how to resolve Exchange ActiveSync
problems between Exchange and the iPhone
My Exchange and iPhone setup
Now would be a good time to tell you of my setup. Here are the relevant details to my scenario in my test lab:
Exchange 2007 Server with POP3 and IMAP services configured
Client Access Server (CAS)
Mailbox Server
iPhone with many mailbox accounts configured for ActiveSync, POP3 and IMAP.
No certificates configured for my Client Access Server
OK. I know that no certificates on my, or for my, CAS is not best practice. But I understand the risks and this is my test lab.
If your scenario is similar to mine then I hope that this document is useful. To successfully work through this document, you will need to have administrative access to your Exchange Server. If you don't, then you may need to enlist the help of your friendly Exchange Administrator.
Troubleshooting an ActiveSync Account on the iPhone
You'll no doubt remember this familiar error message:
The first step is to test whether the iPhone can actually connect to the server.
To do this, you'll need to start troubleshooting from the iPhone itself. We will test three areas, as follows:
1. Whether the iPhone can resolve your server name
2. Whether the iPhone can ping your server
3. Whether the iPhone can connect to the server
To do this, you'll need to download some apps to your iPhone.
I performed these tests using an iPod Touch as well as an iPhone and so used WiFi for connectivity. You might be using an iPhone and later need or want to repeat these tests using the cellular network. If you'd like to do this, you'd simply turn off WiFi on the iPhone.
If you don't use WiFi, then perform these tests using your cellular network.
Whether the iPhone can resolve your server name
1. On the iPhone, find the free app 'DNS Lookup' from Nettica and install it.
2. Run DNS Lookup (see picture below)
DNS Lookup will use the DNS servers that your iPhone is already configured up for.
3. Enter a Server IP address, or a server name.
This will be the server you already have configured on the iPhone, the Host Name.
If the app is able to resolve your server to an IP address, then the iPhone has passed the first test.
But if the app can't resolve your server name then you should check the following to get the iPhone to pass this test:
a) Can the iPhone currently browse the internet?
b) Can DNS Lookup resolve a well known address - news.bbc.co.uk?
c) Is the server name or IP address correct?
Whether the iPhone can ping your server
This test may fail if your network (where your Exchange Server is) is set to ignore ping requests. It's worth performing this test for any information that may be gleaned and for completeness.
1. Find and install Ping Lite to the iPhone. See shot below.
2. Click on the Ping button.
3. In the resultant screen, paste in the IP address you obtained from the previous test and click the 'Start' button.
Examine the output. If all four packets were received by the server then this is good; it further proves connectivity between your iPhone and the server. But if all packets fail, then this may simply be because your IT department has configured their routers not to respond to ping requests. We move on to the final test.
Whether the iPhone can connect to the server
You'll need an ActiveSync client. An ActiveSync client will allow us to test whether it is possible to connect directly to the Exchange Server from the Touch or the iPhone.
1. On the iPhone find the free app, ActiveSync Tester and install it.
2. Run AS Tester on the iPhone (see image below)
3. Fill in the fields shown in the screenshot above.
The server will be as you had it previously configured on your iPhone before it all went wrong! This will be the Host Server you used in the first test - 'can your iPhone resolve your server name'.
The username is usually the user's login name used to log on to the user's computer.
The Domain is your domain or your company's domain (e.g. acme.com).
4. Click START TEST.
If you get an error at this stage then the iPhone actually can't reach your server.
Possible reason:
Port 433 is blocked by a firewall or router at the edge of the Exchange Server network. Port 443 is used by ActiveSync.
You will need to verify this yourself if you are responsible for your own network, or by contacting someone responsible for the network. Most organisations will block ports, leaving open only those that are necessary. Those ports are then secured using some form of authentication. Port 443 is not normally a common port that is opened and you might need to negotiate.
In this case the test reveals that "ActiveSync IS NOT available. (Username or Password incorrect.)"
But I knew that ActiveSync was available because other iPhone devices were working.
So I re-ran the test by putting in my credentials from my iPhone.
This all worked. The Tester declared that ActiveSync was available (see screenshot below).
This meant that the problem is decidedly with the user of the iPhone.
Looking at the Security Logs for the CAS Exchange Server, I found the following entry for one of the times I'd tried to connect as the problem user.
I then remembered that this user was recently prevented from logging onto any computer except one - his desktop.
Using ADUC (by clicking on the 'Log On To' button, see screenshot below) to allow this user to also log onto the server, has now resolved the problem.
I could connect as the user, using the ActiveSync tester.
I should qualify that in doing this, taking the above step, does not allow the user to log on to the server directly.
The last stage is to get the iPhone Mail app working. It won't just work like that, it would seem. You need to make a change to the existing account, like re-enter the password, or delete and re-enter the account again.
Once you've done this, and if your problem is similar to this one, it should all just work again.
If you've got ActiveSync policies set up on your server then you'll get a similar message to this one:
You'll need to click on Continue and put in a new passcode before you can continue.
I hope that this guide was useful to you. The iPhone's Mail App can fail for a number of reasons and this guide has a resolution for only one problem. But the steps outlined here is the way that I normally resolve most iPhone Mail problems. Take these troubleshooting steps and you will be much closer to resolving your particular problem.
Copyright 2010 Cairos Computing Limited
Help Computing is a trading style of Cairos Computing Ltd.
Help Computing is a trading style of Cairos Computing Ltd.
What are we
up to?
up to?
We'll write about the
sorts of things we get up
to. It'll be a slightly techy
read, but we'll try our
best to make it readable!
There'll soon be lots of top tips for the technically minded too.
Want to know more? Click the icon above..
There'll soon be lots of top tips for the technically minded too.
Want to know more? Click the icon above..
You may have found that for some reason, your ActiveSync configuration to Exchange on your iPhone stops
working. And instead it continually tells you that the password is wrong.
You've changed the password in Active Directory Users and Computers. To no avail. Like me, you even tried putting in any old password, you know, made up ones. The message is quick and still the same.
It made me think that the iPhone wasn't actually checking the password.
You've changed the password in Active Directory Users and Computers. To no avail. Like me, you even tried putting in any old password, you know, made up ones. The message is quick and still the same.
It made me think that the iPhone wasn't actually checking the password.
Related Links
Troubleshooting POP and Exchange and iPhone connectivity problems
Troubleshooting IMAP and Exchange and iPhone connectivity problems
Troubleshooting POP and Exchange and iPhone connectivity problems
Troubleshooting IMAP and Exchange and iPhone connectivity problems
helpcomputing
If you and your computer are in or around London, we
could help!