Clicky

Hello.  I cannot connect any iPhones to an Exchange 2010 server.  I get through the wizard on the phone just fine, but I keep getting errors:  Cannot Get Mail:  The connection to the server failed.  I dont think I'm doing anything wrong on the iPhone as I've done probably 100's of them to different servers.  I just can connect to this one.  I've read many articles and I really dont have a clue where to even start.  I was wondering if there is a place I can go and have someone remote into my machine and see if he/she can solve it.  Obviously I'd be willing to pay.  Thanks!

asked 08/05/2011 03:04

JasonJewett's gravatar image

JasonJewett ♦♦


24 Answers:
Did you try the perticular phone with diffrent accounts? Is this a fresh 2010 server ?
link

answered

PenguinN's gravatar image

PenguinN

Yes - multiple accounts.  The server has been runing for a while, but this is the first time I have attempted to hook any mobile device to it.
link

answered 2011-08-05 at 11:09:51

JasonJewett's gravatar image

JasonJewett

Can you run the Exchange Connector checks and see what happens https://www.testexchangeconnectivity.com/
link

answered 2011-08-05 at 11:11:07

PenguinN's gravatar image

PenguinN

Interesting.  When testing for ActiveSync, it fails here:  Host name mail.mydomain.com doesn't match any name found on the server certificate CN=InternalServerName.

The internal server name is not accessable from outside the local network.  Do I need to add an A record for InternalServerName.mydomain.com?
link

answered 2011-08-05 at 11:19:28

JasonJewett's gravatar image

JasonJewett

Found anything already?
link

answered 2011-08-05 at 11:31:39

PenguinN's gravatar image

PenguinN

Oke have you got a comercial SSL certificat on the server?. And also check what is mail.yourdomain.com is registred in exchange on the external website adres.
link

answered 2011-08-05 at 11:32:00

PenguinN's gravatar image

PenguinN

In the console tree, navigate to Server Configuration > Client Access.

2. In the work pane, click the Exchange ActiveSync tab, and then click the Microsoft-Server-ActiveSync virtual directory.

3. In the action pane, under click Microsoft-Server-ActiveSync, click Properties.

4. Use the General tab to view display-only information about the Exchange ActiveSync virtual directory and to modify the Internal and External URLs.
Server   This read-only field shows the name of the server the virtual directory is located on.

Web site   This read-only field shows the name of the Web site that holds the virtual directory. Normally, this will be the Default Web Site.

SSL Enabled   This read-only field shows the Secure Sockets Layer (SSL) status of the virtual directory. The default is True.

Modified   This read-only field shows the date and time that the virtual directory was last modified.

Internal URL   This field shows the InternalURL setting for the virtual directory. In most cases, you shouldn't change this setting.

External URL   This field shows the ExternalURL setting for the virtual directory. In an Internet-facing Active Directory site, this field will be populated with the external DNS endpoint for Exchange ActiveSync, for example, http://contoso.com/Microsoft-Server-ActiveSync.

Source http://technet.microsoft.com/en-us/library/aa998363.aspx#emc


link

answered 2011-08-05 at 11:34:46

PenguinN's gravatar image

PenguinN

I dont know if the server has a commercial one - how do I check?  how do I check to see the External website address?  Sorry.  I was pretty good at Exchange 2003 and ium a newbie at 2010.
link

answered 2011-08-05 at 11:37:23

JasonJewett's gravatar image

JasonJewett

In your case the external URL would be for example, http://mail.mydomain.com/Microsoft-Server-ActiveSync.
link

answered 2011-08-05 at 11:39:59

PenguinN's gravatar image

PenguinN

You could check by opening webmail on the exchange server, you cal check the certificat in your browser. Also if you don't get a message are you sure you want to continue (that context) and your addressbar in IE is green (instead of red) you know it a commercial certifcat for 99%.
link

answered 2011-08-05 at 11:40:21

PenguinN's gravatar image

PenguinN

ok.   under server config/client access Exchange active sync tab.  the Internal URL is:https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync
The External is as you indicated:  https://webmail.mydomain.com/Microsoft-Server-ActiveSync
link

