Weird Exchange 2013 mobile send issue

Django x2

Django x2

Django x2

Soldato
Joined
28 Sep 2008
Posts
14,190
Location
Britain
I'm guessing not much people have had chance to play with Exchange 2013, or even installed it into production yet, so this request might fall on deaf ears.

Basically, greenfield Exchange 2013 domain. OWA works fine, Outlook works fine, all mobile device accounts can be created but these are the issues:

iPhone:
Account creates fine
Emails received but only headers
No send (errors)

iPad
Same as above

Android
Account creates fine
Emails received (fully)
No send (errors)

Not sure what to check now. I've tried the mobile logging feature but that returns very little.
 
Whilst we are running Exchange 2013 we have not experienced the same issues you have seen. Does everything check out when you run a test connectivity test for ActiveSync?

https://www.testexchangeconnectivity.com/

Also who is your Certificate provider? saw weird issues with ActiveSync until I ran the DigiCert certificate tool which said there was a problem with the intermediate cert, it "fixed" it and since then has been fine.
 
Last edited:
Ah, this is the thing, currently we are only running self signed. We did the same with Ex2010 and that used to work fine however. Perhaps something has changed regarding the use of certs in 2013?
 
I would not run self signed if you want people accessing things from an external source (OWA/ECP/ActiveSync etc), or you have no budget to get a proper SAN cert. The only times I personally use self signed is in lab environments, production always gets a SAN cert.

Not saying that would definitely fix your problems mind.
 
I'm thinking it's probably a cert issue. That and I just found out there's no autodiscover.domain.com in the external DNS which I've just added. Who would you recommend, GoDaddy? Do I then just do a new certificate in exchange, copy the key, download and complete the request?

Thanks for your help so far :)
 
Only cert provider we use for the SAN certs at work is DigiCert, they're fine however they may be expensive compared to others, and to be honest if it's cheaper then GoDaddy will probably provide the same service really. Go with whoever works out best for you :)

When I last did a cert request I issued a New-ExchangeCertificate command, took the output to DigiCerts site and uploaded it there, then they completed it, handed me back the certificate data which I then used to finalise the request in Exchange.

I don't have the exact syntax to memory of the commands I used, I wrote up the process last time so I could re-use it next time, but it's in my docs at work!

I reckon you can find a guide on how to get the cert done online, possibly even on the GoDaddy site directly. Don't forget to include any names you want to use, such as owa.domain.com, autodiscover.domain.com, and you should also chuck in your local server hostname for internal clients as well.

Sounds like you don't have a wide range of servers installed? we don't tend to include local hostnames as we have so many servers, every protocol and virtual directory is using generic names which they all share, however if I was getting a cert for a small deployment, I would add the local hostnames in as well as it doesn't hurt. You also tend to get several names as a minimum so you may as well use them up.
 
no just the one server with all roles. As I say, all other forms are working fine, OWA (internal / external), internal Outlook, etc
 
Eulogy said:
I reckon you can find a guide on how to get the cert done online, possibly even on the GoDaddy site directly. Don't forget to include any names you want to use, such as owa.domain.com, autodiscover.domain.com, and you should also chuck in your local server hostname for internal clients as well.

Sounds like you don't have a wide range of servers installed? we don't tend to include local hostnames as we have so many servers, every protocol and virtual directory is using generic names which they all share, however if I was getting a cert for a small deployment, I would add the local hostnames in as well as it doesn't hurt. You also tend to get several names as a minimum so you may as well use them up.
Click to expand...

FWIW, local hostnames aren't allowed after November 2015 - Digicert. Hello split-horizon DNS.
 
didn't know that, learn something new every day! :D

As I mentioned though our SAN certs don't contain local hostnames as we have load balancing configured on pre-defined IP addresses in DNS which the servers are members of, no need for local hostnames.

However if you have a small business which is used to browsing to https://localexchangeserver/owa then it could be a little annoying for them I guess.
 
Yeah, I knew about the local hostnames. That's going to screw up some very large companies I know.

Got the issue resolved as this:
Company owns to external domains (one of which is also their internal domain to tie in with the changes due in 2015). However, their main external domain for mail is not that one.

So, they have domain1.com and domain2.com (and domain2.com is also their internal domain). I'd added domain1.com as an accepted domain and somehow had set it to be the default domain. I reverted the default domain back to domain2.com and mail from the mobile devices worked again. I also set up a 5 domain SAN too so that's all good for OWA, RPCoHTTPS, etc.

Thanks guys
 
You must log in or register to reply here.
Back
Top Bottom