7

I am trying to get iphones to play with our exchange 2010 server.

I have opened ports 25 and 993 on the firewall, and I can get the account to validate, but I cannot send or receive email from it.

The iphone is set to use Exchange settings. I am able to connect from my computer from outside the company into the OWA through the firewall.

I have not purchased an SSL cert. Is this what I'm missing?

Any suggestions?

edit:

I currently have the exchange server running in a DMZ, so my firewall is simply passing all traffic back to the exchange server. I can validate the account (so my server address, username and password are good), but it will not send or receive email. I'm only getting 'allowed' messages on the firewall, so it does not appear to be blocking anything. But still no sending or receiving. Is an SSL cert required for this? I verified that activesync is running on the exchange server.

jeremy
  • 855
  • 4
  • 19
  • 31

4 Answers4

10

Be sure to have port 443 for https open for the iPhone.

ewwhite
  • 194,921
  • 91
  • 434
  • 799
6

When we got ActiveSync going in Exchange 2007 several years ago we ran into an issue with certificate validation. Historically we'd used SSL certificates for OWA based on our own internal CA; if you work for us, you should use our CA, QED. However, mobile devices proved hard to convince to accept new CA certificates, so we ended up having to purchase certificates from an Authority just to ease things for our users.

As I recall, iPhone (this was several years ago, things may have changed) was one device that did do certificate validation, and required purchased certificates to work.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • 1
    iPhone was one of the easier (weaker) ones, it just says "are you sure you want to trust this unknown certificate?" and you tap the accept button. At least in iOS 3, not sure if 5 still does that. – TessellatingHeckler Nov 06 '11 at 15:58
  • @TessellatingHeckler It was a while ago, so I could be confusing it for early Android or maybe Blackberry. But we had big problems with one of 'em. – sysadmin1138 Nov 06 '11 at 16:38
6

http://www.testexchangeconnectivity.com is the Microsoft site to use to check your connections from outside, you want the Exchange Activesync test, and be sure to use an account you can change the password after testing.

On your firewall, you only need port 443 (HTTPS) from outside to the Exchange server.

On the Exchange server, you need a certificate installed, but it doesn't have to be a purchased one, you can self-sign one for free if you have Certificate Services installed on a server in your company - but not all devices will make it easy to use. iPhones just prompt once to approve your certificate on email account setup, which is easy enough.

You do need to configure ActiveSync on the Exchange server, but not a lot of config is needed in 2010. http://www.expta.com/2010/02/how-to-securely-deploy-iphones-with_25.html but ignoring the certificates part might get you there.

TessellatingHeckler
  • 5,676
  • 3
  • 25
  • 44
1

Exchange does not simply use imaps, which usually run on port 993. You probably need to open for ActiveSync.

Quoting http://support.microsoft.com/kb/259369:

ActiveSync 4.x requires the following Winsock Transmission Control Protocols (TCP) to be available:

  • 990 (RAPI)
  • 999 (Status)
  • 5721 (DTPT)
  • 5678 (Legacy Replication)
  • 5679 (Handshake & Legacy Replication)
  • 26675 (Airsync)
Kvisle
  • 4,113
  • 23
  • 25