can't get exchange 2003 mail account onto iphone or any smartphones except of BBs

Hi

another office i work for, have vmware consol with esva mail server exchange 2003 on sbs2003. i can add users on active directory then i could sync email accounts with their BBs using BIS just fine.

the problem is i cannot configure same email accounts on iphone or htc or samsung smartphones.
i tried with and without ssl, i am sure usernames and passwords are correct and i am also sure of server name.

in another office i work for (different network), Exchange emails work fine on iphones and on s2.

i get error "cannot verify server identity" so i am assuming it's a licence or trusted certificate problem but i don't know where to start, i appreciate all your help.

thank you
russusAsked:
Who is Participating?
 
Alan HardistyCo-OwnerCommented:
Please have a read through my article about Exchange 2003 / Activesync so that you can check your server configuration and tweak any incorrect settings as necessary:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Any problems, please let me know.

Alan
0
 
davealfordIt SupportCommented:
HAve you forwarded HTTPS (TCP port 443) from your firewall to server?
0
 
russusAuthor Commented:
thank you both, i checked to see if 443 is opened, and it looks like it is. but when i test it using "canyouseeme.org" i get error: i could not see the service on ip address 192.*.*.* (port 443) reason: network is unreachable.



please see attached and let me know what im doing wrong
thank you
443-opened.JPG
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Alan HardistyCo-OwnerCommented:
What Firewall / Router do you have?  Sometime the Remote Management of the router is mapped to the Router itself and you will therefore have to change the default port to something like 444 instead of 443.

That should allow port 443 to be passed through the router.
0
 
russusAuthor Commented:
to be honest, it's the first time i connect to this firewall, it is "monowall" and to access it, i put https:\\defaultGatewayIP:48484
0
 
russusAuthor Commented:
so you're saying to open port 444 and forward it to the mail server exactly same to 443?
0
 
russusAuthor Commented:
i tested port 25 and 80 and i get same error with network unreachable! how can it be? i still receive emails on 25
0
 
davealfordIt SupportCommented:
Check the TCP port 443 rule in the monowall configuration and confirm it is forwarding to the correct internal IP address
0
 
Alan HardistyCo-OwnerCommented:
Don't open & forward port 444 - Activesync can't use ports other than 80 / 443.

Sounds like a firewall issue / firewall configuration issue if the port isn't testing as open.  Not heard of a monowall before!!
0
 
russusAuthor Commented:
dave i could see a rule that forwards anything that comes through port 443 to the ip address of the mail server
0
 
Alan HardistyCo-OwnerCommented:
Let's ignore the firewall for now - in case it is working and in stealth mode or similar.

Please read my article, visit the test site at https://testexchangeconnectivity.com, run the Exchange Activesync test (DO NOT RUN ANYTHING WITH AUTODISCOVER) and then post the results.

You can obscure your domain name / IP Address (or I can for you).

Alan
0
 
russusAuthor Commented:
Alan i read your article, i started with the points and got stuck with testing port 443. i'll run the test and post results shortly. thanks
0
 
russusAuthor Commented:
Alan pls find connectivity test attached
connectivity-test.JPG
0
 
russusAuthor Commented:
Please remove any sensitive data if i've forgotten something. thank you
0
 
russusAuthor Commented:
any follow up? i don't know much about certificates in fact this is maybe the first time i had to deal with this. it says on the image attached "validating certificate name failed" then i went in "tell me more how to resolve" but couldnt find much or didn't know what to look for.

all your help is appreciated. thank you
0
 
russusAuthor Commented:
hey alan, in your article, in
Exchange 2003 (Part of Small Business Server):

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Realm=netbios name (i keep this blank or i add "yourcompany" ?
0
 
Alan HardistyCo-OwnerCommented:
Realm isn't vital - MS keep it blank and the Domain as "\" - but I have fixed issues by adding the Domain in as the internal NETBIOS name.

Try \ and blank and see how you get on.

As you have SBS - you can use my article to generate your own SSL cert using the correct name.

Run through the Connect to the Internet Wizard, change nothing until you get to the Cert part and create a new one for mail.domain.com (I will edit your image above later on).

Once done - re-check your IIS Settings as the Wizard usually adjusts some, then test again.
0
 
Alan HardistyCo-OwnerCommented:
FYI - I'm travelling about today, so replies may be slow in coming.  Replacing a couple of routers for a customer at their Office / Home and setting up a site-to-site VPN.

My article should walk you through most of what you need.
0
 
russusAuthor Commented:
thanks Alan just got to the SSL Certification bit, i'll let you know how it goes.
0
 
Alan HardistyCo-OwnerCommented:
No probs - I'm moving location again soon.
0
 
russusAuthor Commented:
Alan i got to "create web server certificate" and it is at the moment "mydomain.com" so i'll need to change that to "mail.mydomain.com" ?
pls note we access owa using "https:\\mail.mydomain.com\exchange". is changing it will affect BB users? also note BB users don't have this problem
thanks
0
 
Alan HardistyCo-OwnerCommented:
Yes - change that to mail.domain.com - which should make OWA users happier as they won't get an SSL cert error every time.

BB users should be fine.
0
 
russusAuthor Commented:
read through article and followed instructions. the solution that worked for me was recreating ssl certificate that mached my "mail.domain.com".

Alan thank you so much for your help
0
 
russusAuthor Commented:
thank you v much Alan, changing certificate to match my "mail.domain.com" did it for me. cheers
0
 
Alan HardistyCo-OwnerCommented:
Great news - glad that you are working and that my article worked for you.

Don't forget to vote for it too :)

Best wishes

Alan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.