iPhone 5 Unable to veify when setting up Exchange account

We have a user that has changed his phone and now is unable to connect to the exchange server (SBS 2011) to get his Emails.

The phone was an iPhone 5 and was working fine until the middle of last week. What he did was take out his sim card put it into a new
iPhone 5 and then have apple wipe the old phone. Everytime he tries to add the account the unable to verify message comes. Have
tried all sorts of things but to no avail. Have also deleted the phone from exchange management console. I am having to to rely that
the user has put the details in correctly as I have no access to the phone.  Not sure what to try next.

Thanks in advance
floyd197Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris CastoroClient ServicesCommented:
can you confirm the iPhone has a data connection? do you have your wireless signal bars at the top.
try not to setup using wifi.
0
Scott CSenior Systems EnginerCommented:
We need to enable ActiveSync Mailbox logging.

Open Exchange management shell on any Exchange server. Run cmd below,
Set-CASMailbox aliasofUser -ActiveSyncDebugLogging:$true

Recreate the issue....try to set the account up again.
 
To retrieve logs.
Get-ActiveSyncDeviceStatistics -Mailbox alias -GetMailboxLog:$true -NotificationEmailAddress yourEmailAddress@contoso.com

Set-CASMailbox aliasofUser -ActiveSyncDebugLogging:$false

Look at the log file retrieved and see what you are getting.

I ran into something like this the other day and it turned out to be a permissions issue.  I was getting "Access Denied".

Post pack what you get.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
floyd197Author Commented:
Thanks. Have just tried to run this and receive the error message the term Set-CASMailbox is not recognised as the name of the cmdlet, function, script file or operable program
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Scott CSenior Systems EnginerCommented:
Are you running this from and Exchange command prompt or the Windows one?  It must be run from an Exchange command prompt.
0
MPCP-MattCommented:
Is there an option in the mail setup for "SSL-Accept all Certificates," different from normal "SSL"? This setting resolved this issue for a client of hours in the past. Please mark as answered if this helps
0
floyd197Author Commented:
No, using Powershell. How do i run this from the Exchange command prompt
0
floyd197Author Commented:
Found it
0
floyd197Author Commented:
Might have to wait until tomorrow to get the user to try it again.
0
Scott CSenior Systems EnginerCommented:
That's fine.
0
floyd197Author Commented:
Does the $false command disable the logging again?

Thanks
0
floyd197Author Commented:
Updated reply from the user. I input my email and password as requested. It verifies. It then asks for my password and it verifies. It then asks for server. I input remote.domain.uk.com and it sticks. I can confirm I have we-fi off and data on.
0
Scott CSenior Systems EnginerCommented:
Yes it does.  Those log files are going to tell the story.
0
floyd197Author Commented:
Update. The user has been to Apple for them to test it but essentially it is doing the same. He has also
tries his wife's iPhone but again it will not get past the verifying stage. What is strange that his old
phone worked and now the new one doesn't.  Any more ideas as I really need to solve it.

Thanks
0
Scott CSenior Systems EnginerCommented:
What did you get back from the ActiveSync Mailbox logging?
0
floyd197Author Commented:
I didn't it comes back with errors. I will post the exact messages
0
floyd197Author Commented:
The message returned is the ActiveSyncDevice -TomS (the user account name in question) cannot be found.
0
floyd197Author Commented:
Any Ideas
0
floyd197Author Commented:
Anybody else. Quite desperate to try and solve this
0
floyd197Author Commented:
Just ran the remote connectivity analyser with the following results.

The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
       Exchange ActiveSync was tested successfully.
       
      Additional Details
       
Elapsed Time: 9251 ms.
       
      Test Steps
       
      Attempting to resolve the host name remote.companydomain.uk.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host remote.companydomain.uk.com to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Additional Details
       
Elapsed Time: 4986 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server remote.designandmaterials.uk.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       
Accept/Require Client Certificates isn't configured.
Elapsed Time: 530 ms.
      Testing HTTP Authentication Methods for URL https://remote.companydomain.uk.com/Microsoft-Server-ActiveSync/.
       The HTTP authentication methods are correct.
       
      Additional Details
      An ActiveSync session is being attempted with the server.
       Testing of an Exchange ActiveSync session completed successfully.
       
      Additional Details
       
      Test Steps

also where can i find the settings to try this?

Open Active Directory Users and Computers.
On the menu at the top of the console, click View > Advanced Features.
Locate and right-click the mailbox account in the console, and then click Properties.
Click the Security tab.
Click Advanced.
Make sure that the check box for "Include inheritable

Thanks
0
Scott CSenior Systems EnginerCommented:
The remote connectivity analyzer isn't going to give you want you need.

Here is the line you need to type in the Exchange command prompt (no quotes)

"Set-CASMailbox TomS -ActiveSyncDebugLogging:$true"

"Get-ActiveSyncDeviceStatistics -Mailbox TomS -GetMailboxLog:$true -NotificationEmailAddress yourEmailAddress@contoso.com"

"Set-CASMailbox TomS -ActiveSyncDebugLogging:$false"

yourEmailAddress@contoso.com == the address where you want the logs to go to.

THAT is going to give you what you need.
0
floyd197Author Commented:
There is loads of text going down the exchange management shell. Is that right
0
floyd197Author Commented:
Returned lots of data. Not sure the logs have gone to an email address
0
floyd197Author Commented:
what exactly do I need to look for
0
Scott CSenior Systems EnginerCommented:
The logs would have gone to the email address you specified as a txt file.

