Solved

Exchange 2010 users not able to send and receive via mobile devices

Posted on 2016-10-21
20
48 Views
Last Modified: 2016-10-25
Hi Guys,

Just finish setting up new setup for one of my client and installed exchange 2010 sp3 on server 20102 R2. The issue is that with configuring the mail boxes on mobile devices. Users can access emails on outlook via OWA and it works fine. When ever user add new exchange account on mobile device and give all the required information user gets all the ticks and get the option to save but when user go back to his mail account user get message display on screen "Cannot Get Mail The connection to the server failed"

I checked all the settings and everything seems to be fine. SSL certificate installed ports 80,443,25, 587 are open on firewall. Public ip address is also configured for the exchange server.

Hope to hear from you guys soon.

Regards,
0
Comment
Question by:Vikram Sokhi
  • 9
  • 7
  • 2
  • +2
20 Comments
 
LVL 9

Expert Comment

by:DeBlackman
Comment Utility
How are you publishing external client connectivity (OWA/ActiveSync/RPC over HTTP) - through a reverse proxy or do you have the external IP directly NAT'ed to the Exchange?

Also is this happening on different phone types? Is this an issue with all users?

I would start troubleshooting by running the Exchange connectivity analyzer (https://testconnectivity.microsoft.com/) and see what results you get from the ActiveSync test.
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
The connectivity is via external IP directly NAT'ed to exchange.

The issue is happening on all mobile devices.
0
 
LVL 29

Expert Comment

by:ScottCha
Comment Utility
Try the Outlook for mobile clients.

I've found many of my users prefer it to the built-in email client.

https://www.microsoft.com/en-us/outlook-com/mobile/
0
 
LVL 9

Expert Comment

by:DeBlackman
Comment Utility
ScottCha

When I tried the Outlook for mobile client about a year ago, I wasn't impressed because the calendar was not integrated with the phone calendar. has this changed?
0
 
LVL 15

Expert Comment

by:Ivan
Comment Utility
Hi,

can you run ActiveSync test on: https://testconnectivity.microsoft.com/

Maybe it can help a bit.

Regards,
Ivan.
0
 
LVL 29

Expert Comment

by:ScottCha
Comment Utility
No, that hasn't changed, but it is a good way to test and the OP might not care about calendar integration with the device.
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
The result from  https://testconnectivity.microsoft.com/

the Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Additional Details
       
Elapsed Time: 21260 ms.
       
      Test Steps
       
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Additional Details
       
Elapsed Time: 21260 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
Elapsed Time: 21260 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 21170 ms.
       
      Test Steps
       
      Attempting to resolve the host name vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 85.233.160.22
Elapsed Time: 62 ms.
      Testing TCP port 443 on host vdstech.co.uk to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 21107 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 60 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host autodiscover.vdstech.co.uk couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 60 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
Elapsed Time: 12 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host autodiscover.vdstech.co.uk couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 12 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 17 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.vdstech.co.uk in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 17 ms.

Start OverRun Test Again
0
 
LVL 9

Accepted Solution

by:
DeBlackman earned 500 total points
Comment Utility
Looks like you did not publish AutoDiscover namespace to the internet. You need to register AutoDiscover.yourdomain.uk with the same external IP address as your OWA namespace on the public DNS. What is the URL you use to connect to OWA from the internet?

ScottCha - I was actually asking for myself :). wanted to know if I should try the app again :) thanks
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
Just going to make the change on my public DNS and update you all...

I did try the app but its not even connecting.. may be because of AutoDiscover
0
 
LVL 11

Expert Comment

by:Tej Pratap Shukla ~Dexter
Comment Utility
Hi
Please follow below links to fix Exchange Autodiscover Issue in Exchange Server 2010.
http://exchange-server-guide.blogspot.com/2014/07/resolve-exchange-autodiscover-error-600.html
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 

Author Comment

by:Vikram Sokhi
Comment Utility
After making changes to DNS


      The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Additional Details
       
Elapsed Time: 21440 ms.
       
      Test Steps
       
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Additional Details
       
Elapsed Time: 21440 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
Elapsed Time: 21439 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 21067 ms.
       
      Test Steps
       
      Attempting to resolve the host name vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 85.233.160.22
Elapsed Time: 34 ms.
      Testing TCP port 443 on host vdstech.co.uk to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 21033 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 279 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 46.18.86.19
Elapsed Time: 97 ms.
      Testing TCP port 443 on host autodiscover.vdstech.co.uk to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 63 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 118 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.vdstech.co.uk on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=hostmail.vdstech.co.uk, OU=PositiveSSL, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 93 ms.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host name autodiscover.vdstech.co.uk doesn't match any name found on the server certificate CN=hostmail.vdstech.co.uk, OU=PositiveSSL, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
Elapsed Time: 59 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 46.18.86.19
Elapsed Time: 10 ms.
      Testing TCP port 80 on host autodiscover.vdstech.co.uk to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 24 ms.
      The Microsoft Connectivity Analyzer is checking the host autodiscover.vdstech.co.uk for an HTTP redirect to the Autodiscover service.
       The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
       
      Additional Details
       
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.
HTTP Response Headers:
Content-Length: 58
Content-Type: text/html
Date: Fri, 21 Oct 2016 12:56:17 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Elapsed Time: 24 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 18 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.vdstech.co.uk in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 18 ms.
0
 
LVL 9

Expert Comment

by:DeBlackman
Comment Utility
So it looks like now the AutoDiscover record exists but your certificate is not valid. The certificate does not seem to have AutoDiscover.yourdomain.uk registered on it.

Looking at it you only have Hotmail.yourdomain.uk and www.hostmail.yourdomain.uk (you really don't even need the second one). you need to create a new certificate with both these names on it:

hostmail.yourdomain,.uk
AutoDiscover.yourdomain.uk
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
Can we do that...Can we have certificate with both names on...
0
 
LVL 9

Expert Comment

by:DeBlackman
Comment Utility
Yes you can...its called a SAN Certificate or a UC Certificate. it is a requirement for Exchange servers actually.
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
Can i use wild card certificate...
0
 
LVL 9

Expert Comment

by:DeBlackman
Comment Utility
Most certainly you can.
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
Thanks...
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
Ok I buy the SAN certificate and re run the autodiscovery test

Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Autodiscover was successfully tested for Exchange ActiveSync.
       
      Additional Details
       
Elapsed Time: 22077 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service was tested successfully.
       
      Additional Details
       
Elapsed Time: 22077 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 21388 ms.
       
      Test Steps
       
      Attempting to resolve the host name vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 85.233.160.22
Elapsed Time: 324 ms.
      Testing TCP port 443 on host vdstech.co.uk to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 21064 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of the Autodiscover URL was successful.
       
      Additional Details
       
Elapsed Time: 689 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.vdstech.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 46.18.86.19
Elapsed Time: 80 ms.
      Testing TCP port 443 on host autodiscover.vdstech.co.uk to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 49 ms.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Additional Details
       
Elapsed Time: 129 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.vdstech.co.uk on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=hostmail.vdstech.co.uk, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 71 ms.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       
Host name autodiscover.vdstech.co.uk was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=hostmail.vdstech.co.uk, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated.
       One or more certificate chains were constructed successfully.
       
      Additional Details
       
A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 20 ms.
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
       
      Additional Details
       
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       
The certificate is valid. NotBefore = 10/21/2016 12:00:00 AM, NotAfter = 10/21/2017 11:59:59 PM
Elapsed Time: 0 ms.
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       
Accept/Require Client Certificates isn't configured.
Elapsed Time: 90 ms.
      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       
      Additional Details
       
Elapsed Time: 339 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.vdstech.co.uk:443/Autodiscover/Autodiscover.xml for user Administrator@vdstech.co.uk.
       The Autodiscover XML response was successfully retrieved.
       
      Additional Details
       
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>Administrator</DisplayName>
<EMailAddress>Administrator@vdstech.co.uk</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://hostmail.vdstech.co.uk/Microsoft-Server-ActiveSync</Url>
<Name>https://hostmail.vdstech.co.uk/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 738
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Fri, 21 Oct 2016 14:55:35 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 339 ms.
0
 

Author Comment

by:Vikram Sokhi
Comment Utility
I am still not able to get the mobile users to send and receive emails
0
 
LVL 9

Expert Comment

by:DeBlackman
Comment Utility
Then it Is the phone issue - what type of phone are you using? Can you try a different phone. The test results above show a successful attempt.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now