Exchange mail not connecting on mobile

Does mail.domain.com resolve to your external IP?  If not, then you need to set that up in your public DNS

Have you forwarded port 443 from the external (router) to the internal IP of your exchange server? - If not, then you need to do that.

Have you setup AutoDiscover?  If not, you should set that up:

https://www.howto-outlook.com/howto/autodiscoverconfiguration.htm

Does it work internally?


Alan.

Mail.domain.com works fine.

Yes I’ve already forwarded port 443.

Didn’t setup AutoDiscover

Yes it work fine internally.

I’m using Exchange Server 2016 and Outlook 2016 on my iPhone

https://technet.microsoft.com/en-us/library/bb123679(v=exchg.160).aspx

if you do not set ActiveSync VirtualDirectory, no mobile devices will be able to connect outside the local network.

Hear me out. Firstly you need to configure autodisover in your DNS provider followed by an SRV. So follow my instruction and that will work, assuming you have access to OWA and ECp from the outside.

1- Login to your DNS provider, either godaddy or no-ip.
2- Add an A record called Autodiscover mapped to your public address or @ host.
3- Add an SRV record give a name, domain name of your email, such as: mail.domain.com
4- Is gonna ask you for this option weight=0 and height=0
5- Protocol _tcp
6- Service _autodiscover

After that being in placed, wait half an hour or an hour until the propagation takes place.
Then go to your phone and add an exchange account. Type your username and password and automatically your phone will get all the server configuration without user interaction.

Cheers,

Ok so I'm trying to setup the SRV record.

These are the fields I'm required to fill on GoDaddy:-

Service _autodiscover
Protocol _tcp
Name (not clear on what name is required here)
Target mail.domain.com
Priority ????
Weight 0
Port ????

Name: whatever you want to identify your SRV record.
Priority 0
Port 443

Ok cool that's what I had. So let's wait an hour to see what happens.

Thanks

It's been 2 hours and still no luck. I'm not able to connect my phone.

Did you configure the authentication using UPN?
Otherwise it won't work. You will have to add the conf manually.

explain.

do you mean entering the username as - domain/username ????

username - username@domain.com

You can't use that.
You have to use user@domain.com

If you use domain/user then you have to add all the settings manually.

Such as:

Username password
Domain.
Server
Etc

tried that as well.

no luck

I think you need to test the exchange connectivity.
I don't know your configuration.

The way I have told you it should work.
Make sure you have configure well all the virtual directories

I'll take a look at the virtual directories, but for right now I'm totally lost.....

Do you have SSL turned on?

The URL for your mail server is probably (or should be) https://mail.domain.com

Also, check your domain at www.mxtoolbox.com and see what it reports. You can do some testing there, too.

SSL is turned on.
https://mail.domain.com/owa works fine.
Virtual Directories are all configured correctly.

What exactly is the error that it gives you?

It says UNABLE TO LOG IN

Please check your email address and password and try again.

So it's connecting but not authenticating. Have you checked to make sure your password is good and the account hasn't gotten locked by all these login attempts? Try resetting your password and see if that works.

Also check Exchange and make sure that OWA is enable for your account - https://technet.microsoft.com/en-us/library/bb124124(v=exchg.150).aspx

Are you using self-signed SSL cert or wildcard SSL cert for your Exchange server?

You need to use UCC cert.

https://hk.godaddy.com/en/help/what-is-a-multiple-domain-ucc-ssl-certificate-3908

The password is correct.

If I use https://mail.domain.com/owa with the same password it works.

wildcard SSL cert

I just tried using the mail app on my iPhone and I got the following:-

Cannot Verify Server Identity
The Identity of "autodiscover.domain.com" cannot be verified by settings.

I believe you didnt buy a san certificate.

you have a domain certificate.

IN your outlook, do you have any certificate pop ups?

Something like the certificate dont match?

Agreed.

Unless your mobile phones are outdated which you can ignore the cert, you need a UCC cert for your Exchange server.

https://social.technet.microsoft.com/Forums/lync/en-US/dcd20afc-98fd-4cd0-a4f4-526666d0a8fe/exchange-2010-why-do-i-need-to-use-a-ucc-certificate?forum=exchangesvrdeploylegacy

Something like the certificate dont match?

yes

I get a certificate error on the desktops but I just ignore and continue

What mobile device (iPhone or Android) you have tried to connect?

So I know how to fix your problem.

Beforehand I have to ask you a question. Did you buy a san certificate?

If your mobile devices are running iOS 10 or above or Android OS 7.0 or above, you cannot ignore the cert.

Tried both iPhone and Android.
Did NOT buy a SAN Certificate.

"Beforehand I have to ask you a question. Did you buy a san certificate?"

Already answered that it is a wildcard SSL cert.

I'm running the latest IOS on my iPhone and Android

Get a multi domain certificate.

This is what exchange needs on the certificate to work

Autodiscover.domain.com
mail.domain.com

Once you have added those domain in a multi domain certificate then you will be having the pop up error.
Go to namecheap.com and buy a three years one. you will have two slots that will be good enough to fix your issue.

Agreed. No workarounds without a SAN (UCC) cert.

Ok. Let me go get that certificate and get back to you.

Would it be fine going to namecheap.com for the certificate and my domain is at Godaddy?

I'm seeing Multi-Domain SSL (3 Domains Included) for $89.88/Yr Is that the one?

It will be cheaper if you buy the cert from Godaddy.

Yes, that's good.

Jackie Man: Godaddy will rip him off, but he can call and find out

Understood.

It's just that all our domains are already with godaddy. It makes management easier.

Seems like we also have a UCC SSL Certificate with godaddy protecting another domain name

I've finally installed the certificate this morning. Still no luck with my mobile phone.

did you check your server connectivity analizer? https://testconnectivity.microsoft.com/

Also what does the phone says?

The phone says my username or password is incorrect.

Can you reset your password, make sure you have the correct username, also make sure you are login in with the right option.

Are you using UPN, or domain\user?

domain\user

My password works with the OWA

change the way you login with UPN

change the way I login?

Hi,

If you have the right certificate, try logging in as:

username@example.com


Alan.

I've tried that.

Yes,

Like right now you are login like this Domain\User.
If you want your phone to take the settings automatically you need a setup like this: User@domain.com

You can login to ECP on the exchange, Servers> Virtual Directory, OWA option and select authentication.

can you log in in your OWA with email and password instead of username and password?

No I cannot log in in my OWA with email and password instead of username and password?

Did you went to your virtual directory and change to UPN? becuase if you didn't it's not going to work.
Also what UPN you see in the exchange when you create a user?

Do you see @domain.com OR @domain.local?

New use gets @domain.com

perfect, now go to domain and trust in active directory
and see if you have the same UPN in there.

I see domain.local

add the domain.com
That's the reason is not working.

Ok I may need to read up on how to do this first.

just go to domain and trust, right click in active directory domain and trust then add the UPN and save it.

Ok I'm just doomed. Still no luck

what are you mean? did you added the UPN on the active directory domain and trust? domain.com?

I did

Sometimes with Exchange, you have to wait a while - maybe a couple of hours, for setttings to take effect, or, if feasible, restart Exchange (or reboot the server) but normally that is difficult in the middle of the day.

Alan.

You were right on the money. Thanks a mil. I was just a bit flustered.