Link to home
Start Free TrialLog in
Avatar of JasonJewett
JasonJewettFlag for United States of America

asked on

Cannot connect iPhone to Exchange 2010

Hello.  I cannot connect any iPhones to an Exchange 2010 server.  I get through the wizard on the phone just fine, but I keep getting errors:  Cannot Get Mail:  The connection to the server failed.  I dont think I'm doing anything wrong on the iPhone as I've done probably 100's of them to different servers.  I just can connect to this one.  I've read many articles and I really dont have a clue where to even start.  I was wondering if there is a place I can go and have someone remote into my machine and see if he/she can solve it.  Obviously I'd be willing to pay.  Thanks!
Avatar of PenguinN

Did you try the perticular phone with diffrent accounts? Is this a fresh 2010 server ?
Avatar of JasonJewett


Yes - multiple accounts.  The server has been runing for a while, but this is the first time I have attempted to hook any mobile device to it.
Can you run the Exchange Connector checks and see what happens
Interesting.  When testing for ActiveSync, it fails here:  Host name doesn't match any name found on the server certificate CN=InternalServerName.

The internal server name is not accessable from outside the local network.  Do I need to add an A record for
Found anything already?
Oke have you got a comercial SSL certificat on the server?. And also check what is is registred in exchange on the external website adres.
In the console tree, navigate to Server Configuration > Client Access.

2. In the work pane, click the Exchange ActiveSync tab, and then click the Microsoft-Server-ActiveSync virtual directory.

3. In the action pane, under click Microsoft-Server-ActiveSync, click Properties.

4. Use the General tab to view display-only information about the Exchange ActiveSync virtual directory and to modify the Internal and External URLs.
Server   This read-only field shows the name of the server the virtual directory is located on.

Web site   This read-only field shows the name of the Web site that holds the virtual directory. Normally, this will be the Default Web Site.

SSL Enabled   This read-only field shows the Secure Sockets Layer (SSL) status of the virtual directory. The default is True.

Modified   This read-only field shows the date and time that the virtual directory was last modified.

Internal URL   This field shows the InternalURL setting for the virtual directory. In most cases, you shouldn't change this setting.

External URL   This field shows the ExternalURL setting for the virtual directory. In an Internet-facing Active Directory site, this field will be populated with the external DNS endpoint for Exchange ActiveSync, for example,


I dont know if the server has a commercial one - how do I check?  how do I check to see the External website address?  Sorry.  I was pretty good at Exchange 2003 and ium a newbie at 2010.
In your case the external URL would be for example,
You could check by opening webmail on the exchange server, you cal check the certificat in your browser. Also if you don't get a message are you sure you want to continue (that context) and your addressbar in IE is green (instead of red) you know it a commercial certifcat for 99%.
ok.   under server config/client access Exchange active sync tab.  the Internal URL is:
The External is as you indicated:
I get the red.  so perhaps not a commercial one - or misconfigured.
Oke you dont have a commercial one probable. I think the connectivity analyzer can also see this. Never the less once your external URL is setup see what happens on the analyzer or check with a phone (I believe you can import or ignore the cert on an iphone)
ok so I need to get an A record pointing to so that both internal and external resolve to the same place right?  I dont need to worry about SSL certs?
I would get a commercial one to make live easier. Also it you want to use ActiveSync internally you should keep in mind that the phones need to resolve the adres from the internal network. So your internal and external URL will be the same and you should setup DNS to get it going (but this is only nessasary if phones use wifi, most of the time they just use G3 so you don't need to worry about internal url for activeSync).

If you want to install the certificat read the following this will give some clarification
OK i am getting this when testing ActiveSync:  iPhone still doesnt work  A record already propigated.  

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: <IP Address>
 Testing TCP port 443 on host to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=InternamServerName, Issuer: CN=InternalServerName.
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name .com was found in the Certificate Subject Alternative Name entry.
 Validating certificate trust for Windows Mobile devices.
  Certificate trust validation failed.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=InternalServerName.
  A certificate chain couldn't be constructed for the certificate.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=InternalServerName
 It went farther this time at least :)

BTW - both the internal and external URLs match for server config/client access Exchange active sync tab.  they are both set to :

I can ping that from both internal and external.
Hi Jason

in your best interest if ur willing to pay have u tried calling Microsoft, to help u ?

do u want to use cert or not ?

if u dont want to use cert , u an go to IIS and change that option. Iphones can work without cert.

let me know ur status
I think I will eventyally want to use a cert, but just to start with i'd be happy to get it working at all.  I don't mind paying MS, but who do i call and how do i go about that?
Avatar of PenguinN

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Go to and search for contact information and u would get taht

they will remote into ur system and help u out
I see you wrote your active is listed as in EMC, internal and external. Internal is normaly internal fqdn and external your fqdn for the server external. This would be The refrence to is not working because is not your domainname.

The intenal refrence would look like https://servername.internaldomainname.local/Microsoft-Server-ActiveSync. Where servername is the name of the mailserver, internal domain is the dns name for your internal network. If you want to find out the servname and domain suffix just ipconfig /all and check the results.
Sorry for the abandoned question.  Client changed phones :)