Avatar of robmad92009
robmad92009
Flag for United States of America asked on

iPhone users cannot connect to Exchange 2007 SP3: "Cannot Get Mail The connection to the server failed"

For whatever reason, anyone using an iPhone to get mail on our Exchange 2007 server via activesync no longer works. All worked well on 5/18/2012. It simply stopped working. No changes were made to the server at all. I did check out the follwing article:

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Follwing that procedure did not work.

POP3 & IMAP work perfectly.
iOSMicrosoft Legacy OSExchange

Avatar of undefined
Last Comment
robmad92009

8/22/2022 - Mon
Alan Hardisty

Are all your iPhone users on the same mobile phone network?

Have you run the Activesync test for your iPhone users on https://testexchangeconnectivity.com and if so - what are the results?

Do the iPhones work locally on your LAN?

Alan
robmad92009

ASKER
Hi Alan-

It doesn't seem to matter as to how the iPhone users connect. I tried this on my home LAN or Verizon's 3g network. Our CFO is there onsite using their LAN and he gets the same error.

I was just told (while typing this) that even our Droid phones aren't working via activesync as well.

Testing the connectivity at https://testexchangeconnectivity.com came back with an error "The SSL certificate failed one or more certificate validation checks."

and

"Certificate name validation failed"

All had been working for over a year and just stopped working last Friday.
Alan Hardisty

Okay - so did the certificate expire and get renewed by someone and they messed it up?

The name on the certificate should be a Fully Qualified Domain Name e.g., mail.domain.com and should match the name configured in your devices as the Server address in the Activesync profile.

Do the names match and is the Cert name an FQDN?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
robmad92009

ASKER
Alan-

Apologies...my knuckleheaded fingers were typing without the consultation of my brain.

Just to clarify: those on the LAN, computers, Droid phones and iPhones connect just fine.

Only external connections via activesync, which are droids & iPhones are having this issue.

I am an Exchange Server n00b, so please bear with me.

The exchange server was installed just over a year ago and other than adding/disabling users (and backing it up), nothing has been done to it.

I didn't add/remove a certificate, so does a new one need to be set up?
Alan Hardisty

Don't worry - I sometimes have issues with brain not being in gear before mouth goes into action!

Okay - if you didn't install a 3rd party SSL certificate - Exchange would have installed a 1 year SSL certificate by default, so if the anniversary has passed, your certificate has possibly expired, but as things work internally, it suggests a problem wit your firewall.

What firewall do you have and can you access OWA remotely?  it may be that your firewall has lost its configuration / had something changed and now port 443 is being used for remote management of the firewall and not being allowed to pass through.
robmad92009

ASKER
OWA does work. That was one of the first things I checked.

As for the Firewall, it's a Sonicwall Pro 2040. We are allowing HTTPS to the Exchange server.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Alan Hardisty

Okay - can you please post the results of the test site (hiding your domain name / ssl cert name / IP Address).

Thanks

Alan
robmad92009

ASKER
Exchange test site results
server name is mail.schurusa.com

Not sure where to get SSL cert name.
Shreedhar Ette

- Also check the application event log and post any warning or error related to Source: MSExchange ActiveSync
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Alan Hardisty

Okay - the SSL certificate has the name 'SVR4' which doesn't match mail.schurusa.com.

Not sure what has changed, but with that name on the certificate, Activesync isn't going to work.

My recommendation would be to buy a 3rd party SSL certificate from somewhere like GoDaddy (one of the cheapest places for an SSL certificate) and buy a SAN / UCC SSL certificate.

A 1 year 5 Domain Name SSL cert should cost you about $60.

Once installed, your problem should go away.
Shreedhar Ette

- Configure IIS use proper certificate i.e. with common name mail.schurusa.com
robmad92009

ASKER
Alan-

Even though activesync has worked well over a year with all sorts of devices (iPhone, Droid & iPads)?

I see what you're saying. Just find it a little odd that it would all blow up now.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Alan Hardisty

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
robmad92009

ASKER
Found out some items in the application pool of IIS needed to be restarted. All seems well now. I'll award Alan the points though has he has given me food for thought regarding my server.