Link to home
Start Free TrialLog in
Avatar of mudcow007
mudcow007Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Exchange 2013 - Active Sync/ mobile device connect

Hello

just successfully installed (an got working) Exchange 2013 into our domain after moving away from Mdaemon

Outlook can connect ok etc.

but if i try to connect mobile devices they fail

On my device (samsung) i  add a Exchange ActiveSync account, enter my email address an password

it goes through "autoconfig" then throws an error to say

There are problems with the security certificate for this site

the name of the site does not match the name on the certificate"


Something a little weird is that my device is picking up a previous certificate that we had on our old server - this has subsequently been replaced.

also, what posts do i need to open to allow OWA from outside of the domain?

if i enter mail.domainname.com into a browser, im getting the log on page to our firewall!!

thanks
Avatar of NerdsOfTech
NerdsOfTech
Flag of United States of America image

On your mobile try choosing manual setup opposed to auto setup.
Avatar of ET Support
ET Support

Hi,  for OWA you need to open port 443 for HTTPS and 80 for HTTP

Do you have ISA server installed in your network , which may still uses the old certificate ?

The current exchange certificate is a selfsigned ?
Avatar of mudcow007

ASKER

Hi, tried manual setup an got a security warning about the cert again

if i view the cert its all in Hex, if i then click continue i get "setup could not finish - Unable to connect to server"

We dont have ISA as far as im aware.....

In ECP > Servers > certificates > I have the new certificate i purchased yesterday from "GoDaddy" which is enabaled for IMAP, POP, IIS an SMTP"

there are other self signed certificates in there too

We are using a Sonicwall FW - if i use the website "canyouseeme.com" it reckons port 443 & 80 are open

:(
on exchange management shell --> Get-ActiveSyncVirtualDirectory -Server "yourservername" | fl *url*

and see the activesync external url is correct.

Also confirm , you are able to access Outlook web App ( OWA ) from external network

the link should be like  https://"mailserverexternalname"/owa
Hi

Get-ActiveSyncVirtualDirectory -Server "yourservername" | fl *url*  
responds with
InternalURL :  https://mail.servername.com/Microsoft-Server-ActiveSync
ExternalURL :  https://mail.servername.com/Microsoft-Server-ActiveSync

which matches the virtual directories

Im unable to get to OWA from outside. using the URL https://mailserveretcetc.com/owa i get a dialogue box from out firewall saying the file is not found

to me, its like the firewall isnt routing properly

what ports does OWA use? is it just 443?

thanks
WWW Service (OWA):
TCP 80 for HTTP (IN/OUT)
TCP 443 for HTTPS
Also have you "activated" your SSL at godaddy - maybe your server thinks your old cert is active (but it isn't)
Yes, owa uses port number 443 for HTTPS connection...  I guess the firewall doesn't forward the 443 connection requests to the exchange server
I think i may have figured it, the Admin page for the firewall uses 443!!

So i changed this to 444 (now i cant access it!!)

but im still unable to reach OWA

if i type https://mail.domainname.com/owa into the browser on my phone i get a white page to say "this webpage can not be displayed"

i will speak to sonicwall i think, an see what they say

updates to follow

if
Modifying default HTTP and HTTPS management rules on SonicWALL may render the SonicWALL's Web Management Interface to be inaccessible. You may need to use the CLI to restore the default rules.

Yes, please contact SONICWALL support asap for their recommendations.
kinda fixed!

well i can access OWA now from outside the LAN :)

still struggling to get devices to connect though

if i try a manual configuration i get "authentication failed"
okay, now please run the testconnectivity

https://testconnectivity.microsoft.com/

select Exchange ActiveSync Autodiscover option

Also please run the below command and see the output

get-autodiscovervirtualdirectory -Server "yourservername" | fl *url*

Thanks,
Jobin
Oh good.

Back to the email settings for mobile:
On the manual config check your settings to make sure your ports, SSL, and authentication settings are correct.
cheers guys,

ran the checker, an it connected successfully but with "warnings"

"Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks."

its picking up a previously removed SSL certificate!

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server servername.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=*.onehrsoftware.com, OU=PremiumSSL Wildcard, OU=Software Development, O=OneHR Software, STREET=54 St James Street, L=Liverpool, S=Merseyside, PostalCode=L1 0AB, C=GB, Issuer: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 347 ms.


but in other tests its able to use my new certificate!?

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.servername.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=mail.servername.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 362 ms.
okay,this shows your settings are correct and the configuration seems to be fine.

so it could be your Firewall or iis website still using old certs ..

To confirm,

connect owa using chrome and once logged in , on the chrome address bar , there will be a green lock icon- click on it and see if its showing correct certificate..
Well it looks like OWA is using the correct one....

User generated image
any ideas how i could check iis?

thanks
ASKER CERTIFIED SOLUTION
Avatar of ET Support
ET Support

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hmmm i wonder if my handset has retained the certificate for our old email configuration?
i will award you the point as weirdly everything just started to work!?


thanks for your help