We help IT Professionals succeed at work.

Cannot connect/sync mobile devices (iPhones/Andriod) to Exchange 2010 for email access.

Jonathan Earley
on
173 Views
Last Modified: 2017-08-24
I have been trying to setup an email account (Exchange 2010 hosted internally) on an iPhone 7 but I keep getting the following error message:
Exchange Account
Unable to verify account information.

I am able to use Outlook Web App to access emails externally but can't configure the account on a mobile device. Exchange ActiveSync is enabled for all users.




Jale
Comment
Watch Question

Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Please test the account you are trying to setup on the test site:

https://testconnectivity.microsoft.com

Use the Activesync test and make sure you use the same credentials (which must NOT be an admin account).

Report back the results (hiding your domain name) and please expand the error section to show the full error (if any).

Thanks

Alan
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
Hi

Does this happen with only one account or multiple?
If one, go into EMC select the users mailbox, manage mobile phone and delete/remove the mobile partnership.
Recreate the account on the iphone and try again.

If multiple, run your server through this link
https://testconnectivity.microsoft.com

Cheers
Jonathan EarleyNetwork Admin

Author

Commented:
Hi Guys!

I did run the test and I got one or two failures and warnings.

Attached (photos) are the results.
Test0.PNG
Test1.PNG
Test2.PNG
Test3.PNG
Test4.PNG
Test5.PNG
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - so did the test ultimately pass or fail?

Alan
Jonathan EarleyNetwork Admin

Author

Commented:
It failed.

I tried troubleshooting the failure but with no luck.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - so looks like Client Certificates are required and the Authentication settings aren't right.

If you open up IIS Manager (not IIS 6.0 Manager) and then expand your default website, on the Autodiscover Virtual Directory, double-click Security and check the authentication settings that are enabled / disabled.  What's set?

You should have:
Anonymous: Enabled
ASP.NET: Disabled
Basic: Enabled
Digest: Disabled
Forms: Disabled
Windows: Enabled

Then check SSL Settings (double click on the Padlock Icon).  Require SSL should be ticked and Ignore Client Certificates selected.

If you've changed anything, you'll need to run:

iisreset /noforce

from an administrative command prompt.

Re-test on the test site and let me know if anything is better.

What Service Pack / Rollup do you have installed on the Server at the moment?  You can tell by opening up Exchange Management Console and clicking on Help> About.  Post the Version shown please.

Thanks

Alan
Jonathan EarleyNetwork Admin

Author

Commented:
Hi Alan,

The Authentication & SSL Settings do match your recommendations.

The Server's version is: 14.00.0639.021. I have tried installing SP2 but the installation kept failing.
Authentication-Setting.PNG
SSL-Settings.PNG
Version.PNG
Jonathan EarleyNetwork Admin

Author

Commented:
Hi!

I upgraded the Exchange Server to Exchange 2010 SP3 & Rollup 11. However, the test is still failing and I am still having issues with mobile connectivity.
Exchange-Version-2.PNG
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Well done on upgrading - that's always a good plan.  Stupidly I asked you to check the Autodiscover Virtual Directory yesterday (was having a moment).  Can you please do the same for the Microsoft-Server-Activesync virtual Directory and report back if anything is different!

You should have:
Anonymous: Disabled
ASP.NET: Disabled
Basic: Enabled
Digest: Disabled
Forms: Disabled
Windows: Disabled

Then check SSL Settings (double click on the Padlock Icon).  Require SSL should be ticked and Ignore Client Certificates selected.
Jonathan EarleyNetwork Admin

Author

Commented:
Hi Alan,

I checked and saw that all authentication settings were disabled. I did enable "Basic Authentication".

The SSL Settings had "Require SSL" ticked but "Client Certificates" Require. I changed the "Client Certificates" to Ignore.

I also ran the connectivity test and this time it was successful with warnings but the setup is still failing on the mobile device(s).
Test2-0.PNG
Test2-1.PNG
Test2-2.PNG
Test2-3.PNG
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - that's good. With a successful test, are you trying to setup the mobile on WiFi or on 3G/4G?  If WiFi is enabled, please disable it and try again.

Better?

Alan
Jonathan EarleyNetwork Admin

Author

Commented:
I did have WiFi disabled. Still no luck.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Damn!  Too easy!  Are you testing with the same credentials as you used on the test site?

Is the SSL certificate a 3rd party SSL trusted certificate?

Alan
Jonathan EarleyNetwork Admin

Author

Commented:
Yes. I am using the same credentials as the test site.

The SSL Cert is from GoDaddy's UCC Cert.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - that should be fine.

Are you trying to setup an iPhone or Android?
Jonathan EarleyNetwork Admin

Author

Commented:
An iPhone.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay. What iOS version is it running? Is it on the latest version?

Would you be okay with setting me up with some test credentials / an account and emailing me the details so I can test (will understand if the answer is a no)?
Jonathan EarleyNetwork Admin

Author

Commented:
It's an iPhone 7 (iPhones 6 & 7) with iOS 10.3.1.

I will be okay creating a test account/credentials for you. What's the address?
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - so latest iOS version!  Email address should be in my profile (click on my name).  Thank you.
Jonathan EarleyNetwork Admin

Author

Commented:
Hi Alan,

I did email the credentials/account's info.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Thank you - the account added happily, but Mail is giving me the following error:

Cannot Get Mail / The connection to the server failed.

Are you getting the same error?

I also have a new Passcode requirement popped up!  Looks like you have an Activesync Policy configured and I've already got a 6-digit passcode setup on my iPhone!
Jonathan EarleyNetwork Admin

Author

Commented:
Yes. I get the same error. I get invalid password pop-up too; even though the password is correct.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - some random questions!

Has this ever worked?
If yes - when did it break and what changed before it broke?
If No - does OWA work happily (not entirely related - but might be)?

What AV software is installed on the server (if any)?

Have you tested multiple accounts or just a couple?  Do you get the same results for all accounts?
Jonathan EarleyNetwork Admin

Author

Commented:
Yes. I do have Activesync Policy configured. Maybe I a bad configuration but here are the configurations.

The Default policy is a little different. I can send it too, if you want.
Client-Access.PNG
General.PNG
Password.PNG
Sync-Settings.PNG
Device.PNG
Device-Applications.PNG
Other.PNG
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Those look fine.  Have you tried repairing the Activesync Virtual Directory?
Jonathan EarleyNetwork Admin

Author

Commented:
No. It has never worked with Exchange 2010 but it worked with Exchange 2003 before the migration.

It seems to work with no issue with OWA.

We have Trend Micro & Malwarebytes.

Yes. I have tested multiple accounts with the same result.
Jonathan EarleyNetwork Admin

Author

Commented:
No. I haven't tried repairing it.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Give that a whirl (from the Exchange Management Console) - do you know how to?
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Trend / MalwareBytes might be interfering with Activesync.  Seen it before with Background scanning killing Activesync.  What Trend product is it?
Jonathan EarleyNetwork Admin

Author

Commented:
TrendMicro Worry-Free Business Security.
Jonathan EarleyNetwork Admin

Author

Commented:
I will appreciate you instructing me on repairing it.
Jonathan EarleyNetwork Admin

Author

Commented:
I'll try to set exclusions (Trend) for Exchange and see.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Not a problem.

Open up the Exchange Management Console
Expand and drill down to Server Configuration> Client Access.  Select the Client Access on the Left Navigation Pane.

In the Actions (right-hand pane) you should see Reset Virtual Directory.

Select that and then click the Browse button.

Select the Microsoft-Server-Activesync option and click OK.  Click Next and keep going until it completes.

Re-test and see if life has improved :)
Jonathan EarleyNetwork Admin

Author

Commented:
Did do the reset and a re-test but life remains the same. :)
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Okay - that's a shame.  Did you manage to successfully uninstall Exchange 2003 from the old server using Add/Remove programs, or did you have to get heavy-handed and use the registry / ADSIEDIT ?
Jonathan EarleyNetwork Admin

Author

Commented:
:(
I had it coexisting for a while with Exchange 2010 and the 2003 Server died without me having the opportunity to decommission it.

I guess the biggest mistake was removing Exchange 2003 without it being properly decommissioned. What a shame. Because of the remnant of Exchange 2003, I am also having problems trying to migrate to Exchange 2016 because I keep getting the error message that there's Exchange 2003 on the network that needs to be removed.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Ah!  Wasn't sure if that might have been the case and that's almost certainly the root of your problems.  Sounds like you need a bit of server surgery!  Would you like me to assist you remotely?

I'm about to head home, but I can jump on a bit later if you like?  I know you're a few hours behind me (across the pond) so happy to help you.

Will need quite a bit of tidying up to remove the old 2003 server happily.  Even moving to 2016 might be an issue without removing 2003 properly first.
Jonathan EarleyNetwork Admin

Author

Commented:
I'll be glad if you could.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
No problems - I'll reply to your email with details once I'm home (thank you).

Will also post the fixes here for the benefit of future searchers, although this may be an extreme case and not likely to be readily replicated, but information like this is useful.

Back soon.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
I'm home!  If I email the test account now - will you get the email?
Jonathan EarleyNetwork Admin

Author

Commented:
Yes.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Fab :)  Stand by!
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
So far, things are better and working in a fashion.

Had to tidy up 2 DC's that no longer exist, remove the Exchange 2003 server from AD using ADSIEDIT and then include inherited permissions on the user account we tested (your account).

The DC has 2 NIC's in it and it shouldn't have, so need to tidy that up.  Need to set Internal and External URL's via Exchange Management Console / Shell to make internal and external the same.

Tidied up some stale DNS entries / duplicate records for items no longer in existence, but that had duplicate IP's for different devices.  Set Scavenging of Stale Resource Records up for all Zones and scavenged old records.

Disabled security settings in 2 Activesync Policies and set the refresh interval to 12 hours (originally set to none), so now any changes for added mobiles will contact the server for changes and the changes can be made and pushed out over time once everything is working happily.

Test account now adds and syncs properly

Alan
Jonathan EarleyNetwork Admin

Author

Commented:
Hi Alan,

I am back.
Jonathan EarleyNetwork Admin

Author

Commented:
I really do appreciate all of the help. Do I need to do something extra to configure another mobile user's account?
Co-Owner
CERTIFIED EXPERT
Top Expert 2011
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.