Avatar of JasonJewett
JasonJewett
Flag for United States of America asked on

Cannot connect iPhone to Exchange 2010

Hello.  I cannot connect any iPhones to an Exchange 2010 server.  I get through the wizard on the phone just fine, but I keep getting errors:  Cannot Get Mail:  The connection to the server failed.  I dont think I'm doing anything wrong on the iPhone as I've done probably 100's of them to different servers.  I just can connect to this one.  I've read many articles and I really dont have a clue where to even start.  I was wondering if there is a place I can go and have someone remote into my machine and see if he/she can solve it.  Obviously I'd be willing to pay.  Thanks!
Exchange

Avatar of undefined
Last Comment
JasonJewett

8/22/2022 - Mon
PenguinN

Did you try the perticular phone with diffrent accounts? Is this a fresh 2010 server ?
JasonJewett

ASKER
Yes - multiple accounts.  The server has been runing for a while, but this is the first time I have attempted to hook any mobile device to it.
PenguinN

Can you run the Exchange Connector checks and see what happens https://www.testexchangeconnectivity.com/
Your help has saved me hundreds of hours of internet surfing.
fblack61
JasonJewett

ASKER
Interesting.  When testing for ActiveSync, it fails here:  Host name mail.mydomain.com doesn't match any name found on the server certificate CN=InternalServerName.

The internal server name is not accessable from outside the local network.  Do I need to add an A record for InternalServerName.mydomain.com?
PenguinN

Found anything already?
PenguinN

Oke have you got a comercial SSL certificat on the server?. And also check what is mail.yourdomain.com is registred in exchange on the external website adres.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
PenguinN

In the console tree, navigate to Server Configuration > Client Access.

2. In the work pane, click the Exchange ActiveSync tab, and then click the Microsoft-Server-ActiveSync virtual directory.

3. In the action pane, under click Microsoft-Server-ActiveSync, click Properties.

4. Use the General tab to view display-only information about the Exchange ActiveSync virtual directory and to modify the Internal and External URLs.
Server   This read-only field shows the name of the server the virtual directory is located on.

Web site   This read-only field shows the name of the Web site that holds the virtual directory. Normally, this will be the Default Web Site.

SSL Enabled   This read-only field shows the Secure Sockets Layer (SSL) status of the virtual directory. The default is True.

Modified   This read-only field shows the date and time that the virtual directory was last modified.

Internal URL   This field shows the InternalURL setting for the virtual directory. In most cases, you shouldn't change this setting.

External URL   This field shows the ExternalURL setting for the virtual directory. In an Internet-facing Active Directory site, this field will be populated with the external DNS endpoint for Exchange ActiveSync, for example, http://contoso.com/Microsoft-Server-ActiveSync.

Source http://technet.microsoft.com/en-us/library/aa998363.aspx#emc 


JasonJewett

ASKER
I dont know if the server has a commercial one - how do I check?  how do I check to see the External website address?  Sorry.  I was pretty good at Exchange 2003 and ium a newbie at 2010.
PenguinN

In your case the external URL would be for example, http://mail.mydomain.com/Microsoft-Server-ActiveSync.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
PenguinN

You could check by opening webmail on the exchange server, you cal check the certificat in your browser. Also if you don't get a message are you sure you want to continue (that context) and your addressbar in IE is green (instead of red) you know it a commercial certifcat for 99%.
JasonJewett

ASKER
ok.   under server config/client access Exchange active sync tab.  the Internal URL is:https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync
The External is as you indicated:  https://webmail.mydomain.com/Microsoft-Server-ActiveSync
JasonJewett

ASKER
I get the red.  so perhaps not a commercial one - or misconfigured.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
PenguinN

Oke you dont have a commercial one probable. I think the connectivity analyzer can also see this. Never the less once your external URL is setup see what happens on the analyzer or check with a phone (I believe you can import or ignore the cert on an iphone)
JasonJewett

ASKER
ok so I need to get an A record pointing to InternamServerNam.mydomain.com so that both internal and external resolve to the same place right?  I dont need to worry about SSL certs?
PenguinN

I would get a commercial one to make live easier. Also it you want to use ActiveSync internally you should keep in mind that the phones need to resolve the adres from the internal network. So your internal and external URL will be the same and you should setup DNS to get it going (but this is only nessasary if phones use wifi, most of the time they just use G3 so you don't need to worry about internal url for activeSync).

If you want to install the certificat read the following this will give some clarification http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
JasonJewett

ASKER
OK i am getting this when testing ActiveSync:  iPhone still doesnt work  A record already propigated.  

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name calpac-mail.calpacpainting.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: <IP Address>
 Testing TCP port 443 on host InternalServerName.mydomain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server InternalServerName.mydomain.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=InternamServerName, Issuer: CN=InternalServerName.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name InternalServerName.mydomain.com .com was found in the Certificate Subject Alternative Name entry.
 
 Validating certificate trust for Windows Mobile devices.
  Certificate trust validation failed.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=InternalServerName.
  A certificate chain couldn't be constructed for the certificate.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=InternalServerName
 
 It went farther this time at least :)

 
 
 
 
JasonJewett

ASKER
BTW - both the internal and external URLs match for server config/client access Exchange active sync tab.  they are both set to :https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync

I can ping that from both internal and external.
praveenkumare_sp

Hi Jason

in your best interest if ur willing to pay have u tried calling Microsoft, to help u ?

do u want to use cert or not ?

if u dont want to use cert , u an go to IIS and change that option. Iphones can work without cert.

let me know ur status
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
JasonJewett

ASKER
I think I will eventyally want to use a cert, but just to start with i'd be happy to get it working at all.  I don't mind paying MS, but who do i call and how do i go about that?
ASKER CERTIFIED SOLUTION
PenguinN

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
praveenkumare_sp

Go to http://support.microsoft.com and search for contact information and u would get taht


they will remote into ur system and help u out
PenguinN

I see you wrote your active is listed as https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync in EMC, internal and external. Internal is normaly internal fqdn and external your fqdn for the server external. This would be https://calpac-mail.calpacpainting.com/Microsoft-Server-ActiveSync. The refrence to mydomain.com is not working because mydomain.com is not your domainname.

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
PenguinN

The intenal refrence would look like https://servername.internaldomainname.local/Microsoft-Server-ActiveSync. Where servername is the name of the mailserver, internal domain is the dns name for your internal network. If you want to find out the servname and domain suffix just ipconfig /all and check the results.
JasonJewett

ASKER
Sorry for the abandoned question.  Client changed phones :)