Cannot access Exchange 2010 with smartphone

Posted on 2014-03-04
Last Modified: 2014-11-12
We have set up an Exchange 2010 server along side Exchange 2003 for testing and have moved a dozen or so users over, including me. I can send and receive mail OK.  I could access my mail before on my Windows phone or Android device before I moved my mailbox by using the IP address on our internet facing router in the settings when I configured my devices.

Inbound connections from the router goes to our Watchguard device which sends mail to the IP of our spam filter, a WatchGuard device. From there it is all sent to the IP address of Exchange 2003 server. Since I moved my mailbox to the Exchange 2010 server I cannot get mail on my phone or tablet anymore. I assume it is because the spam filter is sending everything to the IP of the Exchange 2003 server, but why are the send-receive connectors not putting me thru to the new Exchange 2010 server?
Question by:LarryDAH
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39905309
You can enable the inheritance from ADUC-> user's properties-> security->advanced-> enabled the inheritance, then you can check. Thanks.

Author Comment

ID: 39906399
I enabled it for my account but still no email. Also, for some reason, it keeps resetting back to 'disabled'.
LVL 11

Expert Comment

ID: 39906928
If your 2003 Server is still your "MAIN" server you are not going to be able to open a much newer mailbox on your 2010 Server.  This is by design.

Put your 2010 server as your "Main" server by changing in your router and DNS Server all records that points to your old server to point the new one.

You are going to get your messages back in your mobile and in your computer, but this will bring some issues somewhere else, your OWA will need to be setup and redirected to match the new server settings and if someone uses OWA and is on the 2003 server they won't be able to open their mailboxes... like you where not able to open yours from the phone.

Users will get the following error:

"Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk."

Reason:   You haven’t set Exchange 2010’s CAS server for it to know what is the URL for your Exchange 2010 Outlook Web App and what is the URL for your legacy Exchange 2003 Outlook Web Access.

Solution:  Open Exchange Management Shell and execute the following by replacing the server with yours:

Get-OwaVirtualDirectory -server internalCASserverName | Set-OwaVirtualDirectory -externalURL -Exchange2003URL 

If your mail flow stop, you might need to add in your 2010 using the EMC under Server Configuration->Hub Transport-Default ServerName receive connector, properties, permission groups "Anonymous users".

You will also have to install a certificate, if your internal and external domains are not the same on the certificate and you can get a "general" certificate or one with up to 5 names on it your users will get the following error message on outlook:

Outlook 2007 security warning: "The name of the security certificate is invalid or does not match the name of the site"

Follow this link to fix that:
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!


Author Comment

ID: 39907937
Well, I was hoping for some time to do testing. Do you mean that any user who accesses their email via a smartphone, tablet, etc will either need to stay on 2003 during the test to keep their connection?

So the 2010 test users won't have phone access or OWA until I move everyone over and point everything to the 2010 server as the main one?
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39908382
If your account has admin permission, it will not work inheritance. That's why Ms recommemdaed xadm id for administrative purpose and normal account should be used for normal operation. If you enabled inheritance for your administrative account, it will disabled automatically, Thanks for understanding.
LVL 11

Accepted Solution

hecgomrec earned 500 total points
ID: 39909338
No.!!! As I explained before:

The 2003 box won't open 2010 mailboxes and 2010 box won't open 2003 mailboxes.

When I say box.... I'm talking about OWA and ActiveSync...  remember... when you use a mobile device you're connecting to the server using any of the virtual directory services (SMTP, IMAP, POP or ActiveSync) therefore you can't expect they will have access to each other specially not from 2003 to 2010 but if you follow my suggestion your 2010 will be able to find your and open your 2003 mailboxes.

Now, I'm not sure about Windows devices (not have configured any yet) but I can tell you that latest Android OS will ask for permission on the devices if not accepted the user can't get or send emails because with 2010 you can do lots of things to the phone remotely, like wipe it, reset it, cancel cameras, cancel wifi, etc. This doesn't happen with iOS or BB they will just get disconnected at about 28% of the transfer from 2003 to 2010 and then back to normal when finish.

When I started mine migration I had same issue... like 3 weeks ago... I fixed the issue with the step I gave you... I'm still not done moving my mailboxes, the new box is in control and all users are getting their emails regardless their connection to the server.

Author Comment

ID: 39909444
Vijaya, does that mean if I use the xadm account to enable inheritance for my account I can sync my phone again to my email box on 2010?
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39911585
No Xadm account will not work with the iPhone. Because it will not allow inheritance, you may try to your normal account. That means should not have any administrative privileges with inheritance. Thanks.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question