Link to home
Start Free TrialLog in
Avatar of lbeach94
lbeach94

asked on

password prompt for Exchange/Active on iOS devices

We are rolling out ActiveSync/Exchange eMail for iOS devices via MDM solution. Exchange accounts are created via MDM profile. Users are prompted with "incorrect password" prompt initially. After entering correct AD passwords, user wait for connectivity to their Exchange mailbox, and after 15-20 mins wait  folder structure/eMail are downloaded on devices. Initial download completes.

Issue is starting where users are getting prompted for password on devices with either of the following on occasions  "Password required "or "Incorrect password" and user has to enter AD password again.Sometimes the prompt take the password, and when it doesn't, user are directed to enter password on the Exchange account created on the device.

Two questions, first, why users are prompted for password prompts, example, "password required" or "incorrect password "when user password has not changed in AD. What settings on iOS device triggers this behavior. Second, why the password prompts don't take passwords.

Response with explanation will be appreciated
Avatar of Rodney Barnhardt
Rodney Barnhardt
Flag of United States of America image

What are you using for the MDM solution? Most, download a profile on the device.
Avatar of lbeach94
lbeach94

ASKER

AirWatch.  Any reason for additional profile ?. Exchange/ActiveSync profile is downloaded on device via MDM. The profile has namespace (SSL URL) , corp domain/user email address as a payload. The profile creates local Exchange account on the device.
Thereafter whenever user clicks Mail icon on device, user is directed via (SSL URL) to corp webproxy/radius/load balancer/CAS/Exchange to access Exchange mailbox.

During exchange account setup on device, user is challenged with Exchange password on the device(understood). Question is,why users are prompted again with either "Password Required" or "Incorrect Password" on the device. User has not changed their passwords AD. The scenario is random, not all users experienced it so far. Trying to understand what causes this password required prompts on the device.  Is it an iOS issue, ActiveSync settings/Others. We are in the pilot mode of 200 + users.
We use MaaS360, it creates profiles that reside on the device for each policy we create. We are heavily managing the devices. Are these devices on IOS6? That caused a similar issue with our provider about 2 weeks ago. They had to "put in a fix" for issues caused by IOS6.
We are using iOS 5.x at this time. Do you know what was the fix ?. How is this MDM issue ?. My understanding is that ActiveSync/Exchange profile is deployed by MDM, and thereafter your device communicate with corp webproxy/Messaging infrastructure to access/sync eMail.

Please share details, appreciated
Just an idea to check, because I have the issue sometimes on other devices in two situations:
As the devices are connected via a telephony provider.... (?! are they?).
a.) when the device can not connect to the server for any reason within a time scope.
i.e. bad connection to the mobile network -> timeout
b.) Sometimes when the connection technology changes
(i.e from GSM/Edge to 3G / 4G), happens mostly in the car....
Another thing to consider is your AD login policies.  Are your users getting locked out?  How many grace logins are allowed?

Can you sync a device without your MDM?
Bembi: Thanks for sharing. We noticed connectivity issues as follows

Corp wi-fi stops syncing emails on the device, but turning wi-fi on & off fixes the issue. this is more of a corp firewall issue.

There are occasions where weak cellular data connectivity will prompt message on devices "Cannot get mail" or "cannot connect to server".

But on both scenarios haven't seen user getting prompted with "password prompts"
Most of our devices are the new Ipads, I will make a note of if cellular connectivity changes b/w 4G and LTE causes password prompts
The fix was a problem with the MDM. They did the coding on there system. We didn't have to do anything on our part. I was calling them because I couldn't find any other reason for the issue. That is when they told me they had identified a problem with IOS 6 and they would have it fixed later that evening.
Rafter9: Users are not locked out of AD. The users didn't changed their AD passwords from desktops or OWA either. The login attempts are 10

Users can't sync a device without MDM.
ASKER CERTIFIED SOLUTION
Avatar of Rafter9
Rafter9
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial