Link to home
Create AccountLog in
Avatar of sf1elds
sf1eldsFlag for Barbados

asked on

Exchange mail not connecting on mobile

Exchange mail not connecting on mobile device (iPhone or Android). Trying to configure mail on my phone but it won’t connect. I’ve selected ‘Exchange’ as the provider.

Server - mail.domain.com
Domain - domainname.com
Username- firstinitial + lastname
Avatar of Alan
Alan
Flag of New Zealand image

Does mail.domain.com resolve to your external IP?  If not, then you need to set that up in your public DNS

Have you forwarded port 443 from the external (router) to the internal IP of your exchange server? - If not, then you need to do that.

Have you setup AutoDiscover?  If not, you should set that up:

https://www.howto-outlook.com/howto/autodiscoverconfiguration.htm

Does it work internally?


Alan.
Avatar of sf1elds

ASKER

Mail.domain.com works fine.

Yes I’ve already forwarded port 443.

Didn’t setup AutoDiscover

Yes it work fine internally.
Avatar of sf1elds

ASKER

I’m using Exchange Server 2016 and Outlook 2016 on my iPhone
https://technet.microsoft.com/en-us/library/bb123679(v=exchg.160).aspx

if you do not set ActiveSync VirtualDirectory, no mobile devices will be able to connect outside the local network.
Hear me out. Firstly you need to configure autodisover in your DNS provider followed by an SRV. So follow my instruction and that will work, assuming you have access to OWA and ECp from the outside.

1- Login to your DNS provider, either godaddy or no-ip.
2- Add an A record called Autodiscover mapped to your public address or @ host.
3- Add an SRV record give a name, domain name of your email, such as: mail.domain.com
4- Is gonna ask you for this option weight=0 and height=0
5- Protocol _tcp
6- Service _autodiscover

After that being in placed, wait half an hour or an hour until the propagation takes place.
Then go to your phone and add an exchange account. Type your username and password and automatically your phone will get all the server configuration without user interaction.

Cheers,
Avatar of sf1elds

ASKER

Ok so I'm trying to setup the SRV record.

These are the fields I'm required to fill on GoDaddy:-

Service _autodiscover
Protocol _tcp
Name (not clear on what name is required here)
Target mail.domain.com
Priority ????
Weight 0
Port ????
Name: whatever you want to identify your SRV record.
Priority 0
Port 443
Avatar of sf1elds

ASKER

Ok cool that's what I had. So let's wait an hour to see what happens.

Thanks
Avatar of sf1elds

ASKER

It's been 2 hours and still no luck. I'm not able to connect my phone.
Did you configure the authentication using UPN?
Otherwise it won't work. You will have to add the conf manually.
Avatar of sf1elds

ASKER

explain.

do you mean entering the username as - domain/username ????
Avatar of sf1elds

ASKER

username - username@domain.com
You can't use that.
You have to use user@domain.com

If you use domain/user then you have to add all the settings manually.

Such as:

Username password
Domain.
Server
Etc
Avatar of sf1elds

ASKER

tried that as well.

no luck
I think you need to test the exchange connectivity.
I don't know your configuration.

The way I have told you it should work.
Make sure you have configure well all the virtual directories
Avatar of sf1elds

ASKER

I'll take a look at the virtual directories, but for right now I'm totally lost.....
Do you have SSL turned on?

The URL for your mail server is probably (or should be) https://mail.domain.com
Also, check your domain at www.mxtoolbox.com and see what it reports. You can do some testing there, too.
Avatar of sf1elds

ASKER

SSL is turned on.
https://mail.domain.com/owa works fine.
Virtual Directories are all configured correctly.
What exactly is the error that it gives you?
Avatar of sf1elds

ASKER

It says UNABLE TO LOG IN

Please check your email address and password and try again.
So it's connecting but not authenticating. Have you checked to make sure your password is good and the account hasn't gotten locked by all these login attempts? Try resetting your password and see if that works.
Also check Exchange and make sure that OWA is enable for your account - https://technet.microsoft.com/en-us/library/bb124124(v=exchg.150).aspx
Are you using self-signed SSL cert or wildcard SSL cert for your Exchange server?

You need to use UCC cert.

https://hk.godaddy.com/en/help/what-is-a-multiple-domain-ucc-ssl-certificate-3908
Avatar of sf1elds

ASKER

The password is correct.

If I use https://mail.domain.com/owa with the same password it works.
Avatar of sf1elds

ASKER

wildcard SSL cert
Avatar of sf1elds

ASKER

I just tried using the mail app on my iPhone and I got the following:-

Cannot Verify Server Identity
The Identity of "autodiscover.domain.com" cannot be verified by settings.
I believe you didnt buy a san certificate.

you have a domain certificate.