You need to look through that text file for a reason it's not connecting.
0
floyd197Author Commented:
I get a warning message saying the address I want to sens to is invalid
0
Scott CSenior Systems EnginerCommented:
What exactly is the line you are typing?

Here is the MS Blog you need to be following.

http://blogs.technet.com/b/jasonsla/archive/2013/03/19/exchange-activesync-mailbox-logging.aspx

PowerShell Method

Enable the logging on the affected mailbox:

Set-CASMailbox alias -ActiveSyncDebugLogging:$true

Reproduce whatever issue you're dealing with, then gather the logs:

Get-ActiveSyncDeviceStatistics -Mailbox alias -GetMailboxLog:$true -NotificationEmailAddress yourEmailAddress@contoso.com

This will output the log to the screen (in 2010 and above), and email a copy of it to your email.  Easy!
0
floyd197Author Commented:
copied in exchange management shell as instructed and get an activesync device "User" cannot be found. He now has an ipad which I know is setup so you think it would return something
0
Scott CSenior Systems EnginerCommented:
Verify that you are typing the alias correctly and post a screen shot of the command and the error.
0
floyd197Author Commented:
Before I could take a screenshot it said not a valid SMTP address and a lot of text started scrolling down
the screen.
0
floyd197Author Commented:
Is this of any use?
Exchange-Logs.jpg
0
floyd197Author Commented:
Are these the correct logs and do they show anything?
0
Scott CSenior Systems EnginerCommented:
The logs I'm looking for would have been sent to the email address as a txt file.  That's just a small section.  I need the whole thing.
0
floyd197Author Commented:
I get the this is not a valid smtp smtp address message and then in just starts the process. it hasn't send anything to my email address
0
floyd197Author Commented:
Can I just confirm the following is correct.

Get-ActiveSyncDeviceStatistics -Mailbox alias -GetMailboxLog:$true -NotificationEmailAddress myname@mydomain.co.uk. i.e. email you want it sending to. can it be any email address
0
Scott CSenior Systems EnginerCommented:
That is correct.  It can be any email address...even a Gmail one.
0
floyd197Author Commented:
Still getting an invalid smtp address or alias
0
Scott CSenior Systems EnginerCommented:
Take a look at this article.  You might need to get up to the latest RU for Exchange 2010.

https://support.microsoft.com/en-us/kb/3011892

Hopefully this will work.  It normally does.  I've never had issues like this getting log files.

I'll probably be offline for the next 4 days.
0
floyd197Author Commented:
0
floyd197Author Commented:
alos had a look in Outlook web access under phones and tried to retrieve loggings. Please
see attached screenshots
OWA1.png
OWA2.png
0
floyd197Author Commented:
Any more comments? from the supplied screenshots is the phone synching correctly
0
floyd197Author Commented:
Any comments?
0
Scott CSenior Systems EnginerCommented:
Sorry  been busy.

I see what is going on with the commands.

Here is what you need to type.

1.  Set-CASMailbox TomS -ActiveSyncDebugLogging:$true

reproduce the issue.

2.  Get-ActiveSyncDeviceStatistics -Mailbox TomS -GetMailboxLog:$true -NotificationEmailAddress yourEmailAddress@contoso.com

3.  Set-CASMailbox TomS -ActiveSyncDebugLogging:$false


Again, please read this blog...http://blogs.technet.com/b/jasonsla/archive/2013/03/19/exchange-activesync-mailbox-logging.aspx

It will explain what we are doing and why.

The text file you get at your email address should have something in there as to what is going on.

Please post the log.
0
floyd197Author Commented:
Ok will do, I have also tried it through OWA. Should that work as well?
0
floyd197Author Commented:
Just started loging from the OWA and then when I tried to receive logs got the attached message.

Thanks
OWA2.png
0
floyd197Author Commented:
There is also an Ipad synched. The only difference between this and the phone I think is the fact that
ipad gave the option of accepting the certificate and the phone doesn't.
0
Scott CSenior Systems EnginerCommented:
OWA should work but I like the shell commands better.

Let's just stick with those.
0
floyd197Author Commented:
Here is the attached log from the ipad. I will get the user to try connecting the phone again
tomorrow and try and send the log.
0
floyd197Author Commented:
sorry, forgot to add it is just part of the log.
0
Scott CSenior Systems EnginerCommented:
Ok.
0
floyd197Author Commented:
Now working. Got the user to follow the steps below and it now gives the option to trust.

Can you also try connecting you phone by doing the following:
 
Settings > General > Reset (located at the very bottom), then selecting "Reset Network Settings" and confirming, etc. until the iPhone restarts.
 
After restart is complete, start creating the Exchange account as usual.  However, when you get the prompt that asks you to either "Cancel, Trust, or Continue," select TRUST, not Continue.
0
Scott CSenior Systems EnginerCommented:
Congrats.  Activesync can be a pain.
0
floyd197Author Commented:
Thanks for your help. I will give you the points as the help wit the active sync logs was very useful. I also
have another probem with emails appearing to send but then the message Delivery has failed to these recipients or groups comes back.

Do I need to as a new question.

Thanks again
0
Scott CSenior Systems EnginerCommented:
Thank you.  Yes you need to submitt a new question.
0
floyd197Author Commented:
Very infromative. Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
iPhone

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.