Solved

can't get exchange 2003 mail account onto iphone or any smartphones except of BBs

Posted on 2011-09-05
26
581 Views
Last Modified: 2012-08-14
Hi

another office i work for, have vmware consol with esva mail server exchange 2003 on sbs2003. i can add users on active directory then i could sync email accounts with their BBs using BIS just fine.

the problem is i cannot configure same email accounts on iphone or htc or samsung smartphones.
i tried with and without ssl, i am sure usernames and passwords are correct and i am also sure of server name.

in another office i work for (different network), Exchange emails work fine on iphones and on s2.

i get error "cannot verify server identity" so i am assuming it's a licence or trusted certificate problem but i don't know where to start, i appreciate all your help.

thank you
0
Comment
Question by:russus
  • 14
  • 9
  • 2
26 Comments
 
LVL 9

Expert Comment

by:davealford
Comment Utility
HAve you forwarded HTTPS (TCP port 443) from your firewall to server?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
Please have a read through my article about Exchange 2003 / Activesync so that you can check your server configuration and tweak any incorrect settings as necessary:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Any problems, please let me know.

Alan
0
 

Author Comment

by:russus
Comment Utility
thank you both, i checked to see if 443 is opened, and it looks like it is. but when i test it using "canyouseeme.org" i get error: i could not see the service on ip address 192.*.*.* (port 443) reason: network is unreachable.



please see attached and let me know what im doing wrong
thank you
443-opened.JPG
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What Firewall / Router do you have?  Sometime the Remote Management of the router is mapped to the Router itself and you will therefore have to change the default port to something like 444 instead of 443.

That should allow port 443 to be passed through the router.
0
 

Author Comment

by:russus
Comment Utility
to be honest, it's the first time i connect to this firewall, it is "monowall" and to access it, i put https:\\defaultGatewayIP:48484
0
 

Author Comment

by:russus
Comment Utility
so you're saying to open port 444 and forward it to the mail server exactly same to 443?
0
 

Author Comment

by:russus
Comment Utility
i tested port 25 and 80 and i get same error with network unreachable! how can it be? i still receive emails on 25
0
 
LVL 9

Expert Comment

by:davealford
Comment Utility
Check the TCP port 443 rule in the monowall configuration and confirm it is forwarding to the correct internal IP address
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Don't open & forward port 444 - Activesync can't use ports other than 80 / 443.

Sounds like a firewall issue / firewall configuration issue if the port isn't testing as open.  Not heard of a monowall before!!
0
 

Author Comment

by:russus
Comment Utility
dave i could see a rule that forwards anything that comes through port 443 to the ip address of the mail server
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Let's ignore the firewall for now - in case it is working and in stealth mode or similar.

Please read my article, visit the test site at https://testexchangeconnectivity.com, run the Exchange Activesync test (DO NOT RUN ANYTHING WITH AUTODISCOVER) and then post the results.

You can obscure your domain name / IP Address (or I can for you).

Alan
0
 

Author Comment

by:russus
Comment Utility
Alan i read your article, i started with the points and got stuck with testing port 443. i'll run the test and post results shortly. thanks
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:russus
Comment Utility
Alan pls find connectivity test attached
connectivity-test.JPG
0
 

Author Comment

by:russus
Comment Utility
Please remove any sensitive data if i've forgotten something. thank you
0
 

Author Comment

by:russus
Comment Utility
any follow up? i don't know much about certificates in fact this is maybe the first time i had to deal with this. it says on the image attached "validating certificate name failed" then i went in "tell me more how to resolve" but couldnt find much or didn't know what to look for.

all your help is appreciated. thank you
0
 

Author Comment

by:russus
Comment Utility
hey alan, in your article, in
Exchange 2003 (Part of Small Business Server):

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Realm=netbios name (i keep this blank or i add "yourcompany" ?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Realm isn't vital - MS keep it blank and the Domain as "\" - but I have fixed issues by adding the Domain in as the internal NETBIOS name.

Try \ and blank and see how you get on.

As you have SBS - you can use my article to generate your own SSL cert using the correct name.

Run through the Connect to the Internet Wizard, change nothing until you get to the Cert part and create a new one for mail.domain.com (I will edit your image above later on).

Once done - re-check your IIS Settings as the Wizard usually adjusts some, then test again.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
FYI - I'm travelling about today, so replies may be slow in coming.  Replacing a couple of routers for a customer at their Office / Home and setting up a site-to-site VPN.

My article should walk you through most of what you need.
0
 

Author Comment

by:russus
Comment Utility
thanks Alan just got to the SSL Certification bit, i'll let you know how it goes.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No probs - I'm moving location again soon.
0
 

Author Comment

by:russus
Comment Utility
Alan i got to "create web server certificate" and it is at the moment "mydomain.com" so i'll need to change that to "mail.mydomain.com" ?
pls note we access owa using "https:\\mail.mydomain.com\exchange". is changing it will affect BB users? also note BB users don't have this problem
thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Yes - change that to mail.domain.com - which should make OWA users happier as they won't get an SSL cert error every time.

BB users should be fine.
0
 

Author Closing Comment

by:russus
Comment Utility
read through article and followed instructions. the solution that worked for me was recreating ssl certificate that mached my "mail.domain.com".

Alan thank you so much for your help
0
 

Author Comment

by:russus
Comment Utility
thank you v much Alan, changing certificate to match my "mail.domain.com" did it for me. cheers
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Great news - glad that you are working and that my article worked for you.

Don't forget to vote for it too :)

Best wishes

Alan
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now