Can't successfully connect to exchange 2013 from Android
Everything off site and and on my local network works great. Everything resolves, and no certificate errors. When I try to connect via my Android I just keep getting an error cannot connect.
Ive tried every possible combination username, server name etc. I get an error saying the server responded with an error. check your username and password.
Ive tried every possible combination username, server name etc. I get an error saying the server responded with an error. check your username and password.
ASKER
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Elapsed Time: 24213 ms.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Elapsed Time: 2044 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 2044 ms.
Test Steps
Attempting to test potential Autodiscover URL https://MYDOMAIN.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 433 ms.
Test Steps
Attempting to resolve the host name MYDOMAIN.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 23.238.21.24
Elapsed Time: 142 ms.
Testing TCP port 443 on host MYDOMAIN.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 100 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 190 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server MYDOMAIN.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 132 ms.
Attempting to test potential Autodiscover URL https://autodiscover.MYDOMAIN.com:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 1610 ms.
Test Steps
Attempting to resolve the host name autodiscover.MYDOMAIN.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 174.79.71.246
Elapsed Time: 41 ms.
Testing TCP port 443 on host autodiscover.MYDOMAIN.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 185 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 261 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.MYDOMAIN.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.MYDOMAIN.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 169 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.MYDOMAIN.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.MYDOMAIN.com, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 34 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 4 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 10/7/2014 8:16:33 PM, NotAfter = 10/7/2015 8:16:33 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 382 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 739 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.MYDOMAIN.com:443/Autodiscover/Autodiscover.xml for user vducote@MYDOMAIN.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>MY USER</DisplayName>
<EMailAddress>vducote@MYDOMAIN.com</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.MYDOMAIN.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.MYDOMAIN.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
HTTP Response Headers:
request-id: a19800c8-ad73-4f34-bbb8-9304b2771176
X-CalculatedBETarget: mysrv.srvinc.local
X-DiagInfo: MYSRV
X-BEServer: MYSRV
Persistent-Auth: true
X-FEServer: MYSRV
Content-Length: 738
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Wed, 08 Oct 2014 22:51:22 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-2170533666-3095308062-4124130316-1158=u56Lnp2ejJqBnJzKz86bm5nSmcfOz9LLyZrO0p6cyczSx8/OypuazJrPzsiZgYHOztDPyNDNz87L383NxcrOxc3M; expires=Sat, 08-Nov-2014 04:51:23 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 738 ms.
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://mail.MYDOMAIN.com/Microsoft-Server-ActiveSync was validated successfully.
Additional Details
Elapsed Time: 0 ms.
Attempting to resolve the host name mail.MYDOMAIN.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 174.79.71.246
Elapsed Time: 135 ms.
Testing TCP port 443 on host mail.MYDOMAIN.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 120 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 516 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.MYDOMAIN.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.MYDOMAIN.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 309 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.MYDOMAIN.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.MYDOMAIN.com, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 34 ms.
Analyzing the certificate chains for compatibility problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Tell me more about this issue and how to resolve it
Additional Details
The certificate is not trusted on any version of Windows Phone device. Root = CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
Elapsed Time: 5 ms.
The Microsoft Connectivity Analyzer is analyzing intermediate certificates sent by the remote server.
All intermediate certificates are present and valid.
Additional Details
All intermediate certificates were present and valid.
Elapsed Time: 0 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 10/7/2014 8:16:33 PM, NotAfter = 10/7/2015 8:16:33 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 379 ms.
Testing HTTP Authentication Methods for URL https://mail.MYDOMAIN.com/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic
HTTP Response Headers:
request-id: 94c191ea-538f-42b9-af0c-2d1ea680c035
X-FEServer: MYSRV
Content-Length: 0
Date: Wed, 08 Oct 2014 22:51:24 GMT
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="mail.MYDOMAIN.com"
X-Powered-By: ASP.NET
Elapsed Time: 254 ms.
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Additional Details
Elapsed Time: 20759 ms.
