?
Solved

Activesync  SBS 2011 - Can't connect Android

Posted on 2012-08-12
14
Medium Priority
?
3,649 Views
Last Modified: 2012-08-15
I cannot connect an android phone to an exchange account on SBS 2011.  I have run the test at https://www.testexchangeconnectivity.com/ and it passes when mannually setting host information, but fails using autodiscover.

I have installed a trusted certificate (Go Daddy) on the server.

What else do I need to do to get ohones configured?

Thank you!



Fail Info on autodiscover:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
 Testing of Autodiscover for Exchange ActiveSync failed.
 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Test Steps
 Attempting to test potential Autodiscover URL https://legaltnt.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name legaltnt.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 64.202.189.170

Testing TCP port 443 on host legaltnt.com to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with the remote host.




Attempting to test potential Autodiscover URL https://autodiscover.legaltnt.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.legaltnt.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.138.0.75

Testing TCP port 443 on host autodiscover.legaltnt.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.legaltnt.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: CN=remote.legaltnt.com, OU=Domain Control Validated, O=remote.legaltnt.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name autodiscover.legaltnt.com doesn't match any name found on the server certificate CN=remote.legaltnt.com, OU=Domain Control Validated, O=remote.legaltnt.com.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Test Steps
 Attempting to resolve the host name autodiscover.legaltnt.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.138.0.75

Testing TCP port 80 on host autodiscover.legaltnt.com to ensure it's listening and open.
 The port was opened successfully.
ExRCA is checking the host autodiscover.legaltnt.com for an HTTP redirect to the Autodiscover service.
 The redirect (HTTP 301/302) response was received successfully.
 Additional Details
 Redirect URL: HTTPS://AUTODISCOVER.LEGALTNT.COM/AUTODISCOVER/AUTODISCOVER.XML

Attempting to test potential Autodiscover URL HTTPS://AUTODISCOVER.LEGALTNT.COM/AUTODISCOVER/AUTODISCOVER.XML
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.legaltnt.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.138.0.75

Testing TCP port 443 on host autodiscover.legaltnt.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.legaltnt.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: CN=remote.legaltnt.com, OU=Domain Control Validated, O=remote.legaltnt.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name autodiscover.legaltnt.com doesn't match any name found on the server certificate CN=remote.legaltnt.com, OU=Domain Control Validated, O=remote.legaltnt.com.







Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.legaltnt.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
0
Comment
Question by:Alisanne
  • 10
  • 3
14 Comments
 

Author Comment

by:Alisanne
ID: 38286572
This is a new server setup. I have run internet and email wizards.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 38286619
I believe the certificate name is CN=remote.legaltnt.com
however the URL that you are connecting is mail.legaltnt.com for the mail server, correct me if wrong. Also does the certificate have a Subject alternative name of Mail.legaltnt.com ?
what happens if you run the test on testexchangeconnectivity and check the ignore trust SSL check box ?
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 38286774
As kprad suggested your SSL certificate definitely is configured as remote.legalnt.com so you will need to use that as the server name when you set up your Android phone to connect.

But you should also make sure that you have Autodiscover set up correctly.  Follow this tutorial to do that:
http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/

Jeff
TechSoEasy
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Alisanne
ID: 38287577
the prior server was set to mail.legaltnt.com this sbssetup wizzard created the remote.legaltnt.com.

the go daddy had an a record for mail.legaltnt.com

when the certificate was provisioned, sbs used the remote.legaltnt.com
 and I figured it was better to let the wizzrd stand.  I added an  A record for remote tot he DNS

Go daddy has a cname set to autodiscover points to mail.legaltnt.com, I was afraid to change that becuse i dont want to mess up mail flow...

It looks like go daddy has aN SRV setup.

So tell me if I am on:

1 Delete autodiscover entry
2 Add SRV entry

Do I keep the A record for Mail. or rmeote. or both???
Do I need to rerun any wizards?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 38288696
Do as the article I linked above tells you... delete the autodiscover record and create the SRV one instead.

You will not need the A record for mail.legaltnt.com unless you have some other thing which is configured to use that host name.  There is no harm in keeping it.

