Exchange 2013 - Active Sync/ mobile device connect

Hello

just successfully installed (an got working) Exchange 2013 into our domain after moving away from Mdaemon

Outlook can connect ok etc.

but if i try to connect mobile devices they fail

On my device (samsung) i  add a Exchange ActiveSync account, enter my email address an password

it goes through "autoconfig" then throws an error to say

There are problems with the security certificate for this site

the name of the site does not match the name on the certificate"


Something a little weird is that my device is picking up a previous certificate that we had on our old server - this has subsequently been replaced.

also, what posts do i need to open to allow OWA from outside of the domain?

if i enter mail.domainname.com into a browser, im getting the log on page to our firewall!!

thanks
mudcow007Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NerdsOfTechTechnology ScientistCommented:
On your mobile try choosing manual setup opposed to auto setup.
0
ET SupportCommented:
Hi,  for OWA you need to open port 443 for HTTPS and 80 for HTTP

Do you have ISA server installed in your network , which may still uses the old certificate ?

The current exchange certificate is a selfsigned ?
0
mudcow007Author Commented:
Hi, tried manual setup an got a security warning about the cert again

if i view the cert its all in Hex, if i then click continue i get "setup could not finish - Unable to connect to server"

We dont have ISA as far as im aware.....

In ECP > Servers > certificates > I have the new certificate i purchased yesterday from "GoDaddy" which is enabaled for IMAP, POP, IIS an SMTP"

there are other self signed certificates in there too

We are using a Sonicwall FW - if i use the website "canyouseeme.com" it reckons port 443 & 80 are open

:(
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

ET SupportCommented:
on exchange management shell --> Get-ActiveSyncVirtualDirectory -Server "yourservername" | fl *url*

and see the activesync external url is correct.

Also confirm , you are able to access Outlook web App ( OWA ) from external network

the link should be like  https://"mailserverexternalname"/owa
1
mudcow007Author Commented:
Hi

Get-ActiveSyncVirtualDirectory -Server "yourservername" | fl *url*  
responds with
InternalURL :  https://mail.servername.com/Microsoft-Server-ActiveSync
ExternalURL :  https://mail.servername.com/Microsoft-Server-ActiveSync

which matches the virtual directories

Im unable to get to OWA from outside. using the URL https://mailserveretcetc.com/owa i get a dialogue box from out firewall saying the file is not found

to me, its like the firewall isnt routing properly

what ports does OWA use? is it just 443?

thanks
0
NerdsOfTechTechnology ScientistCommented:
WWW Service (OWA):
TCP 80 for HTTP (IN/OUT)
TCP 443 for HTTPS
1
NerdsOfTechTechnology ScientistCommented:
Also have you "activated" your SSL at godaddy - maybe your server thinks your old cert is active (but it isn't)
1
ET SupportCommented:
Yes, owa uses port number 443 for HTTPS connection...  I guess the firewall doesn't forward the 443 connection requests to the exchange server
1
mudcow007Author Commented:
I think i may have figured it, the Admin page for the firewall uses 443!!

So i changed this to 444 (now i cant access it!!)

but im still unable to reach OWA

if i type https://mail.domainname.com/owa into the browser on my phone i get a white page to say "this webpage can not be displayed"

i will speak to sonicwall i think, an see what they say

updates to follow

if
0
NerdsOfTechTechnology ScientistCommented:
Modifying default HTTP and HTTPS management rules on SonicWALL may render the SonicWALL's Web Management Interface to be inaccessible. You may need to use the CLI to restore the default rules.

Yes, please contact SONICWALL support asap for their recommendations.
1
mudcow007Author Commented:
kinda fixed!

well i can access OWA now from outside the LAN :)

still struggling to get devices to connect though

if i try a manual configuration i get "authentication failed"
0
ET SupportCommented:
okay, now please run the testconnectivity

https://testconnectivity.microsoft.com/

select Exchange ActiveSync Autodiscover option

Also please run the below command and see the output

get-autodiscovervirtualdirectory -Server "yourservername" | fl *url*

Thanks,
Jobin
1
NerdsOfTechTechnology ScientistCommented:
Oh good.

Back to the email settings for mobile:
On the manual config check your settings to make sure your ports, SSL, and authentication settings are correct.
1
mudcow007Author Commented:
cheers guys,

ran the checker, an it connected successfully but with "warnings"

"Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks."

its picking up a previously removed SSL certificate!

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server servername.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=*.onehrsoftware.com, OU=PremiumSSL Wildcard, OU=Software Development, O=OneHR Software, STREET=54 St James Street, L=Liverpool, S=Merseyside, PostalCode=L1 0AB, C=GB, Issuer: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 347 ms.


but in other tests its able to use my new certificate!?

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.servername.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=mail.servername.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 362 ms.
0
ET SupportCommented:
okay,this shows your settings are correct and the configuration seems to be fine.

so it could be your Firewall or iis website still using old certs ..

To confirm,

connect owa using chrome and once logged in , on the chrome address bar , there will be a green lock icon- click on it and see if its showing correct certificate..
1
mudcow007Author Commented:
Well it looks like OWA is using the correct one....

1.jpg
any ideas how i could check iis?

thanks
0
ET SupportCommented:
Well if OWA is right , there shouldn't be nothing wrong with Active Sync configuration on the server.

Please check on any other mobile devices , may be you can try on IOS devices and see or check with other android versions
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mudcow007Author Commented:
hmmm i wonder if my handset has retained the certificate for our old email configuration?
0
mudcow007Author Commented:
i will award you the point as weirdly everything just started to work!?


thanks for your help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.