sf1elds
asked on
Exchange mail not connecting on mobile
Exchange mail not connecting on mobile device (iPhone or Android). Trying to configure mail on my phone but it won’t connect. I’ve selected ‘Exchange’ as the provider.
Server - mail.domain.com
Domain - domainname.com
Username- firstinitial + lastname
Server - mail.domain.com
Domain - domainname.com
Username- firstinitial + lastname
ASKER
Mail.domain.com works fine.
Yes I’ve already forwarded port 443.
Didn’t setup AutoDiscover
Yes it work fine internally.
Yes I’ve already forwarded port 443.
Didn’t setup AutoDiscover
Yes it work fine internally.
ASKER
I’m using Exchange Server 2016 and Outlook 2016 on my iPhone
https://technet.microsoft.com/en-us/library/bb123679(v=exchg.160).aspx
if you do not set ActiveSync VirtualDirectory, no mobile devices will be able to connect outside the local network.
if you do not set ActiveSync VirtualDirectory, no mobile devices will be able to connect outside the local network.
Hear me out. Firstly you need to configure autodisover in your DNS provider followed by an SRV. So follow my instruction and that will work, assuming you have access to OWA and ECp from the outside.
1- Login to your DNS provider, either godaddy or no-ip.
2- Add an A record called Autodiscover mapped to your public address or @ host.
3- Add an SRV record give a name, domain name of your email, such as: mail.domain.com
4- Is gonna ask you for this option weight=0 and height=0
5- Protocol _tcp
6- Service _autodiscover
After that being in placed, wait half an hour or an hour until the propagation takes place.
Then go to your phone and add an exchange account. Type your username and password and automatically your phone will get all the server configuration without user interaction.
Cheers,
1- Login to your DNS provider, either godaddy or no-ip.
2- Add an A record called Autodiscover mapped to your public address or @ host.
3- Add an SRV record give a name, domain name of your email, such as: mail.domain.com
4- Is gonna ask you for this option weight=0 and height=0
5- Protocol _tcp
6- Service _autodiscover
After that being in placed, wait half an hour or an hour until the propagation takes place.
Then go to your phone and add an exchange account. Type your username and password and automatically your phone will get all the server configuration without user interaction.
Cheers,
ASKER
Ok so I'm trying to setup the SRV record.
These are the fields I'm required to fill on GoDaddy:-
Service _autodiscover
Protocol _tcp
Name (not clear on what name is required here)
Target mail.domain.com
Priority ????
Weight 0
Port ????
These are the fields I'm required to fill on GoDaddy:-
Service _autodiscover
Protocol _tcp
Name (not clear on what name is required here)
Target mail.domain.com
Priority ????
Weight 0
Port ????
Name: whatever you want to identify your SRV record.
Priority 0
Port 443
Priority 0
Port 443
ASKER
Ok cool that's what I had. So let's wait an hour to see what happens.
Thanks
Thanks
ASKER
It's been 2 hours and still no luck. I'm not able to connect my phone.
Did you configure the authentication using UPN?
Otherwise it won't work. You will have to add the conf manually.
Otherwise it won't work. You will have to add the conf manually.
ASKER
explain.
do you mean entering the username as - domain/username ????
do you mean entering the username as - domain/username ????
ASKER
username - username@domain.com
You can't use that.
You have to use user@domain.com
If you use domain/user then you have to add all the settings manually.
Such as:
Username password
Domain.
Server
Etc
You have to use user@domain.com
If you use domain/user then you have to add all the settings manually.
Such as:
Username password
Domain.
Server
Etc
ASKER
tried that as well.
no luck
no luck
I think you need to test the exchange connectivity.
I don't know your configuration.
The way I have told you it should work.
Make sure you have configure well all the virtual directories
I don't know your configuration.
The way I have told you it should work.
Make sure you have configure well all the virtual directories
ASKER
I'll take a look at the virtual directories, but for right now I'm totally lost.....
Do you have SSL turned on?
The URL for your mail server is probably (or should be) https://mail.domain.com
The URL for your mail server is probably (or should be) https://mail.domain.com
Also, check your domain at www.mxtoolbox.com and see what it reports. You can do some testing there, too.
ASKER
SSL is turned on.
https://mail.domain.com/owa works fine.
Virtual Directories are all configured correctly.
https://mail.domain.com/owa works fine.
Virtual Directories are all configured correctly.
What exactly is the error that it gives you?
ASKER
It says UNABLE TO LOG IN
Please check your email address and password and try again.
Please check your email address and password and try again.
So it's connecting but not authenticating. Have you checked to make sure your password is good and the account hasn't gotten locked by all these login attempts? Try resetting your password and see if that works.
Also check Exchange and make sure that OWA is enable for your account - https://technet.microsoft.com/en-us/library/bb124124(v=exchg.150).aspx
Are you using self-signed SSL cert or wildcard SSL cert for your Exchange server?
You need to use UCC cert.
https://hk.godaddy.com/en/help/what-is-a-multiple-domain-ucc-ssl-certificate-3908
You need to use UCC cert.
https://hk.godaddy.com/en/help/what-is-a-multiple-domain-ucc-ssl-certificate-3908
ASKER
The password is correct.
If I use https://mail.domain.com/owa with the same password it works.
If I use https://mail.domain.com/owa with the same password it works.
ASKER
wildcard SSL cert
ASKER
I just tried using the mail app on my iPhone and I got the following:-
Cannot Verify Server Identity
The Identity of "autodiscover.domain.com" cannot be verified by settings.
Cannot Verify Server Identity
The Identity of "autodiscover.domain.com" cannot be verified by settings.
I believe you didnt buy a san certificate.
you have a domain certificate.
IN your outlook, do you have any certificate pop ups?
