• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

can't get exchange 2003 mail account onto iphone or any smartphones except of BBs

Hi

another office i work for, have vmware consol with esva mail server exchange 2003 on sbs2003. i can add users on active directory then i could sync email accounts with their BBs using BIS just fine.

the problem is i cannot configure same email accounts on iphone or htc or samsung smartphones.
i tried with and without ssl, i am sure usernames and passwords are correct and i am also sure of server name.

in another office i work for (different network), Exchange emails work fine on iphones and on s2.

i get error "cannot verify server identity" so i am assuming it's a licence or trusted certificate problem but i don't know where to start, i appreciate all your help.

thank you
0
russus
Asked:
russus
  • 14
  • 9
  • 2
1 Solution
 
davealfordCommented:
HAve you forwarded HTTPS (TCP port 443) from your firewall to server?
0
 
Alan HardistyCommented:
Please have a read through my article about Exchange 2003 / Activesync so that you can check your server configuration and tweak any incorrect settings as necessary:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Any problems, please let me know.

Alan
0
 
russusAuthor Commented:
thank you both, i checked to see if 443 is opened, and it looks like it is. but when i test it using "canyouseeme.org" i get error: i could not see the service on ip address 192.*.*.* (port 443) reason: network is unreachable.



please see attached and let me know what im doing wrong
thank you
443-opened.JPG
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
Alan HardistyCommented:
What Firewall / Router do you have?  Sometime the Remote Management of the router is mapped to the Router itself and you will therefore have to change the default port to something like 444 instead of 443.

That should allow port 443 to be passed through the router.
0
 
russusAuthor Commented:
to be honest, it's the first time i connect to this firewall, it is "monowall" and to access it, i put https:\\defaultGatewayIP:48484
0
 
russusAuthor Commented:
so you're saying to open port 444 and forward it to the mail server exactly same to 443?
0
 
russusAuthor Commented:
i tested port 25 and 80 and i get same error with network unreachable! how can it be? i still receive emails on 25
0
 
davealfordCommented:
Check the TCP port 443 rule in the monowall configuration and confirm it is forwarding to the correct internal IP address
0
 
Alan HardistyCommented:
Don't open & forward port 444 - Activesync can't use ports other than 80 / 443.

Sounds like a firewall issue / firewall configuration issue if the port isn't testing as open.  Not heard of a monowall before!!
0
 
russusAuthor Commented:
dave i could see a rule that forwards anything that comes through port 443 to the ip address of the mail server
0
 
Alan HardistyCommented:
Let's ignore the firewall for now - in case it is working and in stealth mode or similar.

Please read my article, visit the test site at https://testexchangeconnectivity.com, run the Exchange Activesync test (DO NOT RUN ANYTHING WITH AUTODISCOVER) and then post the results.

You can obscure your domain name / IP Address (or I can for you).

Alan
0
 
russusAuthor Commented:
Alan i read your article, i started with the points and got stuck with testing port 443. i'll run the test and post results shortly. thanks
0
 
russusAuthor Commented:
Alan pls find connectivity test attached
connectivity-test.JPG
0
 
russusAuthor Commented:
Please remove any sensitive data if i've forgotten something. thank you
0
 
russusAuthor Commented:
any follow up? i don't know much about certificates in fact this is maybe the first time i had to deal with this. it says on the image attached "validating certificate name failed" then i went in "tell me more how to resolve" but couldnt find much or didn't know what to look for.

all your help is appreciated. thank you
0
 
russusAuthor Commented:
hey alan, in your article, in
Exchange 2003 (Part of Small Business Server):

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Realm=netbios name (i keep this blank or i add "yourcompany" ?
0
 
Alan HardistyCommented:
Realm isn't vital - MS keep it blank and the Domain as "\" - but I have fixed issues by adding the Domain in as the internal NETBIOS name.

Try \ and blank and see how you get on.

As you have SBS - you can use my article to generate your own SSL cert using the correct name.

Run through the Connect to the Internet Wizard, change nothing until you get to the Cert part and create a new one for mail.domain.com (I will edit your image above later on).

Once done - re-check your IIS Settings as the Wizard usually adjusts some, then test again.
0
 
Alan HardistyCommented:
FYI - I'm travelling about today, so replies may be slow in coming.  Replacing a couple of routers for a customer at their Office / Home and setting up a site-to-site VPN.

My article should walk you through most of what you need.
0
 
russusAuthor Commented:
thanks Alan just got to the SSL Certification bit, i'll let you know how it goes.
0
 
Alan HardistyCommented:
No probs - I'm moving location again soon.
0
 
russusAuthor Commented:
Alan i got to "create web server certificate" and it is at the moment "mydomain.com" so i'll need to change that to "mail.mydomain.com" ?
pls note we access owa using "https:\\mail.mydomain.com\exchange". is changing it will affect BB users? also note BB users don't have this problem
thanks
0
 
Alan HardistyCommented:
Yes - change that to mail.domain.com - which should make OWA users happier as they won't get an SSL cert error every time.

BB users should be fine.
0
 
russusAuthor Commented:
read through article and followed instructions. the solution that worked for me was recreating ssl certificate that mached my "mail.domain.com".

Alan thank you so much for your help
0
 
russusAuthor Commented:
thank you v much Alan, changing certificate to match my "mail.domain.com" did it for me. cheers
0
 
Alan HardistyCommented:
Great news - glad that you are working and that my article worked for you.

Don't forget to vote for it too :)

Best wishes

Alan
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 14
  • 9
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now