Solved

Some phones not connecting to server after Exchange 2007 to 2013 migration and cert change

Posted on 2013-10-29
7
438 Views
Last Modified: 2014-01-04
After we migrated our Exchange from a Windows Server 2003 R2 server running Outlook 2007 SP3 to a new server running Windows Server 2012 and Exchange 2013, some phones cannot reconnect to the server.

We have tried removing the Exchange account from the phone and adding it back. This worked for some phones but not others. One user even wiped his phone and tried to add the account but it did not work.

There is no problem with any desktop user or OWA user.

One clue may that on a couple of the phones it pointed to a certificate authority that was on the old cert in its error message. We had had to change the UCC cert to point to the new server (and remove the old), and also repointed DNS as part of the migration but these phones are not taking the new path.

Anybody have an idea on troubleshooting steps we could take? Problem phones are mostly LG Lucid and older iPhones + a couple older Motorolas.

I did try mobile device management in the old Exchange console but since we moved the mailboxes already it won't let us manage them. The phones don't exist in the new server mailboxes. I suspect the old association is in place but I don't know how to remove it, or if that is even the problem.


If anyone has any ideas please let me know, thanks!
0
Comment
Question by:FredNorth
  • 5
  • 2
7 Comments
 

Author Comment

by:FredNorth
ID: 39609297
I meant migrated from Exchange 2007 SP3
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39609365
Who issued the SSL certificate?
There have been some odd results with SSL certificates from the more obscure providers with the roots not being in the devices.

Do check that the correct certificate is being handed out though. Browse to https://host.example.com/Microsoft-Server-ActiveSync - you will get some errors, but eventually you will be able to look at the SSL certificate.

Another option would be to run a test account through the Microsoft test site http://exrca.com/ and see if there are any SSL errors flagged.

Ensure that any iPhones are on the latest iOS available as well.

Simon.
0
 

Author Comment

by:FredNorth
ID: 39609813
Tried https://<host.example.com>/Microsoft-Server-ActiveSync - not sure what to do to get past errors.


http://exrca.com/  gave some clues, we think it might be still pointing at the old server. We are thinking about uninstalling Exchange from the old server and/or shutting it down.

Also, is it possible to update root certificates on phones and also add/import a ucc cert to a phone?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:FredNorth
ID: 39609869
Note: I can set up a test email account on these phones. The only account I can't set up is one that was already on the phone.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39612263
The whole point of using a trusted SSL certificate is that you don't have to install anything.
If a new account works, then I suggest that you ensure there are no existing ActiveSync partnerships on the account and then recreate.

Simon.
0
 

Accepted Solution

by:
FredNorth earned 0 total points
ID: 39612602
Simon, Thanks for your response.  It looks like the problem was security permissions for users in AD. Some of our users had inheritance disabled (On the Domain Controller, AD users & computers, user properties, Security tab, Advanced - Inheritance needed to be enabled for the problem users).
0
 

Author Closing Comment

by:FredNorth
ID: 39755815
Microsoft site had the answer
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 management. 5 25
MSExchange 2013 errors 8 34
. .\Variables.ps1 returning CommandNotFound 2 13
Email forwading to another account 6 19
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
how to add IIS SMTP to handle application/Scanner relays into office 365.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question