Apple devices unable to connect to Exchange 2010 when on corporate Wifi

Users can no longer connect to our Exchange 2010 server when connected to our corporate Wifi network when using iPhone or iPad  (since approximately Nov of last year).  
Nothing has changed on the network and Android devices are unaffected so I assume the problem lies with an IOS update.
Apple device users can retrieve email when on public WiFi (e.g. hotels etc) or when using their data connection but can't when connected to the internal corporate Wifi network.
Any suggestions please?
Tony O'KeeffeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Whats the Cert on the Exchange server? is it a StartSSL Cert? or Worse a self signed certificated (see https://blogs.msdn.microsoft.com/freddyk/2017/05/23/ios-10-and-self-signed-certificates/ )
Are IOS version 10.2 devices (and higher the ones affected)
If you install the FREE version of Outlook for IOS can they connect?


P
0
Andy MIT Systems ManagerCommented:
Is the internal connection address for your exchange match the external address? If not, what address does your SSL match? I don't think you have an incorrect type of SSL as it connects fine outside of the network.

I seem to recall hearing that newer iOS versions will only connect securely now and reject any connection it believes is insecure.

If your certificate and external address are mail.company.com but the internal address is something like mailserver.company.local then the iOS device will refuse connection when on the internal network as it believes it's insecure due to a certificate mis-match. You could update your internal dns/exchange records (autodiscover, ews, etc) to match your external address which should allow this to work again.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tony O'KeeffeAuthor Commented:
Thanks for coming back to me - I certainly does appear to be an issue with internal/external certificates and yes I've also seen the references to OS security updates - changing the DNS settings on the firewall to a public DNS resolved the issue.  

Thanks to you both for your input.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.