• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

2003 SBS OWA on my iPhone cannot send or receive. Account adds fine.

Hello Experts,

I have a client with a SBS 2003 server. it has all the latest windows updates.

I can log in OWA internally and externally with http and https

I can add their email accounts to an iPhone or iPad but the account cannot send or receive.

I think I am missing one last setting.

I have a Sonicwall firewall.

Please give me some ideas to try.

Thanks,

Lasareath
0
Lasareath
Asked:
Lasareath
  • 20
  • 19
1 Solution
 
Alan HardistyCommented:
Please have a read through my Exchange 2003 / Activesync article, check your IIS settings, run the test on the test site (specifying manual server settings) and fix and errors, then test the iPhone.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

If you get stuck anywhere or have any questions, please let me know.

Alan
0
 
LasareathAuthor Commented:
Thanks, I passed step 1 & 2 but I can't figure out step 3.

I get to Network Connections, we have two nics, one is disabled and one is set to a static ip of 192.168.0.3
0
 
Alan HardistyCommented:
As per my article:

3. Please check the LAN Adapter Binding order to make sure the NIC that Exchange is bound to is at the top of the list (Start> Run> [type] ncpa.cpl [press enter]> Advanced> Advanced Settings> Connections).

Are you following the instructions in Bold?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LasareathAuthor Commented:
Yes. Ok I got up to step 4.

Which folder is the relevant Virtual Directory that I need to right click?
mylist.jpg
0
 
LasareathAuthor Commented:
Nevermind, I get it now. going through them
0
 
LasareathAuthor Commented:
I went through all the settings, they killed my access to OWA with just http. Https still works.

When I test the connection I get errors pertaining to the SSL Cert:



The SSL certificate failed one or more certificate validation checks.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.


ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, CN=companyweb, CN=server1, CN=localhost, CN=server1.domain.local.

A certificate chain couldn't be constructed for the certificate.
0
 
Alan HardistyCommented:
Okay - does port 443 get forwarded to your Exchange Server or some other device on your firewall?

The certificate looks like a Plesk certificate so something isn't right regarding port forwarding or the FQDN you are using.
0
 
LasareathAuthor Commented:
I had the sonicwall configured by a third party and they confirmed last week that port 443 points to the exchange server.

I can add the account on my iphone. If port 443 is not pointing to the exchange server could I add the account to the iphone?
0
 
Alan HardistyCommented:
Probably not - but then the Activesync Test should show different results.

Do you have access to OWA?

Can you check the name on the SSL certificate used for OWA on your Exchange Server?
0
 
LasareathAuthor Commented:
I do have access to OWA, it does work with HTTPS:

I will take a screen shot of the cert now.................
0
 
Alan HardistyCommented:
Thanks.
0
 
LasareathAuthor Commented:
Here it is
SSL-CERT.jpg
0
 
Alan HardistyCommented:
Okay - if I got yo https://mail.yourdomain.com I see a Plesk page.

If I go to https://mail.yourdomain.com/Exchange I get an Apache error page.

You sure your firewall is pointing to the right place and/or DNS is pointing mail.yourdomain.com to your own Exchange Server?
0
 
LasareathAuthor Commented:
I don't know what a Plesk is.

I do see a certificate error when going to https://mail.mydomain.com/exchange but it logs right in. the URL field turns red for a second while loggin in.
0
 
Alan HardistyCommented:
Are you accessing that URL internally or externally from your server?
0
 
LasareathAuthor Commented:
I'm external, I'm in NJ at home and my client is in NYC.
0
 
LasareathAuthor Commented:
This is the Error I get
Cert-Error.jpg
0
 
Alan HardistyCommented:
Well this is what I see (unless I am using the wrong domain name - which you accidentally posted above)
ActivesyncError.png
0
 
Alan HardistyCommented:
Do you have a host file entry pointing you to a specific IP Address on your computer in c:\windows\system32\drivers\etc\hosts or c:\windows\system32\drivers\etc\lmhosts.sam ?

You can use Notepad to edit both files and check.
0
 
LasareathAuthor Commented:
What do you mean that I accidentally posted the image above?, I meant to post it. It wasnt an accident.

My lmhost and host files are deafult, not modified at all.


I don't understand what my host & lmhost file has to do with my iphone not sending and receiving?
0
 
Alan HardistyCommented:
I'm referring to an earlier post which displayed your domain nane - but never mind.

I'm trying to establish why mail.yourdomain.com/exchange goes to one place for you and a different place for me.

That probably means the test site is seeing the same website that I am seeing which means testing is not going to work.

That's the first hurdle to cross.  When we both see the same site, we can continue to test.
0
 
LasareathAuthor Commented:
You're using the wrong domain name. it is not aaa-arch.com, I manually entered that.

I can log into OWA.

I can log in OWA from any computer, even my macbook air.

They have employees who use OWA everyday fine. They do not have their lmhost or host files modified.

