jlburgin
asked on
iPhone Active Sync issues, mailbox syncs for a short time then stops
Here is some backstory before I get to the issues.
This client was on hosted exchange, we have installed a new SBS 2011 and imported their email via PSTs into exchange.
They have 4 users with iPhones, 2 of them work with no problem. The other 2 sync work briefly for a time when it stops working you can go to the mailbox and it spins saying checking for mail.
One user went a week before it stops working the other goes only 1 day before it stops.
I have done the following in an attempt to resolve:
Removed and re added the account
Removed mobile device partnership from exchange and readded to phones
One of the users completely replaced their hardware and the problem persists
Have tried using IP Address instead of server name on the phone settings.
I have reset both their passwords.
Restarted their router when the issue occurs and it does not resolve.
The server does not state their are any errors with their mailboxes or active sync. Both are iPhone 4 with iOS 5.1.
This client was on hosted exchange, we have installed a new SBS 2011 and imported their email via PSTs into exchange.
They have 4 users with iPhones, 2 of them work with no problem. The other 2 sync work briefly for a time when it stops working you can go to the mailbox and it spins saying checking for mail.
One user went a week before it stops working the other goes only 1 day before it stops.
I have done the following in an attempt to resolve:
Removed and re added the account
Removed mobile device partnership from exchange and readded to phones
One of the users completely replaced their hardware and the problem persists
Have tried using IP Address instead of server name on the phone settings.
I have reset both their passwords.
Restarted their router when the issue occurs and it does not resolve.
The server does not state their are any errors with their mailboxes or active sync. Both are iPhone 4 with iOS 5.1.
Alan Hardisty
Are you using the self-issued Exchange certificate or a 3rd party certificate?
ASKER
Using third party UCC Cert from GoDaddy
Good :)
Can you please run the Exchange Activesync test at https://testexchangeconnectivity.com and don't use anything Autodiscover, then post the results.
Thanks
Alan
Can you please run the Exchange Activesync test at https://testexchangeconnectivity.com and don't use anything Autodiscover, then post the results.
Thanks
Alan
try resetting IIS on the server manually and reconnecting the phone.
ASKER
Here are the results from testexchangeconnectivity.c
ExRCA is testing Exchange ActiveSync.
Exchange ActiveSync was tested successfully.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 184.172.xxx.xxx
Testing TCP port 443 on host domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.54.xxx.xxx
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/7/2012 9:46:20 PM, NotAfter = 3/7/2015 9:46:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user techs@domain.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>Techs</Displa
<EMailAddress>Techs@domain
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://remote.domain.com/Microsoft-Server-ActiveSync</Url>
<Name>https://remote.domain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://remote.domain.com/Microsoft-Server-ActiveSync was validated successfully.
Attempting to resolve the host name remote.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.54.xxx.xxx
Testing TCP port 443 on host remote.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server remote.domain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name remote.domain.com was found in the Certificate Subject Alternative Name entry.
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatability problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Tell me more about this issue and how to resolve it
Additional Details
The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
ExRCA is analyzing intermediate certificates that were sent down by the remote server.
All intermediate certificates are present and valid.
Additional Details
All intermediate certificates were present and valid.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/7/2012 9:46:20 PM, NotAfter = 3/7/2015 9:46:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://remote.domain.com/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.1
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Mon, 26 Mar 2012 17:05:58 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The FolderSync command completed successfully.
Additional Details
Number of folders: 17
Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
The Sync command completed successfully.
Additional Details
Status: 1
Attempting to test the GetItemEstimate command for the Inbox folder.
ExRCA successfully received the GetItemEstimate response from the server.
Additional Details
Estimate: 6 messages
Attempting to test synchronization of the Inbox folder.
The Sync command completed successfully.
Additional Details
Number of items synchronized: 6
ExRCA is testing Exchange ActiveSync.
Exchange ActiveSync was tested successfully.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 184.172.xxx.xxx
Testing TCP port 443 on host domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.54.xxx.xxx
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/7/2012 9:46:20 PM, NotAfter = 3/7/2015 9:46:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user techs@domain.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>Techs</Displa
<EMailAddress>Techs@domain
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://remote.domain.com/Microsoft-Server-ActiveSync</Url>
<Name>https://remote.domain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://remote.domain.com/Microsoft-Server-ActiveSync was validated successfully.
Attempting to resolve the host name remote.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.54.xxx.xxx
Testing TCP port 443 on host remote.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server remote.domain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name remote.domain.com was found in the Certificate Subject Alternative Name entry.
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatability problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Tell me more about this issue and how to resolve it
Additional Details
The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
ExRCA is analyzing intermediate certificates that were sent down by the remote server.
All intermediate certificates are present and valid.
Additional Details
All intermediate certificates were present and valid.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 3/7/2012 9:46:20 PM, NotAfter = 3/7/2015 9:46:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://remote.domain.com/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.1
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Mon, 26 Mar 2012 17:05:58 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting the FolderSync command on the Exchange ActiveSync session.
The FolderSync command completed successfully.
Additional Details
Number of folders: 17
Attempting the initial sync to the Inbox folder. This initial sync won't return any data.
The Sync command completed successfully.
Additional Details
Status: 1
Attempting to test the GetItemEstimate command for the Inbox folder.
ExRCA successfully received the GetItemEstimate response from the server.
Additional Details
Estimate: 6 messages
Attempting to test synchronization of the Inbox folder.
The Sync command completed successfully.
Additional Details
Number of items synchronized: 6
Okay - so all looks good from a server perspective.
Is this an issue with specific users or all users?
Specific devices or all devices?
Have you tried a working user account on a device that doesn't work properly and a now-working account on a known working device?
Trying to narrow down the possibilities and see if it is a device issue or a mailbox issue.
(P.S. - I have hidden your domain name / IP Addresses in your earlier post).
Is this an issue with specific users or all users?
Specific devices or all devices?
Have you tried a working user account on a device that doesn't work properly and a now-working account on a known working device?
Trying to narrow down the possibilities and see if it is a device issue or a mailbox issue.
(P.S. - I have hidden your domain name / IP Addresses in your earlier post).
ASKER
Only happens for two users on both their iPhones. One of the users stated it occurs on their iPad as well. Everyone else works normally granted this is a small office with a total of 8 users.
I have setup their account on my iPhone and am waiting to see if it starts failing.
I have setup their account on my iPhone and am waiting to see if it starts failing.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Resolution came from completely wiping the devices