Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 620
  • Last Modified:

MIcrosoft Exchange 2003 on SBS 2003 connection trouble with iPhone G3 and iPad2

OK let me start by saying I have no idea where to start here. I am not that familiar with Exchange or Active Directory.....thus my problem. I'll admit to be a neophite when it comes to that side of things so be warned. Please try not to assume anything when responding to this post.

That said, here's the issue. I have two users with nice new toys! First I have an iPhone G3, second I have an iPad2. We are using an HP DL380 G4 rack server running SBS 2003 SP2, Exchange 2003 SP1 (I know I'm trying to work out the time to apply the SP2 update), Active Directory.

Here's what I know, port 443 is open, we regularly use OWA and RWW to connect to our Exchange accounts and our desktops. Our SSL certificate is self signed, do these devices require a root SSL certificate in order to establish a valid connection? At the moment because of this we only require basic authentication. Can a connection be established with these devices to an Exchange account when Exchange is only at SP1?

Whenever I try to establish a connection to the Exchange account all I get is "Unable to verify the account information."

I've read MANY posts and articles on making this work, but most of them are at least 5 years old! Does anyone have a clear and definitive guide to setting up the necessary components to make this work?

What I want to know is what was wrong with the Blackberries they were using???

Thanks to all in advance for your patience, if I am slow to respond it's only because I'm running the IT office part time along with my other duties!

Telefunken
0
telefunken
Asked:
telefunken
  • 11
  • 8
  • 5
  • +4
1 Solution
 
andy_maskellCommented:
First of all you need to make sure you have SP2 on your exchange server or it won't work. Then you need to set up the Exchange server as a RPC-HTTP back end server (right click server name in exchange manager -->properties and RPC-HTTP tab).
once you have done this you need to run the Connect to the Internet wizard in the server manager to do list and within the firewall section make sure you have a tick in the Outlook via the Internet box.
That should allow it through.
0
 
jonahzonaCommented:
You need to go into active directory, right click on the user and select Exchange Tasks.

Click Next.

Go to Configure Exchange Features. Click next.

Make sure Outlook Mobile Access is ENABLED. Depending on how exchange is set up, sometimes it will default to Disabled.

The second part of your question is about Blackberries? Blackberries need Blackberry Enterprise Server/Express set up as well. But your Apple stuff should work fine once Outlook Mobile Access is enabled.
0
 
perfectpcCommented:
443 is all should need open. The iphone can be a pain to setup but usually I don't use the domain box but add it to the user in ie domain/user

Glenn
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MegaNuk3Commented:
You don't need SP2 installed for ActiveSync to work, self signed Certs are fine and as already mentioned port 443 is all you need. Outlook Mobile Access is not needed as that is completely different to ActiveSync.
0
 
telefunkenAuthor Commented:
@Andy Maskell

Yeah I know I need to make time to update Exchange to SP2. I had read in a couple of posts that this would be necessary. Thanks though! As to making "Exchange server as a RPC-HTTP back end server", what effect will this have on the local users if any, what are the pros and cons?

See the attachment "RPC-HTTP Properties"

@johnazona

OWA is enabled for all mobile users (see screenshot "AD configure Exchange features").

Actually the part of the question relating to Blackberries was a joke! Everybody had Blackberries before and everything worked fine, only when they started getting iPhones did it start to go screwy!

@perfectpc

Port 443 is open, could you explain "I don't use the domain box but add it to the user in ie domain/user
" in a bit more detail?

Telefunken
RPC-HTTP-Properties.bmp
AD-configure-Exchange-features.bmp
0
 
perfectpcCommented:
If your user is bob and your domain is simple.com in the username box type simple/bob  this is what usually works for me.

I take you only have 1 server, if so you don't even need to think about rpc-http

Glenn
0
 
andy_maskellCommented:
Changing it to a back end server has no effect on your local users. The pro's are that it makes your email work, I haven't found any cons and have set a lot of these systems up to work with iphone exchange.
0
 
telefunkenAuthor Commented:
@Andy Maskell

So I shouldn't expect any interruption of services for any local users by changing the exchange to a back end server. What is actually being changed by making it a "back end server", and what about the self signed SSL certificate? Does this also solve the connection issue for the iPad2?

@perfectpc AKA Glenn

Yes you are correct we only have one server. Are you talking about the "usename box" in the iPhone's e-mail settings dialog? If so I've tried domain/user with the same result.
0
 
perfectpcCommented:
I take it on the iphone settings that the ssl setting is enabled?  Have you tried acessing the server via owa to make sure that works?
0
 
andy_maskellCommented:
There will be no interuptiion of service for the local users. Whats being changed is to make it work with RPC-HTTP. The iPhone/iPad set up for exchange doesn't actually use the owa login, it uses RPC-HTTP so you will have to enable it to make it work.
Self signed certificates are fine, you will get a message saying that the certificate could not be authenticated and would you like to continue anyway. Click yes and it's all done.
0
 
MegaNuk3Commented:
It doesn't use RPC/HTTP that is for outlook anywhere (MAPI) clients. You do not need the RPC over HTTPS component installed on your Exchange server for ActiveSync to work.
0
 
telefunkenAuthor Commented:
@MegaNuk3

You've pointed out the items you disagree with on the above statements. Would you care to offer your opinion on what is needed?

Telefunken
0
 
MegaNuk3Commented:
You only need port 443 fowarded to your exchange server for ActiveSync to work. Self signed Certs are fine as iPhones can ignore the SSL trust.

Test your server with www.testexchangeconnectivity.com and if it diesnt work either post back or follow the troubleshooting steps in here:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
andy_maskellCommented:
The fact still stands that it wont work anyway until you install SP2 on Exchange.
0
 
MegaNuk3Commented:
Rubbish. It will work, Pre sp2. It just works better with SP2.
0
 
MegaNuk3Commented:
ActiveSync shipped with Exchange 2003 RTM
0
 
telefunkenAuthor Commented:
@MegaNuk3

I will look at your suggestions and report back tomorrow! I can't set aside the time right now....fires to put out don't you know!

Telefunken
0
 
telefunkenAuthor Commented:
@MegaNuk3

Yes after following the link I realized I have already run this test. You are just interested in the results from "Microsoft Exchange ActiveSync Connectivity Tests " correct?

Auto Discovery fails, however manual configuration was successful.

Telefunken
0
 
MegaNuk3Commented:
As you probably know Exchange 2003 doesn't have AutoDiscover.

So the manual ActiveSync test works? Have you managed to pair any devices to your server and get them working?
0
 
telefunkenAuthor Commented:
@MehaNuk3

Thanks for the education, No I did not know Autodiscover didn't work with 2003. Yes manual ActiveSync test worked. I have several Blackberries working, but I can't get the iPhones and iPad2 working.

Telefunken
0
 
MegaNuk3Commented:
Blackberries don't use ActiveSync, they use OWA/WebDAv to access the mailbox. If the manual ActiveSync test works from www.testexchangeconnectivity.com then there should be no reason why your iPhones / iPad won't work. What error are the devices getting?
0
 
MegaNuk3Commented:
Create a new test mailbox & user and send it one mail. Make sure the account is not set to "user must change password at next logon". Then test that mailbox on the iPhone.
0
 
telefunkenAuthor Commented:
@MegaNuk3

"Unable to Verify Account"

Telefunken
0
 
MegaNuk3Commented:
Is that the same with a new test user account? Have you turned on HTTP-KeepAlives in IIS? have you set the time to at least 120 seconds?
0
 
andy_maskellCommented:
I may still be talking rubbish ;p but I have seen this so many times in the real world. Install Exchange SP2 and it will verify.
0
 
MegaNuk3Commented:
I agree, with that comment. iPhones may only know how to talk to SP2 and above versions of ActiveSync. I'd even recommend going to a post-SP2 version of massync.dll...

Please install Exchange SP2 if you haven't already done so.
0
 
telefunkenAuthor Commented:
Will install SP2 as planned and get back to this question after with results. Should happen sometime next week.

Telefunken
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
Alan HardistyCo-OwnerCommented:
@Andy_Maskell - Just to confirm that Activesync does work with Exchange 2003 SP1.  I started working with Exchange 2003 in the SP1 days and managed to get push mail working in the early days of Push mail, despite their being little documentation to assist me.  Since SP2 came out, life became a whole lot easier.

Thanks MegaNuk3

Alan
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 11
  • 8
  • 5
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now