iPhone: Unable to verify account information

I hope you all can help me with this agonizing issue, I get “Exchange Account: Unable to verify account information” after every attempt to connect an iPhone to my exchange server.  I have read many articles, some conflicting, and cannot find a solution or what do even test next.  Here are the particulars:

I have an SBS 2003 Premium environment with the exchange server on a separate box plus 2 terminal servers. We use a Cisco PIX 501 as the router with each server having a separate IP address for remote access and services. DNS records are correct for mail.domain.com.  OWA is active and working well, users get access to it with: http://mail.domain.com/exchange then entering domain\username and password to get in to the OWA site.  I can get the user “judy” into the OWA site ok.  Her email address is Judy@domain.com.

The iPhone is a 3G, model number MB046LL, OS Version: 4.0.2 (8A400), firmware version: 05.13.04 and the carrier is ATT. I have tried every combination I can think of, the current account settings in the iPhone are:
Email = judy@domain.com
Server = mail.domain.com/exchange
Domain = domain
UserName = domain\Judy
Password = …
SSL = Off

While trying to get connected I installed the IMAP and RPC over HTTP features according to Microsoft and Petri websites.  The router has ports 25, 80, 443, 4125, 587, 465, 993 and IMAP4 (143) opened to the exchange server.
THEarleAsked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
If I visit http://mail.imwong.com/exchange - I get prompted for a username / password.

If, however, I go to https://mail.imwong.com/microsoft-server-activesync I get:

Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.

Have you got Require Client Certificates enabled too?  You should disable that if you do on the Exchange Virtual Directories.

You also should not ideally have OWA on port 80 as it isn't secure.
0
 
MegaNuk3Commented:
Take /exchange off the end of the server name
0
 
Alan HardistyCo-OwnerCommented:
Please review your IIS settings using my Exchange 2003 / Activesync article, make sure you settings match mine, run the test on the test site and fix any errors you find with the relevant section from my article.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

If you get stuck anywhere - please ask.

Alan
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Hutch_77Commented:
Email is correct
server is correct if that is what you use for OWA
Domain can be filled in or left blank
username can be somain\judy or judy if domain is filled in
Password

And then SSL is dependant on if its available or not.
Me personally I would have it on if it is supported.
0
 
Alan HardistyCo-OwnerCommented:
Yes - take /exchange off the username and also lose domain\ from the username

You should be using SSL too!  It is not remotely recommended to use Activeync without SSL enabled and with SBS - you will have an SSL certificate installed by default.  As long as the name on the certificate is correct, and your IIS settings are correct, you shouldn't have any problems.
0
 
MegaNuk3Commented:
Server is incorrect... There should be no /exchange on the end of it!

@Alan - damn you posted your article before I could...
0
 
saastechCommented:
Try these settings:
Email: user@domain.com
Domain: (leave blank)
User Name: user@domain.com
Password: (your password)
Description: (Anything)
0
 
Alan HardistyCo-OwnerCommented:
Sorry (* laughing to myself *)
0
 
MegaNuk3Commented:
@Alan - No problem
0
 
THEarleAuthor Commented:
Thanks for the suggestions.  From a browser I must use the /exchange in order to get to the site, I assumed I would need that in the server address in the phone.  I agree SSL should be on, that is just the way it was left it after the last test. Thanks alanhardisty for the article, I ran the connection test for port 443 and it failed!  I will have to get that checked out and try again.
0
 
Alan HardistyCo-OwnerCommented:
Activesync only uses mail.domain.com and it then locates the \microsoft-server-activesync virtual directory.  If you specify \exchange - it will never find the \exchange\microsoft-server-activesync virtual directory because it doesn't exist where you are pointing it to.

It is fine for OWA because OWA uses \exchange - but not for Activesync.
0
 
THEarleAuthor Commented:
Thanks for your help.  The OWA site did not have SSL enabled.  This weekend we installed it and will test the iphone on Tuesday.  I will keep you posted.
0
 
THEarleAuthor Commented:
Now using the following settings:
Email = judy@domain.com
Server = mail.doamin.com  (without /Excahnge)
Domain = domina
Username = judy
Password = ...
Use SSL = ON

The account verifies but now I get "Cannot get Mail, the connection to the server failed."

Any ideas?
0
 
MegaNuk3Commented:
Verify the iPhone can browse the Internet via Safari and then

Leave it 5 minutes and then send the mailbox on Exchange an email and see if the iPhone receives it.
0
 
Alan HardistyCo-OwnerCommented:
Please re-run the test on the test site and post the full expanded results.  You can obscure your domain name and IP Address if you like, or I can for you.

Alan
0
 
MegaNuk3Commented:
Also once testexchangeconnectivity is OK, then ensure the phone has a good signal, if you are only getting 1 bar on 3G, turn 3G off
0
 
THEarleAuthor Commented:
Here is the result of the test exchange connectivity site:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.imwong.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 68.167.121.220

Testing TCP port 443 on host mail.imwong.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name mail.imwong.com doesn't match any name found on the server certificate CN=mw-exch, OU=IT, O=Wong, L=Cleveland, S=Ohio, C=US.

The certificate is self issued and looks to be correct.  Any ideas?
0
 
MegaNuk3Commented:
If it is self issued, turn off the trust for ssl part of the check
0
 
THEarleAuthor Commented:
I ran the test both ways, same result.
0
 
MegaNuk3Commented:
Have a look at the cert and look at the common name and anysubjects and verify that is the name you are putting in the test.

The name should be listed in your external DNS and be resolvable there too
0
 
Alan HardistyCo-OwnerCommented:
Your certificate is named mw-exch - which cannot be resolved in DNS which is your problem.

Re-run the Connect to The Internet Wizard and change nothing until you get to the certificate part, then create a new certificate named mail.imwong.com, complete the wizard and that will automatically generate a correctly names SSL certificate for you, which means you stand a chance of Activesync working for you.

Once done, re-run the test and post the results again please if it fails.

Alan
0
 
THEarleAuthor Commented:
I reissued the self signed certificate making sure the name matched the DNS entry and got this result:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.imwong.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 68.167.121.220

Testing TCP port 443 on host mail.imwong.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()

I get this result from inside and outside the LAN.
Any ideas?
0
 
MegaNuk3Commented:
Did you Untick the trust for SSL on the test?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.