Solved

Cannot get Droid to sync with Exchange 2010 Server

Posted on 2013-12-06
10
581 Views
Last Modified: 2014-01-13
Hello - we have an Exchange 2010 Server that we're trying to get working with Activesync and syncing email on an Android smartphone.  It seems like I have all the settgin correct on the phone but it comes back after about 20 seconds of trying to connect with "wrong address or password. try again", in spite of the username and password being confirmed as correct.  I've tried playing with different ways for entering the username (qualified and unqualified), as well as using the OWA address that works when accessing the same mailbox in a web browser - which works fine.  I've checked the Phone policy (default) in OWA as an admin and confirmed that it is enabled and that the particular user (me) is setup to use the default activesync policy.  I think it's enabled and ready.  Not sure what else I can check.  Any help is appreciated.

thanks,
Damian
0
Comment
Question by:Damian_Gardner
  • 5
  • 4
10 Comments
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
Verify everything checks out here - https://testconnectivity.microsoft.com/


Also, if you're  using a domain admin you will have to go into Active Directory, enable the advanced items view in AD users and computers and go to the security settings for the user and check the enable inheritance feature.

You can review this article as well http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3002-Exchange-2007-2010-Web-services-and-Autodiscover-Ultimate-Troubleshooting-Guide.html?sfQueryTermInfo=1+10+30+autodiscov+troubleshoot
0
 

Author Comment

by:Damian_Gardner
Comment Utility
Thanks for your response.  I did actually check connectivity on the site and I got a certificate error.  not sure if its critical or not, because the phone is supposed to "accept all certificates" I thought.  here's the results:

Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
   Additional Details
  Elapsed Time: 1983 ms.  
 
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Additional Details
  Elapsed Time: 1983 ms.  
 
   Test Steps
   Attempting to test potential Autodiscover URL https://laco.com/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Additional Details
  Elapsed Time: 1680 ms.  
 
   Test Steps
   Attempting to resolve the host name laco.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 12.133.122.187
Elapsed Time: 725 ms.  
 
 Testing TCP port 443 on host laco.com to ensure it's listening and open.
  The port was opened successfully.
   Additional Details
  Elapsed Time: 595 ms.  
 
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Additional Details
  Elapsed Time: 359 ms.  
 
   Test Steps
   The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server laco.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=*.ae-admin.com, OU=admin site, O=AmericanEagle.com, L=Park Ridge, S=Illinois, C=US, SERIALNUMBER=8Jr7zOj5/BqYOQrx660u1NMxsXYouMR3, Issuer: CN=GeoTrust SSL CA, O="GeoTrust, Inc.", C=US.
Elapsed Time: 212 ms.  
 
 Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name laco.com doesn't match any name found on the server certificate CN=*.ae-admin.com, OU=admin site, O=AmericanEagle.com, L=Park Ridge, S=Illinois, C=US, SERIALNUMBER=8Jr7zOj5/BqYOQrx660u1NMxsXYouMR3.
Elapsed Time: 1 ms.  
 
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.laco.com/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Additional Details
  Elapsed Time: 173 ms.  
 
   Test Steps
   Attempting to resolve the host name autodiscover.laco.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.laco.com couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 173 ms.  
 
 
 
 Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Additional Details
  Elapsed Time: 27 ms.  
 
   Test Steps
   Attempting to resolve the host name autodiscover.laco.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.laco.com couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 27 ms.  
 
 
 
 Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
   Additional Details
  Elapsed Time: 101 ms.  
 
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.laco.com in DNS.
  The Autodiscover SRV record wasn't found in DNS.
   Tell me more about this issue and how to resolve it
   Additional Details
  Elapsed Time: 100 ms.
0
 
LVL 30

Assisted Solution

by:renazonse
renazonse earned 250 total points
Comment Utility
You need to create an autodiscover cname record that points to your mail server's public hostname.

IE, autodiscover.yourserver.com would be a CNAME for mail.yourserver.com
0
 

Author Comment

by:Damian_Gardner
Comment Utility
ok - so if "exchange.laco.com" is the server address, setup another cname as "autodiscover.laco.com" in the MX records?

thanks
0
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
Nope, create a CANME record called autodiscover that points to exchange.laco.com
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Damian_Gardner
Comment Utility
ah - ok, I'll try that. thanks
0
 

Author Comment

by:Damian_Gardner
Comment Utility
My DNS admin utility won't let me do it, for some reason.  maybe it's an AT&T thing?

DNS CNAME Record Creation
  Error: The CNAME record could not be added. More Info
 
 
* Host Alias:  laco.com.
* Canonical Name:  
  Time To Live:  
  Comment:  
  Schedule this Change (in GMT) for:   Next Download 2013-12-07 01:20:07.157 2013-12-07
0
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
You can also create an A record that points to your mail server's public address but its best practice to use a CNAME record.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
Comment Utility
@ renaxonse

"its best practice to use a CNAME record"

Really? Where does it say that? MICROSOFT.COM source only - not their social side or a blog.
A cname just increases the number of lookups on the DNS server and shouldn't really be used unless there are no other choices.

Autodiscover wouldn't stop ActiveSync from working if you configured everything manually.
Do you have a trusted SSL certificate in place? If not, then that is a problem.
If you do, does it have Autodiscover on its as one of its additional host names? If not then setting up the DNS record isn't going to help.

Simon.
0
 

Author Comment

by:Damian_Gardner
Comment Utility
We purchased a certificate and put it in place, and that seems to have resolved everything.  thanks for your help guys.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now