New Exchange 2016. Exchange ActiveSync does not work

This is a new Exchange 2016 installation on an internally hosted Windows Server 2016.
DNS (Including Autodiscover) is set up.
3rd party SSL certificate is set up.
OWA is working fine. Browser shows secure connection. (Ie. using
Outlook 2010/2013/2016 connection to mailbox is working fine (internally and externally). Accounts are easily set up via Autodiscover and no SSL errors during account set up.
Send/receive working fine via Outlook and OWA.

When I try connecting via Exchange Activesync on iOS or Android it fails to connect.
iOS says "Unable to verify account information."
Android says "Cannot connect to server"

I checked Activesync status in Exchange Administration console. It's turned on by default and I did not change the settings.

I used the Microsoft Connectivity Analyzer to test Exchange ActiveSync.

Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

I reseached this and tried troubleshooting steps from other forums.

Exchange Management shell:
Get-AutodiscoverVirtualDirectory | fl

This shows the correct URL which matches the host name in my SVR record. Ie.

I put: into a browser (externally and internally). After putting in the credentials it shows the expected 600 error.

Please advise of further troubleshooting steps.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Valentina PerezExchange ServersCommented:
HI Scrafataus,

Habe you tried to configure the profile in activesync connected internal network and external network?

Please check the virtual directory regarding activesync

Get-ActiveSyncVirtualDirectory | fl  *url*

It is the correct adddress?


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
scraftausAuthor Commented:
Hi OK.
I've only tested ActiveSync externally. I'm not onsite to be able to test internally.

See screenshot of result. The InternalURL shows the correct address.
The ExternalURL is missing. I assume this is the issue. How do I fix this?

Valentina PerezExchange ServersCommented:
HI Scraftaus,

Please you need to configure the external url:

Get-ActiveSyncVirtualDIrectory | Set-ActiveSyncVirtualDirectory -ExternalUrl "url"

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

scraftausAuthor Commented:

I did this via the Exchange admin center>Server>virtual directories
Now the result shows the ExternalURL with the address as well.

I tried the Conectivity Connectivity Analyzer again. It got passed the "failed to obtain an Autodiscover XML response" error but got a new error: "Testing of the OPTIONS command failed. For more information, see Additional Details."

I've attached a screenshot.

When I tested setting up on Android again, this time it auto populated the correct server address but still fails to connect.

timgreen7077Exchange EngineerCommented:
Your autodiscover shouldn't be the servername as mentioned:

It should be something like: or

Also the autodiscover name needs to be on your SSL cert.

Also do you have DNS setup externally with an Autodiscover A record?
scraftausAuthor Commented:
It seems that ActiveSync is working OK for user accounts now. Just not the Administrator account. But that's OK.
I have a wild card certificate set up.

Will there be issues with using for autodiscover?
I have a separate DNS entries set up for also. is also set up as a CNAME.

Everything seems to be working OK now.

timgreen7077Exchange EngineerCommented:
cool. no it should be fine because it's the srv record that outlook looks for. it's just not best practice.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.