Iphone with MS Exchange

#Chri5# · 23 Mar 2010 at 12:26

Mark M said:
Whats the difference between a selfcert and a GD SSL? Im happy to pay the £20 a year but if self cert wont work why will this?

Thanks

It's all do with certificate authorities and how they work as a tree.

http://en.wikipedia.org/wiki/Intermediate_certificate_authorities might help.

So for the GD one I've shown, the Certification Path is:

ValiCert Class 2 Policy
> Go Daddy Class 2 Certifiication
> > Go Daddy Secure Certification
> > > mail.xxxxx.com

Your device can go back up the tree and will most likely have the ValiCert certificate in it's root, it can then trust the SSL issued to mail.xxxxx.com

You could buy a SSL certifcate of Verisign or Thwate, in which case you'd see a different chain / path. For OWA/DirectPush for a small business, the GoDaddy SSLs are fine IMHO.

Mark M · 23 Mar 2010 at 12:34

Ah right, that makes sense. Why didnt the IT company just do it properly in the first place and bill us for it everyear?!

Right, GoDaddy here I come.

Thanks for all the help, but I cant see this being the end of it quite just yet!

Ev0 · 23 Mar 2010 at 12:39

A self signed certificate is one created and signed by you, you are not a trusted CA in MS/Apples eyes

A certificate provided by a trusted CA, in this case Go Daddy, would mean that the world can see the certificate has been provided by a trusted source who has verified who you are, and thus you can be trusted.

*edit* that'll teach me for going and doing something else before hitting the reply button

#Chri5# · 23 Mar 2010 at 12:42

Cowboys me thinks...

https://www.testexchangeconnectivity.com/ might be useful for you.

http://www.amset.info/exchange/default.asp also has lots of stuff about setting OWA etc.

Mark M · 23 Mar 2010 at 15:45

#Chri5# said:
https://www.testexchangeconnectivity.com/ might be useful for you.

Ran this and its not good! Lots of fails

Report below

esting Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
Failed to test AutoDiscover for Exchange ActiveSync
Test Steps
Attempting each method of contacting the AutoDiscover Service
Failed to contact the AutoDiscover service successfully by any method
Test Steps
Attempting to test potential AutoDiscover URL https://domain.net/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL Test Steps
Attempting to resolve the host name domain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 195.XX.XXX.XX

Testing TCP Port 443 on host domain.net to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 195.XX.XXX.XX:443
Type: System.Net.Sockets.SocketException
Stack Trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()

Attempting to test potential AutoDiscover URL https://autodiscover.domain.net/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
Test Steps
Attempting to resolve the host name autodiscover.domain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 195.XX.XXX.XX

Testing TCP Port 443 on host autodiscover.domain.net to ensure it is listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with remote host
Exception Details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 195.XX.XXX.XX:443
Type: System.Net.Sockets.SocketException
Stack Trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()

Attempting to contact the AutoDiscover service using the HTTP redirect method.
Failed to contact AutoDiscover using the HTTP Redirect method
Test Steps
Attempting to resolve the host name autodiscover.domain.net in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 195.XX.XXX.XX

Testing TCP Port 80 on host autodiscover.domain.net to ensure it is listening and open.
The port was opened successfully.
Checking Host autodiscover.domain.net for an HTTP redirect to AutoDiscover
Failed to get an HTTP redirect response for AutoDiscover
Additional Details
A Web Exception occurred because an HTTP 404 - NotFound response was received from Unknown

Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.domain.net in DNS.
Failed to find AutoDiscover SRV record in DNS.
Tell me more about this issue and how to resolve it

The port 443 is definately open when checked via a web port checker (on server and another workstation) so not sure whats up there?

EDIT - going to get the GD cert this afternoon once the company credit card returns.

Mark M · 23 Mar 2010 at 16:47

Ok going to get the GD cert, is all I need a single domain standard SSL for $29.99?

There is an option for single domain with unlimited subdomains for $199.99!

I only need the one subdomain mail.domain.com/remote

Thanks

Sp00n · 23 Mar 2010 at 16:55

domain.com is the domain
mail.domain.com is the subdomain so the $30 license should be fine.

ethos · 23 Mar 2010 at 17:39

I get mine from here: http://www.rapidsslonline.com/rapidssl.php

5 years for $69.

s0ck · 23 Mar 2010 at 19:57

I've had this working with self signed certs on a 3GS. The iPhone pops up and whinges about it but works regardless. I'm not convinced this is going to solve your problem.

Instead, I'm wondering if your issue is more to do with the IIS directory /remote.
Could the iPhone be looking for /exchange?

Vertigo · 23 Mar 2010 at 23:17

Mark M said:
Ok going to get the GD cert, is all I need a single domain standard SSL for $29.99?

I bought a GD cert a couple of weeks back in order to get iPhones working for a friend and paid about £9 for the year - that's the one you want.

When you're configuring the server, forget the iPhone itself until you can access https://mail.domain.com/oma with a regular browser from the outside world and without any security warnings (you might get a warning about an unsupported device but this doesn't matter). Once you can get that far the iPhone will hook straight up.

Mark M · 24 Mar 2010 at 12:00

Ok, got the BG cert and it worked great. No more certificate errors when you try and log on remotely.

However the Iphone still wont connect! Exchange account verification failed!

Basically what Im doing, incase you can spot anything obvious, is as follows.

Settings>Mail>Add Accont>Microsoft Exchange

Email - [email protected]
Domain - domainname.local << not sure about this?
Username - username (as used to log into windows)
Password - windows password

Phone has a think about it for a little while and then a server box pops up to which I enter servername.domainname.local and then it tries to verify but fails.

Anyone spot anything Ive done wrong?

Thanks.

Confused · 24 Mar 2010 at 12:02

You'll need your external mail server address, rather than your internal one.

Also, try the "Domain" setting without the .local too

Mark M · 24 Mar 2010 at 12:05

Cracking! Worked a treat!

Thanks to everyone for the help.

#Chri5# · 24 Mar 2010 at 13:17

Excellent stuff