How can I enable our Exchange server to allow Droid phones to connect

Well, have you seen this guide, or something like it?
http://exchange.sembee.info/2003/activesync/server.asp

Let us know where you are stuck in the process.

Also, really old Droids (Android 1.x) will have a problem, no matter if your configuration is perfect.

I checked that site and the steps and when i do a sit says and https://host.example.com/oma (where host.example.com is the name on your SSL certificate). I get the text version on the email account like ti says yet I am still unable to connect via the Droid. I have a 2 Droids I am testing. One is Brand new and the other is about a yea old. On the year old one I can connect to another server with it so I'm sure its not a problem on the phone.

What version os Windows server are you running?

Also do you have a cert for the server?

Windows Small Business Server 2003

You have OWA setup and are able to connect externally?

There is no cert set up but that doesn't stop any of my other clients at other offices from connecting to their 2003 Exchange servers.
The OWA used to work but not that I check I just get a blank page not even an error just a blank white page.

The OWA appears to work internally

Internal and External are total different monsters.
You need to confirm that OWA even works from an external connection before you go any further.


http://support.microsoft.com/kb/817379

Also, if you have no SSL cert installed, you are not working securely.  This is generally considered unwise.  If you must run this way and can't afford a cheap GoDaddy SSL cert, then you'll have to make sure you are configuring the android NOT to use SSL/ HTTPS when connecting to the server.

I.Please verify Authentication settings by the following steps.

For Exchange-oma virtual directory:

1. Open IIS Manager

2. Open properties of virtual directory Exchange-oma

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Enabled Basic authentication

Enabled Integrated Windows authentication

Disabled anonymous access

Note:  make use the ssl option is unchedked on driod.
http://support.vzw.com/clc/devices/knowledge_base.html?id=26594

Have you tried giving your full OWA link in the server name ?

Hi,

An alternative to Exchange ActiveSync is Good Mobile Enterprise - provides a BES like solution with IT Policy controls, messaging and Secure browser to intranet sites (some platforms).

www.good.com

Regards,


RobMobility.

yo_bee:
That link is titled Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003. But we don't require SSL so I don't see how that Applies.

Lee I know its not secure but in other situations it does work. I have other clients with similiar setups and the Droids will connect as long as its unchecked on the phone.

yo_bee: I followed those stops and OWA and the phone still won't connect. Is OWA necessary for the Droid to connect?


Swap I don't know what you mean, On the phone? OWA isn't working anyway

OWA and Active Sync use similar channels.

For instance If I have a user in my firm wanted to access the mail from the internet while outside the firm they enter https://Webmail.domain.com
This address is the same address used for EAS.

So in some way they are interconnected.

If you are not able to access your Server external through Port 80 (which is what you are trying to set this up on) then EAS will not work.

You will need to route the public address through the router to the internal exchange server (NAT).

These are some things to keep in mind.

You can test internally to see if it even works, but from that point on you need to figure out how to get the devices to communicate from the outside.

I have attached a flow process to this comment to help draw a picture
EAS-flow.PNG

I have routed port 80 on their Sonicwall firewall to the mail server just as it says how to. I don't know if any way of testing that to be sure its open or not

Do you have multiple public IP's or just one?
You can always just enter the public address in a browser and see what returns

Also this link
https://www.testexchangeconnectivity.com/ has been posted on various thread in EE and seems to help troubleshoot Exchange connectivity issues.

One public IP address I ran that test and got the below. All I can see is its getting an SSL cert from our Sonicwall firewall. I don't know why that is. Is there some way of not using SSL at all?

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.sfdins.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 207.191.217.231
      Testing TCP port 443 on host mail.sfdins.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.sfdins.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US, Issuer: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name mail.sfdins.com doesn't match any name found on the server certificate CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.

I will see if I can put something together with some more detail this evening.

Thanks for all your help

No Problem!
From what your test results show it looks like the test is trying to communicate over port 443 and not port 80 which is what you are trying to do.

So lets start with the firewall.
So you say you have Port routed to the Exchange server.
I have attached a screenshot of an example that I have setup for a small client.
Does your setup look like this?
 

Sort of we have a Sonicwall and from what i can tell both port 80 and 443 are set to the internal IP address of our Mail server 192.168.10.5. Though from that exchange test it seems like the SSL response is coming from the Sonicwall even though our sonicwall is set to 192.168.10.1.

If you OWA is working you should be able to just enter the ip-address (Public) of your ISP in an browser.
http://ip-address/exchange or http://ip-address/owa.  What do you enter internally after the exchange server name?

Internally I can user either http://192.168.10.5/exchange or http://servername/exchange and they both work. Externally I tried both http://publicIP/exchange and http://mxrecorddns/exchange and neither work.

do you have any IP exclusions on the IIS ?