answered 2011-08-05 at 11:42:54

JasonJewett's gravatar image

JasonJewett

I get the red.  so perhaps not a commercial one - or misconfigured.
link

answered 2011-08-05 at 11:45:23

JasonJewett's gravatar image

JasonJewett

Oke you dont have a commercial one probable. I think the connectivity analyzer can also see this. Never the less once your external URL is setup see what happens on the analyzer or check with a phone (I believe you can import or ignore the cert on an iphone)
link

answered 2011-08-05 at 11:46:29

PenguinN's gravatar image

PenguinN

ok so I need to get an A record pointing to InternamServerNam.mydomain.com so that both internal and external resolve to the same place right?  I dont need to worry about SSL certs?
link

answered 2011-08-05 at 11:48:51

JasonJewett's gravatar image

JasonJewett

I would get a commercial one to make live easier. Also it you want to use ActiveSync internally you should keep in mind that the phones need to resolve the adres from the internal network. So your internal and external URL will be the same and you should setup DNS to get it going (but this is only nessasary if phones use wifi, most of the time they just use G3 so you don't need to worry about internal url for activeSync).

If you want to install the certificat read the following this will give some clarification http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
link

answered 2011-08-05 at 11:53:52

PenguinN's gravatar image

PenguinN

OK i am getting this when testing ActiveSync:  iPhone still doesnt work  A record already propigated.  

ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name calpac-mail.calpacpainting.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: <IP Address>
 Testing TCP port 443 on host InternalServerName.mydomain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server InternalServerName.mydomain.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=InternamServerName, Issuer: CN=InternalServerName.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name InternalServerName.mydomain.com .com was found in the Certificate Subject Alternative Name entry.
 
 Validating certificate trust for Windows Mobile devices.
  Certificate trust validation failed.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=InternalServerName.
  A certificate chain couldn't be constructed for the certificate.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=InternalServerName
 
 It went farther this time at least :)

 
 
 
 
link

answered 2011-08-05 at 12:04:07

JasonJewett's gravatar image

JasonJewett

BTW - both the internal and external URLs match for server config/client access Exchange active sync tab.  they are both set to :https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync

I can ping that from both internal and external.
link

answered 2011-08-05 at 12:25:54

JasonJewett's gravatar image

JasonJewett

Hi Jason

in your best interest if ur willing to pay have u tried calling Microsoft, to help u ?

do u want to use cert or not ?

if u dont want to use cert , u an go to IIS and change that option. Iphones can work without cert.

let me know ur status
link

answered 2011-08-05 at 12:41:07

praveenkumare_sp's gravatar image

praveenkumare_sp

I think I will eventyally want to use a cert, but just to start with i'd be happy to get it working at all.  I don't mind paying MS, but who do i call and how do i go about that?
link

answered 2011-08-05 at 12:58:05

JasonJewett's gravatar image

JasonJewett

Is working ? Try to see if you get true with rhe exchange analyser.
link

answered 2011-08-05 at 13:00:53

PenguinN's gravatar image

PenguinN

Go to http://support.microsoft.com and search for contact information and u would get taht


they will remote into ur system and help u out
link

answered 2011-08-06 at 02:20:49

praveenkumare_sp's gravatar image

praveenkumare_sp

I see you wrote your active is listed as https://InternalServerName.mydomain.com/Microsoft-Server-ActiveSync in EMC, internal and external. Internal is normaly internal fqdn and external your fqdn for the server external. This would be https://calpac-mail.calpacpainting.com/Microsoft-Server-ActiveSync. The refrence to mydomain.com is not working because mydomain.com is not your domainname.

link

answered 2011-08-06 at 04:35:18

PenguinN's gravatar image

PenguinN

The intenal refrence would look like https://servername.internaldomainname.local/Microsoft-Server-ActiveSync. Where servername is the name of the mailserver, internal domain is the dns name for your internal network. If you want to find out the servname and domain suffix just ipconfig /all and check the results.
link

answered 2011-08-09 at 02:44:23

PenguinN's gravatar image

PenguinN

Sorry for the abandoned question.  Client changed phones :)  
link

answered 2011-08-09 at 02:47:18

JasonJewett's gravatar image

JasonJewett

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×63

Asked: 08/05/2011 03:04

Seen: 269 times

Last updated: 12/15/2011 12:59