Test Steps
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Additional Details
HTTP Response Headers:
Allow: OPTIONS,POST
request-id: d3fad2c9-27db-4cae-a15d-24f10dfc93d2
X-CalculatedBETarget: mysrv.srvinc.local
MS-Server-ActiveSync: 15.0
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
Public: OPTIONS,POST
X-MS-BackOffDuration: L/-230
X-DiagInfo: MYSRV
X-BEServer: MYSRV
X-FEServer: MYSRV
Content-Length: 0
Cache-Control: private
Content-Type: application/vnd.ms-sync.wbxml
Date: Wed, 08 Oct 2014 22:51:24 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-2170533666-3095308062-4124130316-1158=u56Lnp2ejJqBnJzKz86bm5nSmcfOz9LLyZrO0p6cyczSx8/OypuazJrPzsiZgYHOztDPyNDNz87L383NxcrOxc3L; expires=Sat, 08-Nov-2014 04:51:24 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 358 ms.
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
HTTP Response Headers:
request-id: b564a4fc-04ca-4f24-a94c-de1697781bba
X-CalculatedBETarget: mysrv.srvinc.local
MS-Server-ActiveSync: 15.0
X-MS-RP: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
X-MS-BackOffDuration: L/-229
x-ms-diagnostics: &Log=PrxFrom:fe80%3a%3a41e7%3a43ec%3a368c%3a97f1%2514_V120_HH:mail.MYDOMAIN.com_SmtpAdrs:vducote%40MYDOMAIN.com_NMS1_Ssnf:T_St:F_Sk0_Srv:18a0c0d0s0e0r0A0sd_Ers1_Cpo17156_Fet20016_ExStk:H4sIAAAAAAAEAOVWbW%2fjNgz%2bfsD%2bAz%2fmANdI2h0GBIcCWezeDCxNEed2HzNFYmKtsuRJchHfrx8Vx05667VrtgF7yYdYbyQfkg8pzSS3xpmNj9MdL5jeYjyRNm807753aEumUXs6gJWXRsPFxcU1zH4vmTDP4kRa5N7YJp4k8wotCyK97Bgm3MsHhP4YmO4QbJhUKIBG64INRzH9SwKiDGcqhmUhHaC1xgINtPFg0VvJ1gpjmAghgw6mQOqNIcidNY7OBQGBWqKIv3lzACB6ABZdZbTDMQzb37sx5MhTa8eQ5FlyMbwavRulw%2b8iqKwhcyV8OxxewSC7zT%2fe3Kwm02ma56tF9uGHZf42AkFhgOGbNkx54zyWx6jkaB8kYYrvrPGGG%2bWOe0%2bFa1kg1A4tFIzc0K7ebCSXlA5grWtWbgvvyC8AYP6P2PtRsGpqtKYDZCKmofO25n5xiMMg0%2f7qEkrSzraYiQiCRA%2fumLAISKRWfqJUCCKNlk2FESxliXnFNC3%2bWqPzYT6vfQTfG6OQ1rHzb64Pe2%2fPx5%2bjFovW0KAXOyx0CJ7GZE7svkznuwBenGX8cfzU6SyC21qpQOKfR8BVyGwuBebILC8OICPI9qSVvsk5RZ9SfzKLIKcy0FugKlFoM6L%2fK7yaJGEhp1wHd9Id8trjzAhJNNsD7Lyjal7%2fQkJACG0Twde97U5mVMrETklFGUjUJ7%2bsfNOeOJidHwl%2fPCZd6D6tJ1RJkGpSt6ES0FQMPYHAecbvwVvGMRw71%2fEJgWw%2bY7%2bdhj4zeCrlwPvhc0E4auqhCkpVW1reeKYWoXuh69ZsO53rwHi0%2f7UU%2fhs9ORt5zh7wiJG6tmea49KEdcp3quuSyr%2btebpSqBf4PRM6VOumYs79xJQU7CUg%2fXWdJBg65Yxp6to2fn%2fNV6tEukqxZqpI3eVl%2fH5qkXlsb8Ag1YoQuT3dtGiv16vVCAev8vvW%2bD49E6oUT7YXtT65%2fAcnY2DipPUdmd9MTa2f7cZf8%2fMFlwZdTPdWss3N%2fo3xF7aVvwHXOYZmZk0K2p3BB2XWxHO6CWDbDyNId5Q9DJcKONKUUwZJw16efA7rRwryAvn9jbEztmuVntDzEeQIZvRdm92B%2fFA%2bmv6zPfrT0KempNexiD9WImQ7eQ7ua%2fTRt1LoD%2b63r1h6AYUPXfXPVuiXqj4Ze492WVBQRBCkF%2fATD%2fPR%2bH%2fzMP8NjBYRb%2fQMAAA%3d_S111_Error:ADOperationException1%3aActive+Directory+operation+failed+on+srv01.srvinc.local.+This+error+is+not+retriable.+Additional+information%3a+Access+is+denied.