Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 451
  • Last Modified:

Email on Iphone will Work on external Netowrks but not internal wifi

We have a 2003 SBS DC.  Email works push perfectly outside the company network but, will not work via internal wifi.  I know that you cannot access the external ip address from inside.  Is there any way to correct this issue?
0
cameljoe121
Asked:
cameljoe121
  • 3
  • 3
  • 2
  • +1
1 Solution
 
jerseysamCommented:
Have a look at issue 3 here: http://support.apple.com/kb/TS1868

Seems to be a known issue
0
 
Simon Butler (Sembee)ConsultantCommented:
You need a split DNS system so that the external host name resolves internally.
http://exchange.sembee.info/network/split-dns.asp

The single host name replacement method should work fine.

Simon.
0
 
cameljoe121Author Commented:
I need a little more help here.  The internal clients connect to the mail using the FQDN Server01.Comanyname.local I dont want to have to change all the clients existing config.   The way the existing setup for external mail is either the IP address or MX.companyname.com cant i just add something for the interanl DNS lookup so is the see the MX.companyname.com it will point to the mail server or will this cause an issue?
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
OriNetworksCommented:
I am assuming the iphone is already set up with the email account and then you are turning on wifi to start using it internally. Since it is already using the external ip address, it will still be trying to reach that address. On your firewall you can enable the wifi clients to only access the external IP for the email server instead of blocking all traffic. Or for internal DNS, point the server name that you used to set up the account on the iphone to the internal ip address of the mail server.

Another possibility is that it may be trying to validate the SSL certificate with an external certificate authority and it does not have internet access to do that. In this case you should enable the internal clients to have outside access to the crl lists e.g. crl.verisign.com
http://www.verisign.com/repository/crl.html

Simplest answer:
If the iphone is set to point to mail.mycompany.com make sure the internal record for the mail host is set to the internal ip address.
0
 
OriNetworksCommented:
I just read your last comment. Since you have split DNS, you need to create a duplicate zone in DNS for companyname.com. Add a host for whatever the mail server name is and point it to the internal ip address of the server. Basically you are copying any external DNS record to the internal zone and referencing the internal ip addresses. You would not need to reconfigure  internal clients.
0
 
cameljoe121Author Commented:
Still no joy I added the company.com record in the dns and it still wont point if i used the FQDN company.com-tcp.company.local it will go to the mail server when I do a NSlookup I still get the external ip address
0
 
Simon Butler (Sembee)ConsultantCommented:
Whatever you are entering in to the ActiveSync clients as the FQDN needs to have an internal DNS entry.

You are probably entering host.example.com rather than just example.com.
Also ensure that the clients are using the server for DNS only, and are not getting DNS from the router for example.

Simon.
0
 
cameljoe121Author Commented:
DNS is provided by the server.  On the device I am entering host.company.com.  In the DNS console I added the Host.company.com forwarder it lists under the .com entry but still when i run lookup I get the exernal IP
0
 
Simon Butler (Sembee)ConsultantCommented:
Ensure that you have flushed the DNS cache on whatever you are using to test it. Check from the server itself.

Forwarder? Not sure that was the right thing to do.

The easiest way is to create a new zone called host.example.com, then create a new blank A record with the internal IP address of the Exchange server. That way it doesn't interfere with anything else.

Simon.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now