Solved

Cannot get Droid to sync with Exchange 2010 Server

Posted on 2013-12-06
10
597 Views
Last Modified: 2014-01-13
Hello - we have an Exchange 2010 Server that we're trying to get working with Activesync and syncing email on an Android smartphone.  It seems like I have all the settgin correct on the phone but it comes back after about 20 seconds of trying to connect with "wrong address or password. try again", in spite of the username and password being confirmed as correct.  I've tried playing with different ways for entering the username (qualified and unqualified), as well as using the OWA address that works when accessing the same mailbox in a web browser - which works fine.  I've checked the Phone policy (default) in OWA as an admin and confirmed that it is enabled and that the particular user (me) is setup to use the default activesync policy.  I think it's enabled and ready.  Not sure what else I can check.  Any help is appreciated.

thanks,
Damian
0
Comment
Question by:Damian_Gardner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 39702269
Verify everything checks out here - https://testconnectivity.microsoft.com/


Also, if you're  using a domain admin you will have to go into Active Directory, enable the advanced items view in AD users and computers and go to the security settings for the user and check the enable inheritance feature.

You can review this article as well http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3002-Exchange-2007-2010-Web-services-and-Autodiscover-Ultimate-Troubleshooting-Guide.html?sfQueryTermInfo=1+10+30+autodiscov+troubleshoot
0
 

Author Comment

by:Damian_Gardner
ID: 39702282
Thanks for your response.  I did actually check connectivity on the site and I got a certificate error.  not sure if its critical or not, because the phone is supposed to "accept all certificates" I thought.  here's the results:

Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
   Additional Details
  Elapsed Time: 1983 ms.  
 
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Additional Details
  Elapsed Time: 1983 ms.  
 
   Test Steps
   Attempting to test potential Autodiscover URL https://laco.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Additional Details
  Elapsed Time: 1680 ms.  
 
   Test Steps
   Attempting to resolve the host name laco.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 12.133.122.187
Elapsed Time: 725 ms.  
 
 Testing TCP port 443 on host laco.com to ensure it's listening and open.
  The port was opened successfully.
   Additional Details
  Elapsed Time: 595 ms.  
 
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Additional Details
  Elapsed Time: 359 ms.  
 
   Test Steps
   The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server laco.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=*.ae-admin.com, OU=admin site, O=AmericanEagle.com, L=Park Ridge, S=Illinois, C=US, SERIALNUMBER=8Jr7zOj5/BqYOQrx660u1NMxsXYouMR3, Issuer: CN=GeoTrust SSL CA, O="GeoTrust, Inc.", C=US.
Elapsed Time: 212 ms.  
 
 Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name laco.com doesn't match any name found on the server certificate CN=*.ae-admin.com, OU=admin site, O=AmericanEagle.com, L=Park Ridge, S=Illinois, C=US, SERIALNUMBER=8Jr7zOj5/BqYOQrx660u1NMxsXYouMR3.
Elapsed Time: 1 ms.  
 
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.laco.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Additional Details
  Elapsed Time: 173 ms.  
 
   Test Steps
   Attempting to resolve the host name autodiscover.laco.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.laco.com couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 173 ms.  
 
 
 
 Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Additional Details
  Elapsed Time: 27 ms.  
 
   Test Steps
   Attempting to resolve the host name autodiscover.laco.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.laco.com couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 27 ms.  
 
 
 
 Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
   Additional Details
  Elapsed Time: 101 ms.  
 
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.laco.com in DNS.
  The Autodiscover SRV record wasn't found in DNS.
   Tell me more about this issue and how to resolve it
   Additional Details
  Elapsed Time: 100 ms.
0
 
LVL 30

Assisted Solution

by:Britt Thompson
Britt Thompson earned 250 total points
ID: 39702289
You need to create an autodiscover cname record that points to your mail server's public hostname.

IE, autodiscover.yourserver.com would be a CNAME for mail.yourserver.com
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Damian_Gardner
ID: 39702307
ok - so if "exchange.laco.com" is the server address, setup another cname as "autodiscover.laco.com" in the MX records?

thanks
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 39702339
Nope, create a CANME record called autodiscover that points to exchange.laco.com
0
 

Author Comment

by:Damian_Gardner
ID: 39702342
ah - ok, I'll try that. thanks
0
 

Author Comment

by:Damian_Gardner
ID: 39702415
My DNS admin utility won't let me do it, for some reason.  maybe it's an AT&T thing?

DNS CNAME Record Creation
  Error: The CNAME record could not be added. More Info
 
 
* Host Alias:  laco.com.
* Canonical Name:  
  Time To Live:  
  Comment:  
  Schedule this Change (in GMT) for:   Next Download 2013-12-07 01:20:07.157 2013-12-07
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 39702420
You can also create an A record that points to your mail server's public address but its best practice to use a CNAME record.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 39704268
@ renaxonse

"its best practice to use a CNAME record"

Really? Where does it say that? MICROSOFT.COM source only - not their social side or a blog.
A cname just increases the number of lookups on the DNS server and shouldn't really be used unless there are no other choices.

Autodiscover wouldn't stop ActiveSync from working if you configured everything manually.
Do you have a trusted SSL certificate in place? If not, then that is a problem.
If you do, does it have Autodiscover on its as one of its additional host names? If not then setting up the DNS record isn't going to help.

Simon.
0
 

Author Comment

by:Damian_Gardner
ID: 39777762
We purchased a certificate and put it in place, and that seems to have resolved everything.  thanks for your help guys.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question