Solved

iPhone Active Sync issues, mailbox syncs for a short time then stops

Posted on 2012-03-26
10
1,865 Views
Last Modified: 2012-05-02
Here is some backstory before I get to the issues.

This client was on hosted exchange, we have installed a new SBS 2011 and imported their email via PSTs into exchange.

They have 4 users with iPhones, 2 of them work with no problem.  The other 2 sync work briefly for a time when it stops working you can go to the mailbox and it spins saying checking for mail.

One user went a week before it stops working the other goes only 1 day before it stops.

I have done the following in an attempt to resolve:

Removed and re added the account
Removed mobile device partnership from exchange and readded to phones
One of the users completely replaced their hardware and the problem persists
Have tried using IP Address instead of server name on the phone settings.
I have reset both their passwords.
Restarted their router when the issue occurs and it does not resolve.

The server does not state their are any errors with their mailboxes or active sync.  Both are iPhone 4 with iOS 5.1.
0
Comment
Question by:jlburgin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37767111
Are you using the self-issued Exchange certificate or a 3rd party certificate?
0
 

Author Comment

by:jlburgin
ID: 37767134
Using third party UCC Cert from GoDaddy
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37767148
Good :)

Can you please run the Exchange Activesync test at https://testexchangeconnectivity.com and don't use anything Autodiscover, then post the results.

Thanks

Alan
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37767157
try resetting IIS on the server manually and reconnecting the phone.
0
 

Author Comment

by:jlburgin
ID: 37767210
Here are the results from testexchangeconnectivity.com



ExRCA is testing Exchange ActiveSync.
Exchange ActiveSync was tested successfully.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 184.172.xxx.xxx
Testing TCP port 443 on host domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.54.xxx.xxx
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/7/2012 9:46:20 PM, NotAfter = 3/7/2015 9:46:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user techs@domain.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
 <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
 <Culture>en:us</Culture>
 <User>
 <DisplayName>Techs</DisplayName>
 <EMailAddress>Techs@domain.com</EMailAddress>
 </User>
 <Action>
 <Settings>
 <Server>
 <Type>MobileSync</Type>
 <Url>https://remote.domain.com/Microsoft-Server-ActiveSync</Url>
 <Name>https://remote.domain.com/Microsoft-Server-ActiveSync</Name>
 </Server>
 </Settings>
 </Action>
 </Response>
</Autodiscover>

 Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://remote.domain.com/Microsoft-Server-ActiveSync was validated successfully.
Attempting to resolve the host name remote.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.54.xxx.xxx
Testing TCP port 443 on host remote.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server remote.domain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name remote.domain.com was found in the Certificate Subject Alternative Name entry.
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatability problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Tell me more about this issue and how to resolve it
Additional Details
The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
ExRCA is analyzing intermediate certificates that were sent down by the remote server.
All intermediate certificates are present and valid.
Additional Details
All intermediate certificates were present and valid.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/7/2012 9:46:20 PM, NotAfter = 3/7/2015 9:46:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://remote.domain.com/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.1
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Mon, 26 Mar 2012 17:05:58 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

Attempting the FolderSync command on the Exchange ActiveSync session.
The FolderSync command completed successfully.
Additional Details
Number of folders: 17
Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
The Sync command completed successfully.
Additional Details
Status: 1
Attempting to test the GetItemEstimate command for the Inbox folder.
ExRCA successfully received the GetItemEstimate response from the server.
Additional Details
Estimate: 6 messages
Attempting to test synchronization of the Inbox folder.
The Sync command completed successfully.
Additional Details
Number of items synchronized: 6
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37767244
Okay - so all looks good from a server perspective.

Is this an issue with specific users or all users?

Specific devices or all devices?

Have you tried a working user account on a device that doesn't work properly and a now-working account on a known working device?

Trying to narrow down the possibilities and see if it is a device issue or a mailbox issue.

(P.S. - I have hidden your domain name / IP Addresses in your earlier post).
0
 

Author Comment

by:jlburgin
ID: 37767316
Only happens for two users on both their iPhones.  One of the users stated it occurs on their iPad as well.  Everyone else works normally granted this is a small office with a total of 8 users.

I have setup their account on my iPhone and am waiting to see if it starts failing.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 37767386
If the test doesn't work, please check the inherited permissions for the users and Group membership as per my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
0
 

Accepted Solution

by:
jlburgin earned 0 total points
ID: 37903855
Resolution was to completely wipe the device and install all apps manually on the phones.
0
 

Author Closing Comment

by:jlburgin
ID: 37918463
Resolution came from completely wiping the devices
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question