iPhone users cannot connect to Exchange 2007 SP3: "Cannot Get Mail The connection to the server failed"

Are all your iPhone users on the same mobile phone network?

Have you run the Activesync test for your iPhone users on https://testexchangeconnectivity.com and if so - what are the results?

Do the iPhones work locally on your LAN?

Alan

Hi Alan-

It doesn't seem to matter as to how the iPhone users connect. I tried this on my home LAN or Verizon's 3g network. Our CFO is there onsite using their LAN and he gets the same error.

I was just told (while typing this) that even our Droid phones aren't working via activesync as well.

Testing the connectivity at https://testexchangeconnectivity.com came back with an error "The SSL certificate failed one or more certificate validation checks."

and

"Certificate name validation failed"

All had been working for over a year and just stopped working last Friday.

Okay - so did the certificate expire and get renewed by someone and they messed it up?

The name on the certificate should be a Fully Qualified Domain Name e.g., mail.domain.com and should match the name configured in your devices as the Server address in the Activesync profile.

Do the names match and is the Cert name an FQDN?

Alan-

Apologies...my knuckleheaded fingers were typing without the consultation of my brain.

Just to clarify: those on the LAN, computers, Droid phones and iPhones connect just fine.

Only external connections via activesync, which are droids & iPhones are having this issue.

I am an Exchange Server n00b, so please bear with me.

The exchange server was installed just over a year ago and other than adding/disabling users (and backing it up), nothing has been done to it.

I didn't add/remove a certificate, so does a new one need to be set up?

Don't worry - I sometimes have issues with brain not being in gear before mouth goes into action!

Okay - if you didn't install a 3rd party SSL certificate - Exchange would have installed a 1 year SSL certificate by default, so if the anniversary has passed, your certificate has possibly expired, but as things work internally, it suggests a problem wit your firewall.

What firewall do you have and can you access OWA remotely?  it may be that your firewall has lost its configuration / had something changed and now port 443 is being used for remote management of the firewall and not being allowed to pass through.

OWA does work. That was one of the first things I checked.

As for the Firewall, it's a Sonicwall Pro 2040. We are allowing HTTPS to the Exchange server.

Okay - can you please post the results of the test site (hiding your domain name / ssl cert name / IP Address).

Thanks

Alan

server name is mail.schurusa.com

Not sure where to get SSL cert name.

- Also check the application event log and post any warning or error related to Source: MSExchange ActiveSync

Okay - the SSL certificate has the name 'SVR4' which doesn't match mail.schurusa.com.

Not sure what has changed, but with that name on the certificate, Activesync isn't going to work.

My recommendation would be to buy a 3rd party SSL certificate from somewhere like GoDaddy (one of the cheapest places for an SSL certificate) and buy a SAN / UCC SSL certificate.

A 1 year 5 Domain Name SSL cert should cost you about $60.

Once installed, your problem should go away.

- Configure IIS use proper certificate i.e. with common name mail.schurusa.com

Alan-

Even though activesync has worked well over a year with all sorts of devices (iPhone, Droid & iPads)?

I see what you're saying. Just find it a little odd that it would all blow up now.

Found out some items in the application pool of IIS needed to be restarted. All seems well now. I'll award Alan the points though has he has given me food for thought regarding my server.