I can add the account to an iPad and Iphone but it does not send and receive.
0
 
Alan HardistyCommented:
Okay - what is your real domain name (which I will hide so no-one can see it)?
0
 
Alan HardistyCommented:
Thanks - just heading to work so will pick this up in about 45 minutes.

I deleted your comment - but I can still see it :)
0
 
LasareathAuthor Commented:
Ok, Thanks.

I'm looking into the config of the sonicwall right now.
0
 
LasareathAuthor Commented:
I'm on the phone with a friend and he said that i need to do the following:

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
0
 
Alan HardistyCommented:
Really - tell your friend he is talking about a completely different method of communication that only enables Outlook to access the server over HTTPS, which has nothing to do with Activesync.  Sorry.
0
 
Alan HardistyCommented:
Okay - so the certificate is self-issued and that means you have to tick the Ignore Trust for SSL tick box on the test site when you run the test, so please go ahead and re-test, tick that box and then see what the results are.

Alan
0
 
LasareathAuthor Commented:
How do I run the test?
0
 
Alan HardistyCommented:
Go to https://testexchangeconnectivity.com and select the Exchange Activesync Test on the first screen.  Click on Next.

On the next screen, select "Manually specify server settings" and enter mail.yourdomain.com, then fill in the remaining details and make sure you tick the "Ignore Trust for SSL" check box.

Fill in the Verification details (if you can read it properly!) and click Verify.

Once the verification is happy, click on Perform Test and then post the results obscuring your Domain Name and IP Address (or if you forget, I can tidy it up for you).
0
 
LasareathAuthor Commented:
All failures now  and I can't add the account to my iphone anymore. I think my friend killed something :(




ExRCA is testing Exchange ActiveSync.

The Exchange ActiveSync test failed.

Test Steps

Attempting the Autodiscover and Exchange ActiveSync test (if requested).

Testing of Autodiscover for Exchange ActiveSync failed.

Test Steps

Attempting each method of contacting the Autodiscover service.

The Autodiscover service couldn't be contacted successfully by any method.

Test Steps

Attempting to test potential Autodiscover URL https://bta-arch.com/AutoDiscover/AutoDiscover.xml

Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name bta-arch.com in DNS.

The host name couldn't be resolved.

 Tell me more about this issue and how to resolve it

Additional Details

Host bta-arch.com couldn't be resolved in DNS InfoNoRecords.

Attempting to test potential Autodiscover URL https://autodiscover.bta-arch.com/AutoDiscover/AutoDiscover.xml

Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name autodiscover.bta-arch.com in DNS.

The host name couldn't be resolved.

 Tell me more about this issue and how to resolve it

Additional Details

Host autodiscover.bta-arch.com couldn't be resolved in DNS InfoDomainNonexistent.

Attempting to contact the Autodiscover service using the HTTP redirect method.

The attempt to contact Autodiscover using the HTTP Redirect method failed.

Test Steps

Attempting to resolve the host name autodiscover.bta-arch.com in DNS.

The host name couldn't be resolved.

Tell me more about this issue and how to resolve it

Additional Details

Host autodiscover.bta-arch.com couldn't be resolved in DNS InfoDomainNonexistent.

Attempting to contact the Autodiscover service using the DNS SRV redirect method.

ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.

Test Steps

Attempting to locate SRV record _autodiscover._tcp.bta-arch.com in DNS.

The Autodiscover SRV record wasn't found in DNS.

Tell me more about this issue and how to resolve it
0
 
Alan HardistyCommented:
Did you run the Exchange Activesync test or the Exchange ActiveSync Autodiscover test?

Should be running the former.
0
 
LasareathAuthor Commented:
I ran the Exchange ActiveSync Test, the first option

I'm trying to reverse the changes my friend had me do and I'm rebooting. then I'll try again.
0
 
Alan HardistyCommented:
Did you specify manual server settings?  I think you may not have.

Will wait to hear how you get on undoing things.
0
 
LasareathAuthor Commented:
I think I ran the test correctly this time around.

I still can't add the account to my iphone anymore though.

attached are the latest results.
results.jpg
0
 
Alan HardistyCommented:
Okay - please return to my article, check the IIS settings are as per my article and then if they are, check the HTTP 500 error section of my article and follow the instructions which refer to KB883380.  When deleting the virtual directories, please also delete the exchange-oma virtual directory, then follow KB817379 to recreate it and then test again.
0
 
LasareathAuthor Commented:
Ok I will Thanks. But I need sleep, been up 22 hours :(
0
 
Alan HardistyCommented:
Sleep - I can relate to that.  I'm around tomorrow - on site in the morning and then at home in the afternoon, so shout when you are rested.
0
 
LasareathAuthor Commented:
I've given up with this Server, Project was Lump sum and I didn't want to give them 30 free hours.

Client has decided to get a new SBS 2011 server. Hopefully that one works out of the box!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 20
  • 19
Tackle projects and never again get stuck behind a technical roadblock.
Join Now