How can I enable our Exchange server to allow Droid phones to connect

How can I enable our Exchange server to allow Droid phones to connect they currently cannot. We had users with Blackberries and they worked but the droids will not. I can sync the droid to other email servers for other networks but not this one. We have a single 2003 Exchange server nothing special. All the Droid says in cannot connect. I know I have the mail server setting right on the phone. From the server side, what am I missing?
LVL 2
Axis52401Security AnalystAsked:
Who is Participating?
 
yo_beeDirector of Information TechnologyCommented:
Open IIS > Web Sites > Default Web Site > Right click and select properties > Directory Sercurity Tab > IP address and domian name restrictions
0
 
KaffiendCommented:
Well, have you seen this guide, or something like it?
http://exchange.sembee.info/2003/activesync/server.asp

Let us know where you are stuck in the process.

Also, really old Droids (Android 1.x) will have a problem, no matter if your configuration is perfect.
0
 
Axis52401Security AnalystAuthor Commented:
I checked that site and the steps and when i do a sit says and https://host.example.com/oma (where host.example.com is the name on your SSL certificate). I get the text version on the email account like ti says yet I am still unable to connect via the Droid. I have a 2 Droids I am testing. One is Brand new and the other is about a yea old. On the year old one I can connect to another server with it so I'm sure its not a problem on the phone.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
yo_beeDirector of Information TechnologyCommented:
What version os Windows server are you running?
0
 
yo_beeDirector of Information TechnologyCommented:
Also do you have a cert for the server?
0
 
Axis52401Security AnalystAuthor Commented:
Windows Small Business Server 2003
0
 
yo_beeDirector of Information TechnologyCommented:
You have OWA setup and are able to connect externally?
0
 
Axis52401Security AnalystAuthor Commented:
There is no cert set up but that doesn't stop any of my other clients at other offices from connecting to their 2003 Exchange servers.
The OWA used to work but not that I check I just get a blank page not even an error just a blank white page.
0
 
Axis52401Security AnalystAuthor Commented:
The OWA appears to work internally
0
 
yo_beeDirector of Information TechnologyCommented:
Internal and External are total different monsters.
You need to confirm that OWA even works from an external connection before you go any further.


http://support.microsoft.com/kb/817379
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Also, if you have no SSL cert installed, you are not working securely.  This is generally considered unwise.  If you must run this way and can't afford a cheap GoDaddy SSL cert, then you'll have to make sure you are configuring the android NOT to use SSL/ HTTPS when connecting to the server.
0
 
yo_beeDirector of Information TechnologyCommented:
I.Please verify Authentication settings by the following steps.

For Exchange-oma virtual directory:

1. Open IIS Manager

2. Open properties of virtual directory Exchange-oma

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Enabled Basic authentication

Enabled Integrated Windows authentication

Disabled anonymous access

Note:  make use the ssl option is unchedked on driod.
http://support.vzw.com/clc/devices/knowledge_base.html?id=26594

0
 
Swapnil PrajapatiSr. System AdministratorCommented:
Have you tried giving your full OWA link in the server name ?
0
 
Rob KnightConsultantCommented:
Hi,

An alternative to Exchange ActiveSync is Good Mobile Enterprise - provides a BES like solution with IT Policy controls, messaging and Secure browser to intranet sites (some platforms).

www.good.com

Regards,


RobMobility.
0
 
Axis52401Security AnalystAuthor Commented:
yo_bee:
That link is titled Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003. But we don't require SSL so I don't see how that Applies.

Lee I know its not secure but in other situations it does work. I have other clients with similiar setups and the Droids will connect as long as its unchecked on the phone.

yo_bee: I followed those stops and OWA and the phone still won't connect. Is OWA necessary for the Droid to connect?


Swap I don't know what you mean, On the phone? OWA isn't working anyway
0
 
yo_beeDirector of Information TechnologyCommented:
OWA and Active Sync use similar channels.

For instance If I have a user in my firm wanted to access the mail from the internet while outside the firm they enter https://Webmail.domain.com
This address is the same address used for EAS.

So in some way they are interconnected.

If you are not able to access your Server external through Port 80 (which is what you are trying to set this up on) then EAS will not work.

You will need to route the public address through the router to the internal exchange server (NAT).

These are some things to keep in mind.

You can test internally to see if it even works, but from that point on you need to figure out how to get the devices to communicate from the outside.

I have attached a flow process to this comment to help draw a picture
EAS-flow.PNG
0
 
Axis52401Security AnalystAuthor Commented:
I have routed port 80 on their Sonicwall firewall to the mail server just as it says how to. I don't know if any way of testing that to be sure its open or not
0
 
yo_beeDirector of Information TechnologyCommented:
Do you have multiple public IP's or just one?
You can always just enter the public address in a browser and see what returns

Also this link
https://www.testexchangeconnectivity.com/ has been posted on various thread in EE and seems to help troubleshoot Exchange connectivity issues.

0
 
Axis52401Security AnalystAuthor Commented:
One public IP address I ran that test and got the below. All I can see is its getting an SSL cert from our Sonicwall firewall. I don't know why that is. Is there some way of not using SSL at all?

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.sfdins.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 207.191.217.231
      Testing TCP port 443 on host mail.sfdins.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.sfdins.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US, Issuer: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name mail.sfdins.com doesn't match any name found on the server certificate CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
0
 
yo_beeDirector of Information TechnologyCommented:
I will see if I can put something together with some more detail this evening.
0
 
Axis52401Security AnalystAuthor Commented:
Thanks for all your help
0
 
yo_beeDirector of Information TechnologyCommented:
No Problem!
From what your test results show it looks like the test is trying to communicate over port 443 and not port 80 which is what you are trying to do.

So lets start with the firewall.
So you say you have Port routed to the Exchange server.
I have attached a screenshot of an example that I have setup for a small client.
Does your setup look like this?
 NAT table
0
 
Axis52401Security AnalystAuthor Commented:
Sort of we have a Sonicwall and from what i can tell both port 80 and 443 are set to the internal IP address of our Mail server 192.168.10.5. Though from that exchange test it seems like the SSL response is coming from the Sonicwall even though our sonicwall is set to 192.168.10.1.

0
 
yo_beeDirector of Information TechnologyCommented:
If you OWA is working you should be able to just enter the ip-address (Public) of your ISP in an browser.
http://ip-address/exchange or http://ip-address/owa.  What do you enter internally after the exchange server name?
0
 
Axis52401Security AnalystAuthor Commented:
Internally I can user either http://192.168.10.5/exchange or http://servername/exchange and they both work. Externally I tried both http://publicIP/exchange and http://mxrecorddns/exchange and neither work.
0
 
yo_beeDirector of Information TechnologyCommented:
do you have any IP exclusions on the IIS ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.