Iphone & exchange

Simmz

Simmz

Simmz

Soldato
Joined
30 Nov 2003
Posts
3,504
Hey all,

Has anyone actually had any success and got this working?

It's doing my nut, I can add the account with no problems, but keep getting the message

"cannot get mail the connection to the server failed"

This doesn't always appear but does a lot.

From my log file though

C:\WINDOWS\system32\LogFiles\W3SVC1\ex081126.log

I can see it is responding

2008-11-26 14:53:53 W3SVC1 192.168.34.252 OPTIONS /Microsoft-Server-ActiveSync &Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R 443 administrator 91.85.189.253 Apple-iPhone/506.136 200 0 0
2008-11-26 14:54:03 W3SVC1 192.168.34.252 OPTIONS /Microsoft-Server-ActiveSync &Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R 443 administrator 91.85.189.253 Apple-iPhone/506.136 200 0 0

I have opened the ports

access-list outside_access_in permit tcp any interface outside eq 990
access-list outside_access_in permit tcp any interface outside eq 999
access-list outside_access_in permit tcp any interface outside eq 5721
access-list outside_access_in permit tcp any interface outside eq 5678
access-list outside_access_in permit tcp any interface outside eq 5679
access-list outside_access_in permit tcp any interface outside eq 26675

static (inside,outside) tcp interface 990 192.168.34.252 990 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 999 192.168.34.252 999 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5721 192.168.34.252 5721 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5678 192.168.34.252 5678 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5679 192.168.34.252 5679 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 26675 192.168.34.252 26675 netmask 255.255.255.255 0 0


Can anyone think of anything to help me out.


Cheers.
 
Where is your port forwarding?

Mine (I use ssl).

access-list outside_access_in permit tcp any host OUTSIDEIP eq https
static (inside,outside) tcp interface https EXCHANGEIP https netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside

:)
 
Yea can access oma fine.

We've got a few blackberry devices, but I'm not 100% sure if they go through this or a blackberry service.
 
Can you access oma from the iphone?

Have you confirmed everything has been turned on for mobile messenging on exchange (system manager) and settings in AD for your user account.
 
Last edited:
Soz been away few days.

Yeah tried disabling SSL, but always get the message "cannot get mail, the connection to the server failed" when it's switched off.

Can't see anything in tcpview but I may be blind :p
 
Got it working finally :)

Followed these steps as seemed IIS was having a few issues.


In Exchange System Manager, Servers, <your server>, Protocols, HTTP. Right click on the Exchange virtual server and choose Properties. Click on the tab "Settings" and disable forms based authentication.
In IIS Manager, remove the SSL certificate from the default web site
Still in IIS Manager, remove the "Require SSL setting from all virtual directories, particularly, /exchange, /exchweb, /Microsoft-Server-ActiveSync and /oma.
Drop in to a command prompt and type iisreset and press enter.
Go back in to IIS manager, and find right click on the Exchange virtual directory, choose All Tasks, and then Save Configuration to a File.
In the File name box, type a name. To follow Microsoft's example, type "ExchangeVDir" and then click OK.
Right click on the root of the Default Web and choose New, then "Virtual Directory (from file)".
In the Import Configuration dialog box, click Browse and locate the file that you created earlier. Choose Open, then Read File.
Under "Select a configuration to import", choose Exchange, and then choose OK. You will get a dialogue box appear that states the "virtual directory already exists." The option to create a new virtual directory should already be selected. In the box enter an new name. To follow Microsoft's example, enter "exchange-oma" and choose Ok. The new folder should be created.
Right click on this new virtual directory and choose Properties. Then click on the "Directory Security" tab.
Under "Authentication and access control", click the Edit button. Ensure that only "Integrated Windows authentication" and "Basic authentication" are enabled. Change it if required. You need to ensure that Anonymous authentication is not enabled. Leave the Default domain and default realm blank. Press OK to go back to the main properties of the virtual directory.
Under "Secure communications", click the Edit button. Make sure that "Require secure channel (SSL)" is not enabled, and then click OK.
Drop in to a command prompt and run iisreset again.
Copy and paste the following registry entry in to a new notepad document and then save it as ExchangeVdir.reg. Then right click on it and choose Merge.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters]
"ExchangeVDir"="/exchange-oma"

After making the change, run iisreset again, then restart the IISADMIN service in Services.
Put the SSL certificate back on the site, but do NOT set the require SSL option at this time.
Test the sync process to prove that it works.
If sync works, re-enable forms based authentication in Exchange System Manager.
Once testing is confirmed to have worked, place IP address restrictions on the /exchange-oma virtual directory to restrict access to the server itself. You should also include 127.0.0.1. This ensures that the exchange-oma virtual directory isn't used to bypass the forms based authentication page. It isn't a requirement to make the change, the security of the server is not compromised and it is unlikely that users would find the directory and use it. You may also find the /exchange-oma virtual directory useful if you want to publish OWA web parts in SharePoint internally.
 
You must log in or register to reply here.
Back
Top Bottom