• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Connecting mobile devices to our new Exch 2010 install...HELP??

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> Mobility >> Connecting mobile devices to our new Exch 2010 install...HELP?? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Connecting mobile devices to our new Exch 2010 install.... - 6.Nov.2012 10:13:28 PM   
bcontento

 

Posts: 2
Joined: 6.Nov.2012
Status: offline
Background:
We were an SBS2003 house and have just stood up an entirely new domain including standard servers for AD (Server 2012) and Exchange 2010 (2008R2). I created all new accounts...nothing migrated. I got and installed a certificate for our domains/servers. Internal emails are working fine. External emails are flowing in and out.

MX records for the domain point to email.craigasmith.com and that resolves an IP address in my firewall where I have NAT rules setup for SMTP, HTTPS.

My issue is connecting the mobile devices (WinPhones, Androids, iPhones, and Tablets). I have a WIN7 phone and can't get it to sync (it wont autodiscover settings...I have to enter everything). I've installed the certificates on the phone, but no luck. I have a user with an Android that used a third-party app to ALMOST connect. The app says it can't get a PUSH connection, but can do a request pull. The app indicates there is no ActiveSync policy applied (but it looks like there is one in the Exchange console)

I've tried all of the different testing functions I can find...here are some results:

- I can hit the OWA from inside and outside the firewall both on desktops and mobiles (https://email.craigasmith.com/owa/)

- I run the ServerActiveSync tests from testexchangeconnectivity.com and get all green checks until:


Testing HTTP Authentication Methods for URL https://email.craigasmith.com/Microsoft-Server-ActiveSync/.
The HTTP authentication test failed.

Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>


- OWA "about" info:

Mailbox owner: Bryce D. Contento [bcontento@craigasmith.com]
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)
The required version of Silverlight is installed: Yes
Required version of Silverlight: 2.0.31005.0
Outlook Web App experience: Premium
User language: English (United States)
User time zone: (UTC-05:00) Eastern Time (US & Canada)
Exchange mailbox address: /o=CAS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Bryce D. Contento82a
Host address: https://email.craigasmith.com/owa
Version: 14.1.421.2
Host name: email.craigasmith.com
S/MIME control: not installed
Exchange Client Access server name: CAS-EXCH.CASNET.CRAIGASMITH.COM
Exchange Client Access server .NET Framework version: 2.0.50727.5456
Client Access server operating system version: Microsoft Windows NT 6.1.7601 Service Pack 1
Client Access server operating system language: en-US
Client Access server version: 14.1.218.0
Client Access server language: en-US
Client Access server time zone: (UTC-05:00) Eastern Time (US & Canada)
Client Access server platform: 64bit
Mailbox server name: CAS-EXCH.CASNET.CRAIGASMITH.COM
Mailbox server Microsoft Exchange version: 14.1.218.0
Other Microsoft Exchange server roles currently installed on the Client Access server: Mailbox, Hub Transport, Unified Messaging
Authentication type associated with this Outlook web application session: Kerberos
Public logon: No
Internal POP setting:
Server name: CAS-EXCH.CASNET.CRAIGASMITH.COM
Port: 995
Encryption method: SSL
Internal IMAP setting:
Server name: CAS-EXCH.CASNET.CRAIGASMITH.COM
Port: 993
Encryption method: SSL
Segmentation settings: fffffffeefc3ffff
Restricted functionality settings: fffffffeefc3ffff

- OWA options screen, where you click on "Settings for POP, IMAP, and SMTP access... " returns "Not Available" for all three

- I used the Exchange ActiveSync MD application and get this for the Autodiscover process:
Test #1:

Testing following Autodiscover address:
https://craigasmith.com/autodiscover/autodiscover.xml
Response: The remote server returned an error: (401) Unauthorized.
Explanation:
Wrong username/password. May also occur if you're using a reverse proxy which performs authentication.
Could also be caused by authenticating with user@domain.com if Active Directory doesn't accept this.
Status: FAIL

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Test #2:

Testing following Autodiscover address:
https://autodiscover.craigasmith.com/autodiscover/autodiscover.xml
Status: PASS

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>Bryce D. Contento</DisplayName>
<EMailAddress>bcontento@craigasmith.com</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://email.craigasmith.com/Microsoft-Server-ActiveSync</Url>
<Name>https://email.craigasmith.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Test #3:

Testing following Autodiscover address:
http://autodiscover.craigasmith.com/autodiscover/autodiscover.xml
Response: The remote server returned an error: (403) Forbidden.
Explanation:
You are either running a non-provisionable device, or a provisionable device that haven't been provisioned yet.
First check: Tick off "Provisionable device" and run test again.
Second check Tick off "Support security policies" and run test again.
Status: Further action required

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'm at a real loss here as to what to do next. Any help is GREATLY appreciated!
Post #: 1
RE: Connecting mobile devices to our new Exch 2010 inst... - 7.Nov.2012 8:06:33 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Do you have the name autodiscover.craigasmith.com registered on your certificate?

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to bcontento)
Post #: 2
RE: Connecting mobile devices to our new Exch 2010 inst... - 7.Nov.2012 8:16:47 AM   
bcontento

 

Posts: 2
Joined: 6.Nov.2012
Status: offline
thanks for the reply. No, the autodiscover child domain is not on the cert yet.

good news though. I found a post mentioning setting "inheritable permissions" on the user's account in AD/security and VIOLA. My WinPhone synced! I also just heard one of my Android users is in!

iOS working!

Interesting note: once it gets to the point of connecting, the users are prompted to create a PIN number on their device.

< Message edited by bcontento -- 7.Nov.2012 9:15:46 AM >

(in reply to de.blackman)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> Mobility >> Connecting mobile devices to our new Exch 2010 install...HELP?? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter