Cannot connect iPhone to Exchange 2010

JasonJewett
JasonJewett used Ask the Experts™
on
Hello.  I cannot connect any iPhones to an Exchange 2010 server.  I get through the wizard on the phone just fine, but I keep getting errors:  Cannot Get Mail:  The connection to the server failed.  I dont think I'm doing anything wrong on the iPhone as I've done probably 100's of them to different servers.  I just can connect to this one.  I've read many articles and I really dont have a clue where to even start.  I was wondering if there is a place I can go and have someone remote into my machine and see if he/she can solve it.  Obviously I'd be willing to pay.  Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Did you try the perticular phone with diffrent accounts? Is this a fresh 2010 server ?

Author

Commented:
Yes - multiple accounts.  The server has been runing for a while, but this is the first time I have attempted to hook any mobile device to it.

Commented:
Can you run the Exchange Connector checks and see what happens https://www.testexchangeconnectivity.com/
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Author

Commented:
Interesting.  When testing for ActiveSync, it fails here:  Host name mail.mydomain.com doesn't match any name found on the server certificate CN=InternalServerName.

The internal server name is not accessable from outside the local network.  Do I need to add an A record for InternalServerName.mydomain.com?

Commented:
Found anything already?

Commented:
Oke have you got a comercial SSL certificat on the server?. And also check what is mail.yourdomain.com is registred in exchange on the external website adres.

Commented:
In the console tree, navigate to Server Configuration > Client Access.

2. In the work pane, click the Exchange ActiveSync tab, and then click the Microsoft-Server-ActiveSync virtual directory.

3. In the action pane, under click Microsoft-Server-ActiveSync, click Properties.

4. Use the General tab to view display-only information about the Exchange ActiveSync virtual directory and to modify the Internal and External URLs.
Server   This read-only field shows the name of the server the virtual directory is located on.

Web site   This read-only field shows the name of the Web site that holds the virtual directory. Normally, this will be the Default Web Site.

SSL Enabled   This read-only field shows the Secure Sockets Layer (SSL) status of the virtual directory. The default is True.

Modified   This read-only field shows the date and time that the virtual directory was last modified.

Internal URL   This field shows the InternalURL setting for the virtual directory. In most cases, you shouldn't change this setting.

External URL   This field shows the ExternalURL setting for the virtual directory. In an Internet-facing Active Directory site, this field will be populated with the external DNS endpoint for Exchange ActiveSync, for example, http://contoso.com/Microsoft-Server-ActiveSync.

Source http://technet.microsoft.com/en-us/library/aa998363.aspx#emc 


Author

Commented:
I dont know if the server has a commercial one - how do I check?  how do I check to see the External website address?  Sorry.  I was pretty good at Exchange 2003 and ium a newbie at 2010.

Commented:
In your case the external URL would be for example, http://mail.mydomain.com/Microsoft-Server-ActiveSync.

Commented:
You could check by opening webmail on the exchange server, you cal check the certificat in your browser. Also if you don't get a message are you sure you want to continue (that context) and your addressbar in IE is green (instead of red) you know it a commercial certifcat for 99%.

Author

Commented:
ok.   under server config/client access Exchange active sync tab.  the Internal URL is:https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync
The External is as you indicated:  https://webmail.mydomain.com/Microsoft-Server-ActiveSync

Author

Commented:
I get the red.  so perhaps not a commercial one - or misconfigured.

Commented:
Oke you dont have a commercial one probable. I think the connectivity analyzer can also see this. Never the less once your external URL is setup see what happens on the analyzer or check with a phone (I believe you can import or ignore the cert on an iphone)

Author

Commented:
ok so I need to get an A record pointing to InternamServerNam.mydomain.com so that both internal and external resolve to the same place right?  I dont need to worry about SSL certs?

Commented:
I would get a commercial one to make live easier. Also it you want to use ActiveSync internally you should keep in mind that the phones need to resolve the adres from the internal network. So your internal and external URL will be the same and you should setup DNS to get it going (but this is only nessasary if phones use wifi, most of the time they just use G3 so you don't need to worry about internal url for activeSync).

If you want to install the certificat read the following this will give some clarification http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

Author

Commented:
OK i am getting this when testing ActiveSync:  iPhone still doesnt work  A record already propigated.  

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name calpac-mail.calpacpainting.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: <IP Address>
 Testing TCP port 443 on host InternalServerName.mydomain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server InternalServerName.mydomain.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=InternamServerName, Issuer: CN=InternalServerName.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name InternalServerName.mydomain.com .com was found in the Certificate Subject Alternative Name entry.
 
 Validating certificate trust for Windows Mobile devices.
  Certificate trust validation failed.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=InternalServerName.
  A certificate chain couldn't be constructed for the certificate.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=InternalServerName
 
 It went farther this time at least :)

 
 
 
 

Author

Commented:
BTW - both the internal and external URLs match for server config/client access Exchange active sync tab.  they are both set to :https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync

I can ping that from both internal and external.
Hi Jason

in your best interest if ur willing to pay have u tried calling Microsoft, to help u ?

do u want to use cert or not ?

if u dont want to use cert , u an go to IIS and change that option. Iphones can work without cert.

let me know ur status

Author

Commented:
I think I will eventyally want to use a cert, but just to start with i'd be happy to get it working at all.  I don't mind paying MS, but who do i call and how do i go about that?
Commented:
Is working ? Try to see if you get true with rhe exchange analyser.
Go to http://support.microsoft.com and search for contact information and u would get taht


they will remote into ur system and help u out

Commented:
I see you wrote your active is listed as https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync in EMC, internal and external. Internal is normaly internal fqdn and external your fqdn for the server external. This would be https://calpac-mail.calpacpainting.com/Microsoft-Server-ActiveSync. The refrence to mydomain.com is not working because mydomain.com is not your domainname.

Commented:
The intenal refrence would look like https://servername.internaldomainname.local/Microsoft-Server-ActiveSync. Where servername is the name of the mailserver, internal domain is the dns name for your internal network. If you want to find out the servname and domain suffix just ipconfig /all and check the results.

Author

Commented:
Sorry for the abandoned question.  Client changed phones :)  

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial