Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

iPhone: Unable to verify account information

Posted on 2011-03-22
23
Medium Priority
?
2,884 Views
Last Modified: 2012-05-11
I hope you all can help me with this agonizing issue, I get “Exchange Account: Unable to verify account information” after every attempt to connect an iPhone to my exchange server.  I have read many articles, some conflicting, and cannot find a solution or what do even test next.  Here are the particulars:

I have an SBS 2003 Premium environment with the exchange server on a separate box plus 2 terminal servers. We use a Cisco PIX 501 as the router with each server having a separate IP address for remote access and services. DNS records are correct for mail.domain.com.  OWA is active and working well, users get access to it with: http://mail.domain.com/exchange then entering domain\username and password to get in to the OWA site.  I can get the user “judy” into the OWA site ok.  Her email address is Judy@domain.com.

The iPhone is a 3G, model number MB046LL, OS Version: 4.0.2 (8A400), firmware version: 05.13.04 and the carrier is ATT. I have tried every combination I can think of, the current account settings in the iPhone are:
Email = judy@domain.com
Server = mail.domain.com/exchange
Domain = domain
UserName = domain\Judy
Password = …
SSL = Off

While trying to get connected I installed the IMAP and RPC over HTTP features according to Microsoft and Petri websites.  The router has ports 25, 80, 443, 4125, 587, 465, 993 and IMAP4 (143) opened to the exchange server.
0
Comment
Question by:THEarle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 6
  • +2
23 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192695
Take /exchange off the end of the server name
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35192701
Please review your IIS settings using my Exchange 2003 / Activesync article, make sure you settings match mine, run the test on the test site and fix any errors you find with the relevant section from my article.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

If you get stuck anywhere - please ask.

Alan
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35192702
Email is correct
server is correct if that is what you use for OWA
Domain can be filled in or left blank
username can be somain\judy or judy if domain is filled in
Password

And then SSL is dependant on if its available or not.
Me personally I would have it on if it is supported.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35192714
Yes - take /exchange off the username and also lose domain\ from the username

You should be using SSL too!  It is not remotely recommended to use Activeync without SSL enabled and with SBS - you will have an SSL certificate installed by default.  As long as the name on the certificate is correct, and your IIS settings are correct, you shouldn't have any problems.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192717
Server is incorrect... There should be no /exchange on the end of it!

@Alan - damn you posted your article before I could...
0
 
LVL 7

Expert Comment

by:saastech
ID: 35192746
Try these settings:
Email: user@domain.com
Domain: (leave blank)
User Name: user@domain.com
Password: (your password)
Description: (Anything)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35192772
Sorry (* laughing to myself *)
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192822
@Alan - No problem
0
 

Author Comment

by:THEarle
ID: 35192862
Thanks for the suggestions.  From a browser I must use the /exchange in order to get to the site, I assumed I would need that in the server address in the phone.  I agree SSL should be on, that is just the way it was left it after the last test. Thanks alanhardisty for the article, I ran the connection test for port 443 and it failed!  I will have to get that checked out and try again.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35192882
Activesync only uses mail.domain.com and it then locates the \microsoft-server-activesync virtual directory.  If you specify \exchange - it will never find the \exchange\microsoft-server-activesync virtual directory because it doesn't exist where you are pointing it to.

It is fine for OWA because OWA uses \exchange - but not for Activesync.
0
 

Author Comment

by:THEarle
ID: 35227465
Thanks for your help.  The OWA site did not have SSL enabled.  This weekend we installed it and will test the iphone on Tuesday.  I will keep you posted.
0
 

Author Comment

by:THEarle
ID: 35237803
Now using the following settings:
Email = judy@domain.com
Server = mail.doamin.com  (without /Excahnge)
Domain = domina
Username = judy
Password = ...
Use SSL = ON

The account verifies but now I get "Cannot get Mail, the connection to the server failed."

Any ideas?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35238725
Verify the iPhone can browse the Internet via Safari and then

Leave it 5 minutes and then send the mailbox on Exchange an email and see if the iPhone receives it.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35240505
Please re-run the test on the test site and post the full expanded results.  You can obscure your domain name and IP Address if you like, or I can for you.

Alan
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35240578
Also once testexchangeconnectivity is OK, then ensure the phone has a good signal, if you are only getting 1 bar on 3G, turn 3G off
0
 

Author Comment

by:THEarle
ID: 35300018
Here is the result of the test exchange connectivity site:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.imwong.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 68.167.121.220

Testing TCP port 443 on host mail.imwong.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name mail.imwong.com doesn't match any name found on the server certificate CN=mw-exch, OU=IT, O=Wong, L=Cleveland, S=Ohio, C=US.

The certificate is self issued and looks to be correct.  Any ideas?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35300264
If it is self issued, turn off the trust for ssl part of the check
0
 

Author Comment

by:THEarle
ID: 35300329
I ran the test both ways, same result.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35300371
Have a look at the cert and look at the common name and anysubjects and verify that is the name you are putting in the test.

The name should be listed in your external DNS and be resolvable there too
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35304911
Your certificate is named mw-exch - which cannot be resolved in DNS which is your problem.

Re-run the Connect to The Internet Wizard and change nothing until you get to the certificate part, then create a new certificate named mail.imwong.com, complete the wizard and that will automatically generate a correctly names SSL certificate for you, which means you stand a chance of Activesync working for you.

Once done, re-run the test and post the results again please if it fails.

Alan
0
 

Author Comment

by:THEarle
ID: 35326563
I reissued the self signed certificate making sure the name matched the DNS entry and got this result:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.imwong.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 68.167.121.220

Testing TCP port 443 on host mail.imwong.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()

I get this result from inside and outside the LAN.
Any ideas?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35328516
Did you Untick the trust for SSL on the test?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 35328679
If I visit http://mail.imwong.com/exchange - I get prompted for a username / password.

If, however, I go to https://mail.imwong.com/microsoft-server-activesync I get:

Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.

Have you got Require Client Certificates enabled too?  You should disable that if you do on the Exchange Virtual Directories.

You also should not ideally have OWA on port 80 as it isn't secure.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
Learn how to use the free Acronis True Image app to easily transfer data between iPhones and Android phones.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question