Solved

Exchange 2010 Active Sync with iPhone

Posted on 2015-02-05
17
156 Views
Last Modified: 2015-02-09
Hi there

I have a client who cannot access his e-mails when he puts his details in the E-mail settings on his iPhone

the Server is running Exchange 2010

He puts the username / Password / Domain / Server and nothing works

I have tried the same account details on my Android phone it first tells me that there are problems with security certificate for this site and when I press continue I get the following error after checking the incoming server settings : Unable to open connection to Server. Security Error Occurred.

Now I am not very good with exchange in general and Active Sync in particular and have tried to research the issue but got very little information. Can someone please help me to figure out in clear steps what could be the problem?

Thanks
0
Comment
Question by:M SOS
  • 5
  • 4
  • 4
  • +2
17 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 88 total points
Comment Utility
I would first start with the connectivity analyzer.
https://testconnectivity.microsoft.com/

Also does this happen with all accounts or just this users account? Does he have activesync enabled on his mailbox?

Will.
0
 
LVL 1

Assisted Solution

by:Harold
Harold earned 225 total points
Comment Utility
Try this, open AD Users and Computers, go to the OU that contains the user to Authenticate, rht-clk the user, left-clk Properties. You should she a Security<tab>, click.

Under Permissions for Administrators, click Advanced. Tick the box "Allow inheritable permissions from parent to propagate to this object and all child objects. Include these with entries explicitly defined here." click apply and/or ok.

Had similar issue on some company phones and some had to restart after applying the permissions. Different phones, reacted differently.

My article was listed as "Exchange 2010 activesync broke", don't see where to share it. Worked for me.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28417907.html
0
 

Author Comment

by:M SOS
Comment Utility
I run the analyser here is the result

 
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml

Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.

ttempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.

Any Help?

Thanks
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 88 total points
Comment Utility
Based on the test results, it does not appear that you have autodiscover configured externally. Have you tried the manual method using your mail.domain.com address?

Do activesync work for any users?

Will.
0
 

Author Comment

by:M SOS
Comment Utility
Thanks for your help so far ... I will check for other users

Can you please guide me through how to check if its configured correctly?

Thanks
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 187 total points
Comment Utility
If you have auto discover.yourdomain.com included in your SSL certificate, then you need to create an AUTODISCOVER A record in Public DNS.

If you don't then you need to create an SRV record that points to an FQDN that IS included in your SSL certificate (see the following guide for info:)

http://support.microsoft.com/kb/940881

Alan
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
is this user using the new Outlook app from Microsoft for iOS?  If so, the problem is that it doesn't use activesync yet.
0
 

Author Comment

by:M SOS
Comment Utility
Ok Guys your help was great thank you

Now one last request .... can some one point out an article or something on the internet that explains for dummies really how activesync work

Thanks
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:M SOS
Comment Utility
hdoolittle:

What effect or what relation your suggested fix might relate to the issue.

I think it did the trick but I do not understand why.

Thanks
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 187 total points
Comment Utility
Basic explanation of how Activesync works:

Each mobile device, when connected to an Exchange Server keeps an open link to the server (which is refreshed periodically by sending a keep-alive ping).

When a new item arrives in the mailbox that a Mobile device is connected to, the server sends a message to the mobile device(s) telling the device(s) to run a sync so that it can pull down the latest content.

The device then syncs and sucks down the latest changed content on the server.

If a user changes something on the device(s), then the device starts the sync to the server to push the changes back to the server.

Alan
0
 
LVL 1

Assisted Solution

by:Harold
Harold earned 225 total points
Comment Utility
M_SOS:  Mr. Alan Hardisty, has explained the activsync. I'm used to this issue now and everytime I setup a new phone for a user. I immediately go the Security<tab> and push these permissions, because I know I'll most likely have to do anyway.

I'm also a little shocked as Alan not forwarding you this link, as it is his posting, that fixed me several months ago.

Good read.....
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Another note, even if the phone has sync before you may have to push them again on a previously syncing phone. Also, reboots are required on some phones too.

Another helpful note, if you have timed password changing in AD, they do not push out to the phone, passwords have to be manually updated.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
@hdoolittle:

Didn't see much point posting my article as the link you posted in your earlier post included the link to my article and you outlined exactly what to do in my article too :)
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Something to keep in mind, although many don't, when setting up accounts with activesync is to give users instructions as to how to change passwords.  I have had too many users locked out because they neglected to turn off their activesync devices when they changed their passwords on their email via OWA.
0
 
LVL 1

Assisted Solution

by:Harold
Harold earned 225 total points
Comment Utility
@Alan  =>  Team Work!   Thanks!
0
 

Author Comment

by:M SOS
Comment Utility
Thanks guys for all your great help

But before I close the question I just want to know something about this issue that confuses me a bit.

When I run a test sent to this e-mail username@domain.com on the Microsoft Remote Connectivity Analyser all the steps go fine until the very last step of the test which is ( Attempting to send a test email message to username@domain.com using MX domain.eu.domain.com.)

The server returned status code 421 - Service not available, closing transmission channel. The server response was: Service Temporarily Unavailable
Exception details:
Message: Service not available, closing transmission channel. The server response was: Service Temporarily Unavailable
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.RecipientCommand.CheckResponse(SmtpStatusCode statusCode, String response)
at System.Net.Mail.RecipientCommand.Send(SmtpConnection conn, String to, String& response)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
Elapsed Time: 789 ms.

But the client is receiving e-mails

How come?

and again thanks for your great help so far
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 187 total points
Comment Utility
Could be a resource issue with the Exchange Server (lack of disk space / memory).  Difficult to know without knowing more details / running more tests.

Could also be AV / Anti-Spam rejecting the message connection attempts or something similar.

Alan
0
 
LVL 1

Expert Comment

by:Harold
Comment Utility
Sorry to insert a question here but do you guys/gals run AV on your exchange server?  I was told not to, a big NO NO, corrupting datastores. So that is the only thing on the exchange server is, exchange.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now