Why my mobile device could not work with my Exchange 2013 server?

This is using MS Exchange 2013 server. However, I found that my mobile handphone couldn't be setup to sync with my exchange server for emails. How should I troubleshoot to get it resolved.

Thanks in advance.
LVL 1
MichaelBalackAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Self Signed certificates are not supported for use with ActiveSync. You need to use a trusted certificate. I wouldn't want to use ActiveSync without a certificate at all, as that means your username and password is going across in the clear.

Are you a domain admin? If not then the above doesn't apply. If you are then you should really be using the split permission model, with two accounts - one admin and one day to day that is not a domain admin (but can be a local admin on your workstation). That is how Microsoft are now designing their products.

Simon.
0
 
Satya PathakLead Technical ConsultantCommented:
follow the below KB it might be help you .

http://msexchangeguru.com/2012/02/01/exchange-activesync/
0
 
Simon Butler (Sembee)ConsultantCommented:
You have provided no information to be able to provide assistance.
You haven't said what the device is (OS etc) or whether you have done anything yourself to resolve the issue.

Create a test account and run it through the Microsoft test site at http://exrca.com/ and see what that flags up.
Do you have a trusted SSL certificate on the server? If not then you will need to change that as most mobile clients will have problems with the self signed certificate generated by Exchange - which isn't supported for production use anyway.

Simon.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
MichaelBalackAuthor Commented:
Hi Simon,

This is using self-signed cert. I will test if without cert, can my andriod work?
0
 
Praveen Kumar BonalaProgrammer AnalystCommented:
Hi MichaelBalack,
prvsly I had similar issue. I have solved in following way, I was domain admin group at that time.

1. Remove your user from domain admin group.

2. configure Active sync or exchange account on your mobile device.

3. Once your mailbox is synced again add your user in domain admin group.

if it doesnot works please check following steps

To work around this issue, assign the Exchange Servers group the right to change permissions against msExchActiveSyncDevices objects. To do this, follow these steps:1.Start Active Directory Users and Computers.
2.Click View, and then click to enable Advanced Features.
3.Right-click the object where you want to change the Exchange Server permissions, and then click Properties.

Note You can change permissions against a user, an organizational unit, or a domain.
4.On the Security tab, click Advanced.
5.Click Add, type Exchange Servers, and then click OK.
6.In the Apply to box, click Descendant msExchActiveSyncDevices objects.
7.Under Permissions, click to enable Modify Permissions.
8.Click OK three times.
0
 
MichaelBalackAuthor Commented:
Hi Praveen,

Let me have some time to do it. I'll update you the results.
0
 
MichaelBalackAuthor Commented:
Hi Simon,

The activesync without cert is just to check whether it works or not.

Btw, how to configure activesync w/o cert?
0
 
Gareth GudgerCommented:
Hey Michael,

ActiveSync works out of the box. All you need is a proper SSL certificate from a trusted third party CA and that's it. (Assuming you have also configured NATing on your firewall)

As Simon mentioned, configuring ActiveSync without SSL is not recommended for the reasons he stated.

GoDaddy has a single name SSL cert on sale right now for $55. And with some Google searching on GoDaddy promo codes you can pick one up for probably close to $40.
0
 
MichaelBalackAuthor Commented:
ok,

Please wait for my updates in 12-hour time.
0
 
MichaelBalackAuthor Commented:
Thanks Simon, after I changed to use MS Internal CA, and mobile using EAS is working fine.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.