iPhone users cannot connect to Exchange 2007 SP3: "Cannot Get Mail The connection to the server failed"

robmad92009
robmad92009 used Ask the Experts™
on
For whatever reason, anyone using an iPhone to get mail on our Exchange 2007 server via activesync no longer works. All worked well on 5/18/2012. It simply stopped working. No changes were made to the server at all. I did check out the follwing article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Follwing that procedure did not work.

POP3 & IMAP work perfectly.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Are all your iPhone users on the same mobile phone network?

Have you run the Activesync test for your iPhone users on https://testexchangeconnectivity.com and if so - what are the results?

Do the iPhones work locally on your LAN?

Alan

Author

Commented:
Hi Alan-

It doesn't seem to matter as to how the iPhone users connect. I tried this on my home LAN or Verizon's 3g network. Our CFO is there onsite using their LAN and he gets the same error.

I was just told (while typing this) that even our Droid phones aren't working via activesync as well.

Testing the connectivity at https://testexchangeconnectivity.com came back with an error "The SSL certificate failed one or more certificate validation checks."

and

"Certificate name validation failed"

All had been working for over a year and just stopped working last Friday.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - so did the certificate expire and get renewed by someone and they messed it up?

The name on the certificate should be a Fully Qualified Domain Name e.g., mail.domain.com and should match the name configured in your devices as the Server address in the Activesync profile.

Do the names match and is the Cert name an FQDN?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Alan-

Apologies...my knuckleheaded fingers were typing without the consultation of my brain.

Just to clarify: those on the LAN, computers, Droid phones and iPhones connect just fine.

Only external connections via activesync, which are droids & iPhones are having this issue.

I am an Exchange Server n00b, so please bear with me.

The exchange server was installed just over a year ago and other than adding/disabling users (and backing it up), nothing has been done to it.

I didn't add/remove a certificate, so does a new one need to be set up?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Don't worry - I sometimes have issues with brain not being in gear before mouth goes into action!

Okay - if you didn't install a 3rd party SSL certificate - Exchange would have installed a 1 year SSL certificate by default, so if the anniversary has passed, your certificate has possibly expired, but as things work internally, it suggests a problem wit your firewall.

What firewall do you have and can you access OWA remotely?  it may be that your firewall has lost its configuration / had something changed and now port 443 is being used for remote management of the firewall and not being allowed to pass through.

Author

Commented:
OWA does work. That was one of the first things I checked.

As for the Firewall, it's a Sonicwall Pro 2040. We are allowing HTTPS to the Exchange server.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - can you please post the results of the test site (hiding your domain name / ssl cert name / IP Address).

Thanks

Alan

Author

Commented:
Exchange test site results
server name is mail.schurusa.com

Not sure where to get SSL cert name.
Shreedhar EtteTechnical Manager
Top Expert 2010

Commented:
- Also check the application event log and post any warning or error related to Source: MSExchange ActiveSync
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - the SSL certificate has the name 'SVR4' which doesn't match mail.schurusa.com.

Not sure what has changed, but with that name on the certificate, Activesync isn't going to work.

My recommendation would be to buy a 3rd party SSL certificate from somewhere like GoDaddy (one of the cheapest places for an SSL certificate) and buy a SAN / UCC SSL certificate.

A 1 year 5 Domain Name SSL cert should cost you about $60.

Once installed, your problem should go away.
Shreedhar EtteTechnical Manager
Top Expert 2010

Commented:
- Configure IIS use proper certificate i.e. with common name mail.schurusa.com

Author

Commented:
Alan-

Even though activesync has worked well over a year with all sorts of devices (iPhone, Droid & iPads)?

I see what you're saying. Just find it a little odd that it would all blow up now.
Co-Owner
Top Expert 2011
Commented:
I don't understand that either - it is very odd.

When installing Exchange - I always buy a SAN / UCC certificate and install it and everything works, so that would be my recommendation.

I believe it can be done using the self-issued certificate, but not with the name you currently have and if it can be done, I don't know how to.

Author

Commented:
Found out some items in the application pool of IIS needed to be restarted. All seems well now. I'll award Alan the points though has he has given me food for thought regarding my server.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial