Solved

Exchange 2010 users not able to send and receive via mobile devices

Posted on 2016-10-21
20
78 Views
Last Modified: 2016-10-25
Hi Guys,

Just finish setting up new setup for one of my client and installed exchange 2010 sp3 on server 20102 R2. The issue is that with configuring the mail boxes on mobile devices. Users can access emails on outlook via OWA and it works fine. When ever user add new exchange account on mobile device and give all the required information user gets all the ticks and get the option to save but when user go back to his mail account user get message display on screen "Cannot Get Mail The connection to the server failed"

I checked all the settings and everything seems to be fine. SSL certificate installed ports 80,443,25, 587 are open on firewall. Public ip address is also configured for the exchange server.

Hope to hear from you guys soon.

Regards,
0
Comment
Question by:Vikram Sokhi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 2
  • +2
20 Comments
 
LVL 9

Expert Comment

by:Ibrahim Benna
ID: 41853676
How are you publishing external client connectivity (OWA/ActiveSync/RPC over HTTP) - through a reverse proxy or do you have the external IP directly NAT'ed to the Exchange?

Also is this happening on different phone types? Is this an issue with all users?

I would start troubleshooting by running the Exchange connectivity analyzer (https://testconnectivity.microsoft.com/) and see what results you get from the ActiveSync test.
0
 

Author Comment

by:Vikram Sokhi
ID: 41853681
The connectivity is via external IP directly NAT'ed to exchange.

The issue is happening on all mobile devices.
0
 
LVL 31

Expert Comment

by:Scott C
ID: 41853682
Try the Outlook for mobile clients.

I've found many of my users prefer it to the built-in email client.

https://www.microsoft.com/en-us/outlook-com/mobile/
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Expert Comment

by:Ibrahim Benna
ID: 41853690
ScottCha

When I tried the Outlook for mobile client about a year ago, I wasn't impressed because the calendar was not integrated with the phone calendar. has this changed?
0
 
LVL 17

Expert Comment

by:Ivan
ID: 41853699
Hi,

can you run ActiveSync test on: https://testconnectivity.microsoft.com/

Maybe it can help a bit.

Regards,
Ivan.
0
 
LVL 31

Expert Comment

by:Scott C
ID: 41853704
No, that hasn't changed, but it is a good way to test and the OP might not care about calendar integration with the device.
0
 

Author Comment

by:Vikram Sokhi
ID: 41853705
The result from  https://testconnectivity.microsoft.com/

the Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Additional Details
       
Elapsed Time: 21260 ms.
       
      Test Steps
       
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Additional Details
       
Elapsed Time: 21260 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
Elapsed Time: 21260 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 21170 ms.
       
      Test Steps
       
      Attempting to resolve the host name vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 85.233.160.22
Elapsed Time: 62 ms.
      Testing TCP port 443 on host vdstech.co.uk to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 21107 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 60 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host autodiscover.vdstech.co.uk couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 60 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
Elapsed Time: 12 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host autodiscover.vdstech.co.uk couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 12 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 17 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.vdstech.co.uk in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 17 ms.

Start OverRun Test Again
0
 
LVL 9

Accepted Solution

by:
Ibrahim Benna earned 500 total points
ID: 41853722
Looks like you did not publish AutoDiscover namespace to the internet. You need to register AutoDiscover.yourdomain.uk with the same external IP address as your OWA namespace on the public DNS. What is the URL you use to connect to OWA from the internet?

ScottCha - I was actually asking for myself :). wanted to know if I should try the app again :) thanks
0
 

Author Comment

by:Vikram Sokhi
ID: 41853724
Just going to make the change on my public DNS and update you all...

I did try the app but its not even connecting.. may be because of AutoDiscover
0
 
LVL 11

Expert Comment

by:Tej Pratap Shukla ~Dexter
ID: 41853730
Hi
Please follow below links to fix Exchange Autodiscover Issue in Exchange Server 2010.
http://exchange-server-guide.blogspot.com/2014/07/resolve-exchange-autodiscover-error-600.html
0
 

Author Comment

by:Vikram Sokhi
ID: 41853740
After making changes to DNS


      The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Additional Details
       
Elapsed Time: 21440 ms.
       
      Test Steps
       
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Additional Details
       
Elapsed Time: 21440 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
Elapsed Time: 21439 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 21067 ms.
       
      Test Steps
       
      Attempting to resolve the host name vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 85.233.160.22
Elapsed Time: 34 ms.
      Testing TCP port 443 on host vdstech.co.uk to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 21033 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 279 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 46.18.86.19
Elapsed Time: 97 ms.
      Testing TCP port 443 on host autodiscover.vdstech.co.uk to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 63 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 118 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.vdstech.co.uk on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=hostmail.vdstech.co.uk, OU=PositiveSSL, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 93 ms.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host name autodiscover.vdstech.co.uk doesn't match any name found on the server certificate CN=hostmail.vdstech.co.uk, OU=PositiveSSL, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
Elapsed Time: 59 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 46.18.86.19
Elapsed Time: 10 ms.
      Testing TCP port 80 on host autodiscover.vdstech.co.uk to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 24 ms.
      The Microsoft Connectivity Analyzer is checking the host autodiscover.vdstech.co.uk for an HTTP redirect to the Autodiscover service.
       The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
       
      Additional Details
       
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.
HTTP Response Headers:
Content-Length: 58
Content-Type: text/html
Date: Fri, 21 Oct 2016 12:56:17 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Elapsed Time: 24 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 18 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.vdstech.co.uk in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 18 ms.
0
 
LVL 9

Expert Comment

by:Ibrahim Benna
ID: 41853747
So it looks like now the AutoDiscover record exists but your certificate is not valid. The certificate does not seem to have AutoDiscover.yourdomain.uk registered on it.

Looking at it you only have Hotmail.yourdomain.uk and www.hostmail.yourdomain.uk (you really don't even need the second one). you need to create a new certificate with both these names on it:

hostmail.yourdomain,.uk
AutoDiscover.yourdomain.uk
0
 

Author Comment

by:Vikram Sokhi
ID: 41853753
Can we do that...Can we have certificate with both names on...
0
 
LVL 9

Expert Comment

by:Ibrahim Benna
ID: 41853756
Yes you can...its called a SAN Certificate or a UC Certificate. it is a requirement for Exchange servers actually.
0
 

Author Comment

by:Vikram Sokhi
ID: 41853780
Can i use wild card certificate...
0
 
LVL 9

Expert Comment

by:Ibrahim Benna
ID: 41853799
Most certainly you can.
0
 

Author Comment

by:Vikram Sokhi
ID: 41853803
Thanks...
0
 

Author Comment

by:Vikram Sokhi
ID: 41853973
Ok I buy the SAN certificate and re run the autodiscovery test

Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Autodiscover was successfully tested for Exchange ActiveSync.
       
      Additional Details
       
Elapsed Time: 22077 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service was tested successfully.
       
      Additional Details
       
Elapsed Time: 22077 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 21388 ms.
       
      Test Steps
       
      Attempting to resolve the host name vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 85.233.160.22
Elapsed Time: 324 ms.
      Testing TCP port 443 on host vdstech.co.uk to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 21064 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of the Autodiscover URL was successful.
       
      Additional Details
       
Elapsed Time: 689 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 46.18.86.19
Elapsed Time: 80 ms.
      Testing TCP port 443 on host autodiscover.vdstech.co.uk to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 49 ms.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Additional Details
       
Elapsed Time: 129 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.vdstech.co.uk on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=hostmail.vdstech.co.uk, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 71 ms.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       
Host name autodiscover.vdstech.co.uk was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=hostmail.vdstech.co.uk, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated.
       One or more certificate chains were constructed successfully.
       
      Additional Details
       
A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 20 ms.
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
       
      Additional Details
       
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       
The certificate is valid. NotBefore = 10/21/2016 12:00:00 AM, NotAfter = 10/21/2017 11:59:59 PM
Elapsed Time: 0 ms.
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       
Accept/Require Client Certificates isn't configured.
Elapsed Time: 90 ms.
      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       
      Additional Details
       
Elapsed Time: 339 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml for user Administrator@vdstech.co.uk.
       The Autodiscover XML response was successfully retrieved.
       
      Additional Details
       
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>Administrator</DisplayName>
<EMailAddress>Administrator@vdstech.co.uk</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://hostmail.vdstech.co.uk/Microsoft-Server-ActiveSync</Url>
<Name>https://hostmail.vdstech.co.uk/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 738
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Fri, 21 Oct 2016 14:55:35 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 339 ms.
0
 

Author Comment

by:Vikram Sokhi
ID: 41853984
I am still not able to get the mobile users to send and receive emails
0
 
LVL 9

Expert Comment

by:Ibrahim Benna
ID: 41854124
Then it Is the phone issue - what type of phone are you using? Can you try a different phone. The test results above show a successful attempt.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question