is filled in
Password

And then SSL is dependant on if its available or not.
Me personally I would have it on if it is supported.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Yes - take /exchange off the username and also lose domain\ from the username

You should be using SSL too!  It is not remotely recommended to use Activeync without SSL enabled and with SBS - you will have an SSL certificate installed by default.  As long as the name on the certificate is correct, and your IIS settings are correct, you shouldn't have any problems.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Server is incorrect... There should be no /exchange on the end of it!

@Alan - damn you posted your article before I could...
0
 
LVL 7

Expert Comment

by:saastech
Comment Utility
Try these settings:
Email: user@domain.com
Domain: (leave blank)
User Name: user@domain.com
Password: (your password)
Description: (Anything)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Sorry (* laughing to myself *)
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
@Alan - No problem
0
 

Author Comment

by:THEarle
Comment Utility
Thanks for the suggestions.  From a browser I must use the /exchange in order to get to the site, I assumed I would need that in the server address in the phone.  I agree SSL should be on, that is just the way it was left it after the last test. Thanks alanhardisty for the article, I ran the connection test for port 443 and it failed!  I will have to get that checked out and try again.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Activesync only uses mail.domain.com and it then locates the \microsoft-server-activesync virtual directory.  If you specify \exchange - it will never find the \exchange\microsoft-server-activesync virtual directory because it doesn't exist where you are pointing it to.

It is fine for OWA because OWA uses \exchange - but not for Activesync.
0
 

Author Comment

by:THEarle
Comment Utility
Thanks for your help.  The OWA site did not have SSL enabled.  This weekend we installed it and will test the iphone on Tuesday.  I will keep you posted.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:THEarle
Comment Utility
Now using the following settings:
Email = judy@domain.com
Server = mail.doamin.com  (without /Excahnge)
Domain = domina
Username = judy
Password = ...
Use SSL = ON

The account verifies but now I get "Cannot get Mail, the connection to the server failed."

Any ideas?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Verify the iPhone can browse the Internet via Safari and then

Leave it 5 minutes and then send the mailbox on Exchange an email and see if the iPhone receives it.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Please re-run the test on the test site and post the full expanded results.  You can obscure your domain name and IP Address if you like, or I can for you.

Alan
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Also once testexchangeconnectivity is OK, then ensure the phone has a good signal, if you are only getting 1 bar on 3G, turn 3G off
0
 

Author Comment

by:THEarle
Comment Utility
Here is the result of the test exchange connectivity site:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.imwong.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 68.167.121.220

Testing TCP port 443 on host mail.imwong.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name mail.imwong.com doesn't match any name found on the server certificate CN=mw-exch, OU=IT, O=Wong, L=Cleveland, S=Ohio, C=US.

The certificate is self issued and looks to be correct.  Any ideas?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
If it is self issued, turn off the trust for ssl part of the check
0
 

Author Comment

by:THEarle
Comment Utility
I ran the test both ways, same result.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Have a look at the cert and look at the common name and anysubjects and verify that is the name you are putting in the test.

The name should be listed in your external DNS and be resolvable there too
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Your certificate is named mw-exch - which cannot be resolved in DNS which is your problem.

Re-run the Connect to The Internet Wizard and change nothing until you get to the certificate part, then create a new certificate named mail.imwong.com, complete the wizard and that will automatically generate a correctly names SSL certificate for you, which means you stand a chance of Activesync working for you.

Once done, re-run the test and post the results again please if it fails.

Alan
0
 

Author Comment

by:THEarle
Comment Utility
I reissued the self signed certificate making sure the name matched the DNS entry and got this result:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.imwong.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 68.167.121.220

Testing TCP port 443 on host mail.imwong.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()

I get this result from inside and outside the LAN.
Any ideas?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Did you Untick the trust for SSL on the test?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
If I visit http://mail.imwong.com/exchange - I get prompted for a username / password.

If, however, I go to https://mail.imwong.com/microsoft-server-activesync I get:

Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.

Have you got Require Client Certificates enabled too?  You should disable that if you do on the Exchange Virtual Directories.

You also should not ideally have OWA on port 80 as it isn't secure.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now