Stephen Lowe
asked on
iPhone Users activesync stops working until server is rebooted
We recently moved our Exchange 2013 Server to a new location with faster connectivity. Since the move iPhone users who up until this point have had no issues connecting their email just get the message "Exchange Error username cannot get mail the connection to the server failed"
This seems random and affects two out of 10 users so far, the rest are all syncing fine.
If I reboot the server, mailflow comes back for a random period of time. The users can then sync again until one by one they start to give the error again.
Ive run the latest CU and tried every fix I can find but no joy.
I should add all users can sync their phone when in the office with no issues, its only when away from the office that the email fails.
Ive also just been told if the affected users reboot the iPhones that also causes a resync but the emails then drop off again randomly and dont come back.
This seems random and affects two out of 10 users so far, the rest are all syncing fine.
If I reboot the server, mailflow comes back for a random period of time. The users can then sync again until one by one they start to give the error again.
Ive run the latest CU and tried every fix I can find but no joy.
I should add all users can sync their phone when in the office with no issues, its only when away from the office that the email fails.
Ive also just been told if the affected users reboot the iPhones that also causes a resync but the emails then drop off again randomly and dont come back.
ASKER
Hi Steve
Thanks for the suggestion. That was one of the first things we tried. Ive got Microsoft on the case and its now been baffling them for days.
iPhones can most of the time send emails but cannot receive, all are OK on initial setup but then the receive sometimes works but most of the time doesn't.
OWA sometimes stops working completely from outside the office and so does activesync.
The only way to fix all the issues is to reboot the server at which point everything works great again for a random period of time then it all starts to drop off again.
Thanks for the suggestion. That was one of the first things we tried. Ive got Microsoft on the case and its now been baffling them for days.
iPhones can most of the time send emails but cannot receive, all are OK on initial setup but then the receive sometimes works but most of the time doesn't.
OWA sometimes stops working completely from outside the office and so does activesync.
The only way to fix all the issues is to reboot the server at which point everything works great again for a random period of time then it all starts to drop off again.
That was one of the first things we tried.and what were the results? did the tool show any issues?
did you try re-running it once some of the phones experienced issues to see if anything changed?
So what about event logs/IIS logs? you haven't stated if any warnings/errors are shown when the issue occurs.
ASKER
Hello
Sorry for the delay, Microsoft are baffled by this, the results from the remote connectivity analyser are below
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Elapsed Time: 6384 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 6384 ms.
Test Steps
Attempting to test potential Autodiscover URL https://inventiveda.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 608 ms.
Test Steps
Attempting to resolve the host name inventiveda.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 88.208.252.233
Elapsed Time: 18 ms.
Testing TCP port 443 on host inventiveda.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 196 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 394 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server inventiveda.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=secure104.prositehostin
Elapsed Time: 363 ms.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name inventiveda.com doesn't match any name found on the server certificate CN=secure104.prositehostin
Elapsed Time: 0 ms.
Attempting to test potential Autodiscover URL https://autodiscover.inventiveda.com:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 5775 ms.
Test Steps
Attempting to resolve the host name autodiscover.inventiveda.c
The host name resolved successfully.
Additional Details
IP addresses returned: 83.166.191.249
Elapsed Time: 9 ms.
Testing TCP port 443 on host autodiscover.inventiveda.c
The port was opened successfully.
Additional Details
Elapsed Time: 205 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 403 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.inventiveda.c
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=IDASERVER, Issuer: CN=IDASERVER.
Elapsed Time: 386 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.inventiveda.c
Elapsed Time: 0 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/19/2019 9:55:19 AM, NotAfter = 4/19/2024 9:55:19 AM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 807 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 4349 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.inventiveda.com:443/Autodiscover/Autodiscover.xml for user *********@inventiveda.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>********</Dis
<EMailAddress>********@inv
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.inventiveda.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.inventiveda.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
HTTP Response Headers:
request-id: d253effa-d252-49f0-a824-94
X-CalculatedBETarget: idaserver.inventiveda.com
X-DiagInfo: IDASERVER
X-BEServer: IDASERVER
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Set-Cookie: ClientId=WELPPKKUYDXRARLWE
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: IDASERVER
Date: Mon, 13 May 2019 13:09:35 GMT
Content-Length: 728
Elapsed Time: 4348 ms.