%0d%0aActive+directory+response%3a+00000005%3a+SecErr%3a+DSID-03151E07%2c+problem+4003+(INSUFF%5FACCESS%5FRIGHTS)%2c+data+0%0a_Mbx:MYSRV.srvinc.local_Dc:srv01.srvinc.local_Throttle0_SBkOffD:L%2f-229_DBL7_DBS1_CmdHC-1477255686_TmRcv22:51:25.2615051_TmSt22:51:25.2771331_TmFin22:51:28.0271682_TmCmpl22:51:45.1994553_ActivityContextData:ActivityID%3db564a4fc-04ca-4f24-a94c-de1697781bba%3bDbl%3aST.T%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d287%3bDbl%3aSTCPU.T%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d106%3bI32%3aADR.C%5bsrv01%5d%3d4%3bF%3aADR.AL%5bsrv01%5d%3d4.23085%3bI32%3aADS.C%5bsrv01%5d%3d22%3bF%3aADS.AL%5bsrv01%5d%3d20.48833%3bI32%3aADW.C%5bsrv01%5d%3d1%3bF%3aADW.AL%5bsrv01%5d%3d1.3236%3bI32%3aROP.C%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d69984603%3bI32%3aMAPI.C%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d174%3bI32%3aRPC.C%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d81%3bDbl%3aRPC.T%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d325%3bDbl%3aBudgUse.T%5b%5d%3d2750.03515625%3bDbl%3aMAPI.T%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d325%3bDbl%3aMBLB.T%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d21301%3bI32%3aMB.C%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d81%3bF%3aMB.AL%5bMYSRV.cc501ddf-f810-46e1-ac63-8015de3e017f%5d%3d4.012346%3bI32%3aATE.C%5bsrv01.srvinc.local%5d%3d23%3bF%3aATE.AL%5bsrv01.srvinc.local%5d%3d5.391304%3bS%3aWLM.Cl%3dCustomerExpectation%3bS%3aWLM.Type%3dEas%3bS%3aWLM.Int%3dTrue%3bS%3aWLM.SvcA%3dFalse%3bS%3aWLM.Bal%3d239242.2%3bS%3aWLM.BT%3dEas_Budget:(D)Owner%3aSid%7eSRVINC%5cvducote%7eEas%7efalse%2cConn%3a0%2cMaxConn%3a10%2cMaxBurst%3a240000%2cBalance%3a239242.2%2cCutoff%3a600000%2cRechargeRate%3a360000%2cPolicy%3aGlobalThrottlingPolicy%5F9342f2ed-2bdd-46ac-8869-f09e4eb5f037%2cIsServiceAccount%3aFalse%2cLiveTime%3a00%3a00%3a20.3129807_
X-DiagInfo: MYSRV
X-BEServer: MYSRV
X-FEServer: MYSRV
Content-Length: 5847
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Oct 2014 22:51:44 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-2170533666-3095308062-4124130316-1158=u56Lnp2ejJqBnJzKz86bm5nSmcfOz9LLyZrO0p6cyczSx8/OypuazJrPzsiZgYHOztDPyNDNz87L383NxcrOxcvK; expires=Sat, 08-Nov-2014 04:51:45 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 20400 ms.ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Active Directory is managed on 2003. Don't see a security tab.
ASKER
I tried a different account and it worked, so I think you are on to something.
ASKER
If you don't see the Security tab, then go to the View menu in ADUC and select Advanced Features.
Awesome!
Create a test account and run it through the Microsoft test site at http://exrca.com/ and see whether that flags anything.
Simon.