iPhones don't sync with Exchange 2003 ActiveSync

Question

We're having problems getting iPhones to sync properly with SBS 2003 Exchange.

When you add a new Exchange ActiveSync account on an iPhone and enter all the pertinent information, it shows a "Verifying Exchange account info" message for a minute or so, then says everything's verified and asks what you want to sync, Mail, Contacts, Calendars... so it looks like it's working.

However, when you go to the Mail app and select the Exchange email account, it just shows an "Inbox" folder with nothing in it. When you try refreshing, it attempts for a second, then says "Last Updated" with a timestamp, as if it worked, but there's no mail and no error message/feedback at all.

I think I've narrowed it down to some sort of certificate issue, but I'm having trouble finding out where to go from here... I ran MS's Exchange connectivity testing tool with these results:

Our cert was purchased from Network Solutions, and I'd already added it to the IIS Default Website for OWA purposes. But this report makes it look like the cert is somehow problematic. I don't know what to do now...

Here's a shot of the cert details, just in case:

For specific mobile devices, one way is simply to ask the provider of the certificate. In some situations (eg valicert) you may need to follow some instructions to remove and install very specific intermediate chains on the actual web server/IIS to get older mobile devices to trust the certificate. — Oskar Duveborn, May 05 '10 at 21:12
I just redownloaded the whole cert chain package from Network Solutions and followed their instructions on how to import them to the cert store on IIS, but I'm still seeing the same issue. This is why you have someone else host Exchange for you :). — colemanm, May 06 '10 at 23:25

score 0 · Answer 1 · answered May 05 '10 at 17:54

0

Does the iPhone have the CA for that certificate on it by default (I'd expect it to being a Verisign cert but you never know)?

If you can browse on the iPhone to https://yourdomain.com/exchange with no warnings then it shouldn't be a certificate issue.

If you've not already had activesync working I'd be thinking authentication settings in IIS or something along those lines.

answered May 05 '10 at 17:54

flooble

2,364
7
28
32

I can't remember exactly, but I'm pretty sure all of this was working up until I added the cert in IIS when we bought it. It's hard to tell since everyone else uses Blackberries that shortcut this problem through the BB Enterprise Server. When I hit that address on my iPhone, I first get a generic HTTP authentication prompt, then after entering my user/pass I see a blank page with "Unspecified error" on it... – colemanm May 05 '10 at 20:26

score 0 · Answer 2 · answered May 05 '10 at 20:53

You're getting that error in the Exchange connectivity testing tool because the Network Solutions SSL certificate isn't trusted by default in Windows Mobile phones. The only ones that are trusted by default are:

* Class 2 Public Primary Certification Authority (VeriSign, Inc.)
* Class 3 Public Primary Certification Authority (VeriSign, Inc.)
* Entrust.net Certification Authority (2048)
* Entrust.net Secure Server Certification Authority
* Equifax Secure Certification Authority
* GlobalSign Root CA
* GTE CyberTrust Global Root
* GTE CyberTrust Root
* Secure Server Certification Authority (RSA)
* Thawte Premium Server CA
* Thawte Server CA
* Valicert

I usually go with GoDaddy certs for this reason (they purchased Valicert and their CA root awhile ago).

That being said, iPhones do trust Network Solutions certs. Are you running Exchange 2003 SP2? iPhones need Exchange 2003 SP2 to sync.

I am running Exchange SP2... so I dunno what could be wrong... — colemanm, May 05 '10 at 21:51
Browse to https://yourdomain.com/OMA and see if you can login (try from a PC and your iPhone). If you can't, chances are that the Exchange virtual directories are misconfigured. Follow the steps in this MS KB page to recreate them: http://support.microsoft.com/kb/883380 — zippy, May 06 '10 at 00:33

score 0 · Accepted Answer · answered May 07 '10 at 12:54

So... it turns out the issue is a Small Business Server Exchange 2003 problem. I got it solved by following this Microsoft KB article.

Though different diagnostic tools were hinting at unrelated issues, like certificates and authentication, the problem was that ActiveSync on SBS is expecting a specific Virtual Directory in IIS called exchange-oma that was not there for some reason, so I had to create the directory myself:

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.

I'm not sure how that VDir wasn't there, but recreating it did the trick.

Thanks everyone...

Please mark this as the correct answer to your question. – pauska May 07 '10 at 13:39 — pauska, May 07 '10 at 13:39

iPhones don't sync with Exchange 2003 ActiveSync

3 Answers3