Sorry for the delay, Microsoft are baffled by this, the results from the remote connectivity analyser are below
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Elapsed Time: 6384 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 6384 ms.
Test Steps
Attempting to test potential Autodiscover URL https://inventiveda.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 608 ms.
Test Steps
Attempting to resolve the host name inventiveda.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 88.208.252.233
Elapsed Time: 18 ms.
Testing TCP port 443 on host inventiveda.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 196 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 394 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server inventiveda.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=secure104.prositehostin
Elapsed Time: 363 ms.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name inventiveda.com doesn't match any name found on the server certificate CN=secure104.prositehostin
Elapsed Time: 0 ms.
Attempting to test potential Autodiscover URL https://autodiscover.inventiveda.com:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 5775 ms.
Test Steps
Attempting to resolve the host name autodiscover.inventiveda.c
The host name resolved successfully.
Additional Details
IP addresses returned: 83.166.191.249
Elapsed Time: 9 ms.
Testing TCP port 443 on host autodiscover.inventiveda.c
The port was opened successfully.
Additional Details
Elapsed Time: 205 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 403 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.inventiveda.c
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=IDASERVER, Issuer: CN=IDASERVER.
Elapsed Time: 386 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.inventiveda.c
Elapsed Time: 0 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/19/2019 9:55:19 AM, NotAfter = 4/19/2024 9:55:19 AM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 807 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 4349 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.inventiveda.com:443/Autodiscover/Autodiscover.xml for user *********@inventiveda.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>********</Dis
<EMailAddress>********@inv
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.inventiveda.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.inventiveda.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
HTTP Response Headers:
request-id: d253effa-d252-49f0-a824-94
X-CalculatedBETarget: idaserver.inventiveda.com
X-DiagInfo: IDASERVER
X-BEServer: IDASERVER
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Set-Cookie: ClientId=WELPPKKUYDXRARLWE
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: IDASERVER
Date: Mon, 13 May 2019 13:09:35 GMT
Content-Length: 728
Elapsed Time: 4348 ms.
ASKER
Also the only event we are seeing consistently is this one
Log Name: System
Source: Schannel
Date: 13/05/2019 14:37:43
Event ID: 36887
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: IDAServer.inventiveda.com
Description:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-
<EventID>36887</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-05-13T13:
<EventRecordID>1983035</Ev
<Correlation />
<Execution ProcessID="716" ThreadID="15364" />
<Channel>System</Channel>
<Computer>IDAServer.invent
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">46</Data>
</EventData>
</Event>
Log Name: System
Source: Schannel
Date: 13/05/2019 14:37:43
Event ID: 36887
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: IDAServer.inventiveda.com
Description:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-
<EventID>36887</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-05-13T13:
<EventRecordID>1983035</Ev
<Correlation />
<Execution ProcessID="716" ThreadID="15364" />
<Channel>System</Channel>
<Computer>IDAServer.invent
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">46</Data>
</EventData>
</Event>
Thanks. Autodiscover/connectivity looks good but some of the response times are a bit long. Could be worth checking into why the tests are a little slow.
Also worth noting you appear to have used an admin account for the test, which can invalidate your tests as most users do not (or should not) have admin access.Re-run the test with a standard user.
Otherwise, that SSL error usually means an issue with the SSL cert and/or how it is applied to either HTTPS connections or TLS-enabled SMTP connectors.
It's possible it could be affecting iphone users.
Just a side-note, I recommend editing your above posts to remove a couple of bits of info. You may have revealed more info than you'd want to there (e.g. your admin account, real FQDN/Domain, Ext IP).
Where this info is necessary, I recommend sending it via a personal message :-)
Also worth noting you appear to have used an admin account for the test, which can invalidate your tests as most users do not (or should not) have admin access.Re-run the test with a standard user.
Otherwise, that SSL error usually means an issue with the SSL cert and/or how it is applied to either HTTPS connections or TLS-enabled SMTP connectors.
It's possible it could be affecting iphone users.
Just a side-note, I recommend editing your above posts to remove a couple of bits of info. You may have revealed more info than you'd want to there (e.g. your admin account, real FQDN/Domain, Ext IP).
Where this info is necessary, I recommend sending it via a personal message :-)
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Use this test tool to confirm everything is set up right at the server side. if it is, check the activesync/IIS logs and search for that user to see if there is a more helpful error available.
https://testconnectivity.microsoft.com/