mudcow007
asked on
Exchange 2013 - Active Sync/ mobile device connect
Hello
just successfully installed (an got working) Exchange 2013 into our domain after moving away from Mdaemon
Outlook can connect ok etc.
but if i try to connect mobile devices they fail
On my device (samsung) i add a Exchange ActiveSync account, enter my email address an password
it goes through "autoconfig" then throws an error to say
There are problems with the security certificate for this site
the name of the site does not match the name on the certificate"
Something a little weird is that my device is picking up a previous certificate that we had on our old server - this has subsequently been replaced.
also, what posts do i need to open to allow OWA from outside of the domain?
if i enter mail.domainname.com into a browser, im getting the log on page to our firewall!!
thanks
just successfully installed (an got working) Exchange 2013 into our domain after moving away from Mdaemon
Outlook can connect ok etc.
but if i try to connect mobile devices they fail
On my device (samsung) i add a Exchange ActiveSync account, enter my email address an password
it goes through "autoconfig" then throws an error to say
There are problems with the security certificate for this site
the name of the site does not match the name on the certificate"
Something a little weird is that my device is picking up a previous certificate that we had on our old server - this has subsequently been replaced.
also, what posts do i need to open to allow OWA from outside of the domain?
if i enter mail.domainname.com into a browser, im getting the log on page to our firewall!!
thanks
On your mobile try choosing manual setup opposed to auto setup.
Hi, for OWA you need to open port 443 for HTTPS and 80 for HTTP
Do you have ISA server installed in your network , which may still uses the old certificate ?
The current exchange certificate is a selfsigned ?
Do you have ISA server installed in your network , which may still uses the old certificate ?
The current exchange certificate is a selfsigned ?
ASKER
Hi, tried manual setup an got a security warning about the cert again
if i view the cert its all in Hex, if i then click continue i get "setup could not finish - Unable to connect to server"
We dont have ISA as far as im aware.....
In ECP > Servers > certificates > I have the new certificate i purchased yesterday from "GoDaddy" which is enabaled for IMAP, POP, IIS an SMTP"
there are other self signed certificates in there too
We are using a Sonicwall FW - if i use the website "canyouseeme.com" it reckons port 443 & 80 are open
:(
if i view the cert its all in Hex, if i then click continue i get "setup could not finish - Unable to connect to server"
We dont have ISA as far as im aware.....
In ECP > Servers > certificates > I have the new certificate i purchased yesterday from "GoDaddy" which is enabaled for IMAP, POP, IIS an SMTP"
there are other self signed certificates in there too
We are using a Sonicwall FW - if i use the website "canyouseeme.com" it reckons port 443 & 80 are open
:(
on exchange management shell --> Get-ActiveSyncVirtualDirec tory -Server "yourservername" | fl *url*
and see the activesync external url is correct.
Also confirm , you are able to access Outlook web App ( OWA ) from external network
the link should be like https://"mailserverexternalname"/o wa
and see the activesync external url is correct.
Also confirm , you are able to access Outlook web App ( OWA ) from external network
the link should be like https://"mailserverexternalname"/o
ASKER
Hi
Get-ActiveSyncVirtualDirec tory -Server "yourservername" | fl *url*
responds with
InternalURL : https://mail.servername.com/Microsoft-Server-ActiveSync
ExternalURL : https://mail.servername.com/Microsoft-Server-ActiveSync
which matches the virtual directories
Im unable to get to OWA from outside. using the URL https://mailserveretcetc.com/owa i get a dialogue box from out firewall saying the file is not found
to me, its like the firewall isnt routing properly
what ports does OWA use? is it just 443?
thanks
Get-ActiveSyncVirtualDirec
responds with
InternalURL : https://mail.servername.com/Microsoft-Server-ActiveSync
ExternalURL : https://mail.servername.com/Microsoft-Server-ActiveSync
which matches the virtual directories
Im unable to get to OWA from outside. using the URL https://mailserveretcetc.com/owa i get a dialogue box from out firewall saying the file is not found
to me, its like the firewall isnt routing properly
what ports does OWA use? is it just 443?