IN your outlook, do you have any certificate pop ups?

Something like the certificate dont match?
Agreed.

Unless your mobile phones are outdated which you can ignore the cert, you need a UCC cert for your Exchange server.

https://social.technet.microsoft.com/Forums/lync/en-US/dcd20afc-98fd-4cd0-a4f4-526666d0a8fe/exchange-2010-why-do-i-need-to-use-a-ucc-certificate?forum=exchangesvrdeploylegacy
Avatar of sf1elds

ASKER

Something like the certificate dont match?

yes
Avatar of sf1elds

ASKER

I get a certificate error on the desktops but I just ignore and continue
What mobile device (iPhone or Android) you have tried to connect?
So I know how to fix your problem.

Beforehand I have to ask you a question. Did you buy a san certificate?
If your mobile devices are running iOS 10 or above or Android OS 7.0 or above, you cannot ignore the cert.
Avatar of sf1elds

ASKER

Tried both iPhone and Android.
Did NOT buy a SAN Certificate.
"Beforehand I have to ask you a question. Did you buy a san certificate?"

Already answered that it is a wildcard SSL cert.
Avatar of sf1elds

ASKER

I'm running the latest IOS on my iPhone and Android
Get a multi domain certificate.

This is what exchange needs on the certificate to work

Autodiscover.domain.com
mail.domain.com

Once you have added those domain in a multi domain certificate then you will be having the pop up error.
Go to namecheap.com and buy a three years one. you will have two slots that will be good enough to fix your issue.
Agreed. No workarounds without a SAN (UCC) cert.
Avatar of sf1elds

ASKER

Ok. Let me go get that certificate and get back to you.
Avatar of sf1elds

ASKER

Would it be fine going to namecheap.com for the certificate and my domain is at Godaddy?

I'm seeing Multi-Domain SSL (3 Domains Included) for $89.88/Yr Is that the one?
It will be cheaper if you buy the cert from Godaddy.
Yes, that's good.

Jackie Man: Godaddy will rip him off, but he can call and find out
Avatar of sf1elds

ASKER

Understood.

It's just that all our domains are already with godaddy. It makes management easier.

Seems like we also have a UCC SSL Certificate with godaddy protecting another domain name
Avatar of sf1elds

ASKER

I've finally installed the certificate this morning. Still no luck with my mobile phone.
did you check your server connectivity analizer? https://testconnectivity.microsoft.com/

Also what does the phone says?
Avatar of sf1elds

ASKER

The phone says my username or password is incorrect.
Can you reset your password, make sure you have the correct username, also make sure you are login in with the right option.

Are you using UPN, or domain\user?
Avatar of sf1elds

ASKER

domain\user
Avatar of sf1elds

ASKER

My password works with the OWA
change the way you login with UPN
Avatar of sf1elds

ASKER

change the way I login?
Hi,

If you have the right certificate, try logging in as:

username@example.com


Alan.
Avatar of sf1elds

ASKER

I've tried that.
Yes,

Like right now you are login like this Domain\User.
If you want your phone to take the settings automatically you need a setup like this: User@domain.com

You can login to ECP on the exchange, Servers> Virtual Directory, OWA option and select authentication.
can you log in in your OWA with email and password instead of username and password?
Avatar of sf1elds

ASKER

No I cannot log in in my OWA with email and password instead of username and password?
Did you went to your virtual directory and change to UPN? becuase if you didn't it's not going to work.
Also what UPN you see in the exchange when you create a user?

Do you see @domain.com OR @domain.local?
Avatar of sf1elds

ASKER

New use gets @domain.com
perfect, now go to domain and trust in active directory
and see if you have the same UPN in there.
Avatar of sf1elds

ASKER

I see domain.local
add the domain.com
That's the reason is not working.
Avatar of sf1elds

ASKER

Ok I may need to read up on how to do this first.
just go to domain and trust, right click in active directory domain and trust then add the UPN and save it.
Avatar of sf1elds

ASKER

Ok I'm just doomed. Still no luck
what are you mean? did you added the UPN on the active directory domain and trust? domain.com?
Avatar of sf1elds

ASKER

I did
Sometimes with Exchange, you have to wait a while - maybe a couple of hours, for setttings to take effect, or, if feasible, restart Exchange (or reboot the server) but normally that is difficult in the middle of the day.

Alan.
ASKER CERTIFIED SOLUTION
Avatar of Hemil Aquino
Hemil Aquino
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of sf1elds

ASKER

You were right on the money. Thanks a mil. I was just a bit flustered.