We help IT Professionals succeed at work.

Outlook Web Access works through browser but not through iPad mail

Beamson
Beamson asked
on
My wife's company has Outlook Web Access set up.
She's trying to configure her iPad's e-mail system to access her mail.
All attempts end with the error mesage "Exchange Account - Unable to verify account information"

Through the Safari web browser on her iPad she can access the browser version of OWA with no problems.

I have an almost identical setup for my company/iPad and mine works fine.  I've been trying to spot any differences which might cause her setup to fail.

If I view the https://mail.hercompany/exchange version of the site, there are a few differences to mine.
1) On her version the screen prompts for Domain\User name (but works fine if I leave the domain name out).
On my version the screen just prompts for User name.

2) On her version, she is forewarned of certificate problems in the browser version, but can easily view/install the certificate.
On mine, the certificate isn't queried.

3) On my version of the certificate, the "Certiificate Path" is the same as the mail.myserver.com name.
On her version, the certificate path is a public IP address registered to her business - not sure what for but its neither the public address for her works network, nor that for her web site.

Any ideas?


Comment
Watch Question

Commented:
Hi,

First of all, the fact that the OWA page is reachable from a browser doesn't not automatically means that an external mail client will work.
External mail clients like the one on your iPad probably uses ActiveSync pages, not OWA pages. Usually the beginning of the URL to access ActiveSync poages is the same as the URL for OWA but the last part changes (for example : https://webmail.mydomain.com/exchange for OWA and https://webmail.mydomain.com/Microsoft-Server-ActiveSync for ActiveSync).
When you configure an ActiveSync client you only have to type the beginning of the URL, the client will automatically add the /Microsoft-Server-ActiveSync part.

So if your administrator only published OWA access you won't be able to synchronize an e-mail client using ActiveSync.

Also, if ActiveSync is published, whatever the certificate path is, the important thing is that you don't have any more certificate security allerts when you acces the OWA page.
If you install the certificate, do you still have the security alert the next time you acces the OWA page ?


Have a good day

Author

Commented:
That does make a lot of sense. My business has had ActiveSync configured for iPaqs long before we needed it for iPads and I hadn't made the link that they'd both use the same system for mail.

I've remotely logged in to my wife's Exchange server but with only limited knowledge of the publishing of ActiveSync, I can't tell if this has been properly configured.

In answer to your last question though, after installing the certificate on OWA/ Internet explorer, ie still shows certificate alerts even after the certificate has been installed. Could a certificate error be enough to prevent an ActiveSync based connection from being successful? I'll get her to check that the certificate is viable with her IT support people.

Commented:
Hi again,

Yes, depending of the implementation of the ActiveSync client, some of them requires that the certificate is fully trusted so as soon as there is a security alert on the certificate these ActiveSync clients refuse the connection.
Other ActiveSync client gives you a popup to ask you if you want to proceed anyway, and some other clients proceed silently without any prompt.

So the best practice to avoid any problem with ActiveSync clients is to make things so that there is no more security alerts about the certificate.

Usually, when you receive a certificate security alert you can read the reason in the message. It can be some causes, as an example :

 - the certificate has been issued for a name that is different than the server name used in the URL
 - the certificate is no more valid because of an expired date
 - the certificate has been issued by an authority that is not trusted by your device.

Author

Commented:
I'm afraid I don't know what the solution to this problem was.

My wife's IT support people spent 3 days on and off looking into this and somehow, eventually, it just worked.  I'm not even sure they're wholly sure why!

Commented:
Hi,

May be the certificate was expired and they have renewed it...
We'll probably nerver now.

Have a good day.