Something like the certificate dont match?
you have a domain certificate.
IN your outlook, do you have any certificate pop ups?
Something like the certificate dont match?
Agreed.
Unless your mobile phones are outdated which you can ignore the cert, you need a UCC cert for your Exchange server.
https://social.technet.microsoft.com/Forums/lync/en-US/dcd20afc-98fd-4cd0-a4f4-526666d0a8fe/exchange-2010-why-do-i-need-to-use-a-ucc-certificate?forum=exchangesvrdeploylegacy
Unless your mobile phones are outdated which you can ignore the cert, you need a UCC cert for your Exchange server.
https://social.technet.microsoft.com/Forums/lync/en-US/dcd20afc-98fd-4cd0-a4f4-526666d0a8fe/exchange-2010-why-do-i-need-to-use-a-ucc-certificate?forum=exchangesvrdeploylegacy
ASKER
Something like the certificate dont match?
yes
yes
ASKER
I get a certificate error on the desktops but I just ignore and continue
What mobile device (iPhone or Android) you have tried to connect?
So I know how to fix your problem.
Beforehand I have to ask you a question. Did you buy a san certificate?
Beforehand I have to ask you a question. Did you buy a san certificate?
If your mobile devices are running iOS 10 or above or Android OS 7.0 or above, you cannot ignore the cert.
ASKER
Tried both iPhone and Android.
Did NOT buy a SAN Certificate.
Did NOT buy a SAN Certificate.
"Beforehand I have to ask you a question. Did you buy a san certificate?"
Already answered that it is a wildcard SSL cert.
Already answered that it is a wildcard SSL cert.
ASKER
I'm running the latest IOS on my iPhone and Android
Get a multi domain certificate.
This is what exchange needs on the certificate to work
Autodiscover.domain.com
mail.domain.com
Once you have added those domain in a multi domain certificate then you will be having the pop up error.
Go to namecheap.com and buy a three years one. you will have two slots that will be good enough to fix your issue.
This is what exchange needs on the certificate to work
Autodiscover.domain.com
mail.domain.com
Once you have added those domain in a multi domain certificate then you will be having the pop up error.
Go to namecheap.com and buy a three years one. you will have two slots that will be good enough to fix your issue.
Agreed. No workarounds without a SAN (UCC) cert.
ASKER
Ok. Let me go get that certificate and get back to you.
ASKER
Would it be fine going to namecheap.com for the certificate and my domain is at Godaddy?
I'm seeing Multi-Domain SSL (3 Domains Included) for $89.88/Yr Is that the one?
I'm seeing Multi-Domain SSL (3 Domains Included) for $89.88/Yr Is that the one?
It will be cheaper if you buy the cert from Godaddy.
Yes, that's good.
Jackie Man: Godaddy will rip him off, but he can call and find out
Jackie Man: Godaddy will rip him off, but he can call and find out
ASKER
Understood.
It's just that all our domains are already with godaddy. It makes management easier.
Seems like we also have a UCC SSL Certificate with godaddy protecting another domain name
It's just that all our domains are already with godaddy. It makes management easier.
Seems like we also have a UCC SSL Certificate with godaddy protecting another domain name
ASKER
I've finally installed the certificate this morning. Still no luck with my mobile phone.
did you check your server connectivity analizer? https://testconnectivity.microsoft.com/
Also what does the phone says?
Also what does the phone says?
ASKER
The phone says my username or password is incorrect.
Can you reset your password, make sure you have the correct username, also make sure you are login in with the right option.
Are you using UPN, or domain\user?
Are you using UPN, or domain\user?
ASKER
domain\user
ASKER
My password works with the OWA
change the way you login with UPN
ASKER
change the way I login?
Hi,
If you have the right certificate, try logging in as:
username@example.com
Alan.
If you have the right certificate, try logging in as:
username@example.com
Alan.
ASKER
I've tried that.
Yes,
Like right now you are login like this Domain\User.
If you want your phone to take the settings automatically you need a setup like this: User@domain.com
You can login to ECP on the exchange, Servers> Virtual Directory, OWA option and select authentication.
Like right now you are login like this Domain\User.
If you want your phone to take the settings automatically you need a setup like this: User@domain.com
You can login to ECP on the exchange, Servers> Virtual Directory, OWA option and select authentication.
can you log in in your OWA with email and password instead of username and password?
ASKER
No I cannot log in in my OWA with email and password instead of username and password?
Did you went to your virtual directory and change to UPN? becuase if you didn't it's not going to work.
Also what UPN you see in the exchange when you create a user?
Do you see @domain.com OR @domain.local?
Also what UPN you see in the exchange when you create a user?
Do you see @domain.com OR @domain.local?
ASKER
New use gets @domain.com
perfect, now go to domain and trust in active directory
and see if you have the same UPN in there.
and see if you have the same UPN in there.
ASKER
I see domain.local
add the domain.com
That's the reason is not working.
That's the reason is not working.
ASKER
Ok I may need to read up on how to do this first.
just go to domain and trust, right click in active directory domain and trust then add the UPN and save it.
ASKER
Ok I'm just doomed. Still no luck
what are you mean? did you added the UPN on the active directory domain and trust? domain.com?
ASKER
I did
Sometimes with Exchange, you have to wait a while - maybe a couple of hours, for setttings to take effect, or, if feasible, restart Exchange (or reboot the server) but normally that is difficult in the middle of the day.
Alan.
Alan.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
You were right on the money. Thanks a mil. I was just a bit flustered.
Have you forwarded port 443 from the external (router) to the internal IP of your exchange server? - If not, then you need to do that.
Have you setup AutoDiscover? If not, you should set that up:
https://www.howto-outlook.
Does it work internally?
Alan.