thanks
WWW Service (OWA):
TCP 80 for HTTP (IN/OUT)
TCP 443 for HTTPS
TCP 80 for HTTP (IN/OUT)
TCP 443 for HTTPS
Also have you "activated" your SSL at godaddy - maybe your server thinks your old cert is active (but it isn't)
Yes, owa uses port number 443 for HTTPS connection... I guess the firewall doesn't forward the 443 connection requests to the exchange server
ASKER
I think i may have figured it, the Admin page for the firewall uses 443!!
So i changed this to 444 (now i cant access it!!)
but im still unable to reach OWA
if i type https://mail.domainname.com/owa into the browser on my phone i get a white page to say "this webpage can not be displayed"
i will speak to sonicwall i think, an see what they say
updates to follow
if
So i changed this to 444 (now i cant access it!!)
but im still unable to reach OWA
if i type https://mail.domainname.com/owa into the browser on my phone i get a white page to say "this webpage can not be displayed"
i will speak to sonicwall i think, an see what they say
updates to follow
if
Modifying default HTTP and HTTPS management rules on SonicWALL may render the SonicWALL's Web Management Interface to be inaccessible. You may need to use the CLI to restore the default rules.
Yes, please contact SONICWALL support asap for their recommendations.
Yes, please contact SONICWALL support asap for their recommendations.
ASKER
kinda fixed!
well i can access OWA now from outside the LAN :)
still struggling to get devices to connect though
if i try a manual configuration i get "authentication failed"
well i can access OWA now from outside the LAN :)
still struggling to get devices to connect though
if i try a manual configuration i get "authentication failed"
okay, now please run the testconnectivity
https://testconnectivity.microsoft.com/
select Exchange ActiveSync Autodiscover option
Also please run the below command and see the output
get-autodiscovervirtualdir ectory -Server "yourservername" | fl *url*
Thanks,
Jobin
https://testconnectivity.microsoft.com/
select Exchange ActiveSync Autodiscover option
Also please run the below command and see the output
get-autodiscovervirtualdir
Thanks,
Jobin
Oh good.
Back to the email settings for mobile:
On the manual config check your settings to make sure your ports, SSL, and authentication settings are correct.
Back to the email settings for mobile:
On the manual config check your settings to make sure your ports, SSL, and authentication settings are correct.
ASKER
cheers guys,
ran the checker, an it connected successfully but with "warnings"
"Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks."
its picking up a previously removed SSL certificate!
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server servername.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.onehrsoftware.com, OU=PremiumSSL Wildcard, OU=Software Development, O=OneHR Software, STREET=54 St James Street, L=Liverpool, S=Merseyside, PostalCode=L1 0AB, C=GB, Issuer: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 347 ms.
but in other tests its able to use my new certificate!?
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.servername.co m on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.servername.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 362 ms.
ran the checker, an it connected successfully but with "warnings"
"Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks."
its picking up a previously removed SSL certificate!
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server servername.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.onehrsoftware.com, OU=PremiumSSL Wildcard, OU=Software Development, O=OneHR Software, STREET=54 St James Street, L=Liverpool, S=Merseyside, PostalCode=L1 0AB, C=GB, Issuer: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 347 ms.
but in other tests its able to use my new certificate!?
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.servername.co
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.servername.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 362 ms.
okay,this shows your settings are correct and the configuration seems to be fine.
so it could be your Firewall or iis website still using old certs ..
To confirm,
connect owa using chrome and once logged in , on the chrome address bar , there will be a green lock icon- click on it and see if its showing correct certificate..
so it could be your Firewall or iis website still using old certs ..
To confirm,
connect owa using chrome and once logged in , on the chrome address bar , there will be a green lock icon- click on it and see if its showing correct certificate..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hmmm i wonder if my handset has retained the certificate for our old email configuration?
ASKER
i will award you the point as weirdly everything just started to work!?
thanks for your help
thanks for your help