You definitely want to keep the A record for remote.legaltnt.com

Once this is complete you should not need to rerun any wizards, however if things still aren't working correctly you can always run the FixMyNetwork wizard.

Jeff
TechSoEasy
0
 

Author Comment

by:Alisanne
ID: 38289863
I run it through tonite and go from there!!  Thank you!
0
 

Author Comment

by:Alisanne
ID: 38290622
I made the changes and ran the test again, it said it was successfull, but When I expanded the test results, there were failded sections. I have attached a print screen for the DNS info and the test results.

But the over all autodiscover test said it was successfull...

But there are two different IP addresses in defferent sections of the test...

Would you please take a look?
DNS-info.docx
0
 

Author Comment

by:Alisanne
ID: 38290640
BTW, I was able to connect another android this morning and the iPhones that were connected previously (before server change) were able to connect once I changed the domian and turned off SSL...

I could no add a new account to an iPhone that had not been previously connected to old server.

Androis seems functional, iPhones are intermittanly getting send errors... some emails go thru and some get stuck.
0
 

Author Comment

by:Alisanne
ID: 38292659
I made the changes last night.

Trying to add an iphone, cannot connect to server using remote.legaltnt.com

But can connect using mail.legaltnt.com, but cannot send out email.

Something is still amiss....

Any ideas?  I posted some printout from last night's changes.

Androids can send and receive...  setup using remote.legaltnt.com
0
 

Author Comment

by:Alisanne
ID: 38292687
I reran the analizer and now its failing:

ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
 Testing of Autodiscover for Exchange ActiveSync failed.
 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Test Steps
 Attempting to test potential Autodiscover URL https://legaltnt.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name legaltnt.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 64.202.189.170

Testing TCP port 443 on host legaltnt.com to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with the remote host.




Attempting to test potential Autodiscover URL https://autodiscover.legaltnt.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.legaltnt.com in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host autodiscover.legaltnt.com couldn't be resolved in DNS InfoDomainNonexistent.



Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Test Steps
 Attempting to resolve the host name autodiscover.legaltnt.com in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host autodiscover.legaltnt.com couldn't be resolved in DNS InfoDomainNonexistent.



Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.legaltnt.com in DNS.
 The Autodiscover SRV record was successfully retrieved from DNS.
 Additional Details
 The Service Location (SRV) record lookup returned host remote.legaltnt.com.

Attempting to test potential Autodiscover URL https://remote.legaltnt.com/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name remote.legaltnt.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 67.138.0.75

Testing TCP port 443 on host remote.legaltnt.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server remote.legaltnt.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: CN=remote.legaltnt.com, OU=Domain Control Validated, O=remote.legaltnt.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name remote.legaltnt.com was found in the Certificate Subject Common name.

Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 Test Steps
 ExRCA is attempting to build certificate chains for certificate CN=remote.legaltnt.com, OU=Domain Control Validated, O=remote.legaltnt.com.
 One or more certificate chains were constructed successfully.
 Additional Details
 A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 Additional Details
 ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.



Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 8/13/2012 5:01:31 AM, NotAfter = 8/13/2013 5:01:31 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 Test Steps
 ExRCA is attempting to retrieve an XML Autodiscover response from URL https://remote.legaltnt.com/Autodiscover/Autodiscover.xml for user pault@legaltnt.com.
 ExRCA failed to obtain an Autodiscover XML response.
 Additional Details
 None of the expected XML elements were found in the XML response.
0
 

Author Comment

by:Alisanne
ID: 38292703
If I set server (remote.) manuall it passes with warnings:

 Validating certificate trust for Windows Mobile devices.
  The certificate is trusted and all certificates are present in the chain.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=remote.legaltnt.com, OU=Domain Control Validated, O=remote.legaltnt.com.
  One or more certificate chains were constructed successfully.
   Additional Details
  A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
 
 Analyzing the certificate chains for compatibility problems with Windows Phone devices.
  Potential compatibility problems were identified with some versions of Windows Phone.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 38296466
So it all seems fine.

Everything working as expected?

Jeff
TechSoEasy
0
 

Author Comment

by:Alisanne
ID: 38298381
Finnally...   they are hooked up and sending...
0
 

Author Closing Comment

by:Alisanne
ID: 38298386
Awesome help! Thank you.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question