Quantcast
Channel: Exchange Server 2013 - Mobility and ActiveSync forum
Viewing all 1206 articles
Browse latest View live

Certificate Based Authentication (iOS) - initially connects fine then "The connection to the server failed"

May 31, 2013, 5:10 am
$
0
0

I've setup certificate based authentication for activesync on Exchange 2013.  We're using primarily iOS devices and that's all I'm testing with for now. 

I apply the profile using Apple's iPhone configuration Utility, install the profile on the phone and my mailbox syncs as expected.  I can send and receive messages for a short time, somewhere between 2 and 5 minutes.  After that I cannot get a connection again and get the message "The connection to the server failed."  I am able to access the server through safari so network connectivity is OK.  The only way to regain a working activesync connection seams to be either rebooting the phone completely or instructing the iPhone to "Reset Network Settings" which also ends up rebooting the phone.

I have verifiied that "Include inheritable permissions from this object's parent" is selected in the users AD security settings which was the only item I have found that may relate to this error in my searching.

I did have certificate based auth working in my Exchange 2007/2010 environment and also in my Exchange 2013 test environment.

The Exchange remote connectivity analyzer test for activesync fails but only because of the certificate auth which it doesn't seem to be setup to handle.  Everything else passes.

Search

Issues connecting to Exchange from Android Handsets

September 23, 2015, 11:15 pm
$
0
0

Hello,

I recently replaced my companies wildcard SSL certificates. After replacing the certificates, Webmail and Outlook connectivity work fine, however mobile email has stopped syncing for android phones within the company.

When viewing the account settings on the mail client on the phones I receive a message stating "There are problems with the security certificate for this site" with the option to Cancel, View or Continue. If i View the certificate I see the new wildcard certificate, and everything seems ok. however If i select continue, i receive the message: "Unable to open connection to server. Security error occurred" 

I have tested connectivity using the remote connectivity analyzer, to test active sync and the tests are successful.

I have spent hours on this and don't know where to look, any assistance would be appreciated.

Rob

how to address an issue :where contacts in a shared mailbox is going missing periodically

September 26, 2015, 10:07 pm
$
0
0

We have a shared mailbox, from which contacts keeps going missing periodically. the mailbox is around 40Gb in size, shared with 2-3 people, contacts having 5000+ items in them and environment is Exchange 2013 Enterprise version  and Outlook 2013 , Blackberry phones being the main clients connecting to this server. 

What is the best approach to take to identify the cause of whats happening? Enabling diagnostic logging : As this would render the email access slow and also will cause the mailbox to grow(mailbox is already 40Gb now), was wondering if this is the right approach. 

would appreciate if anyone can kindly advise. 

thanks,

How to remove active sync devices for all users after migration to O365

August 18, 2015, 12:46 pm
$
0
0

We have always had an issue with FIM not deleting old accounts when they still have active sync devices. We would run a script to remove those activesync devices, then it would complete successfully.

Now that we have migrated from Exchange on prem to Exchange Online, the script fails, but we still continue to have the issue deleting accounts.

If I manually run REMOVE-ACTIVESYNCDEVICES on our on-prem Exchange server I get the error. "Couldn't find 'domain.com/OU/username' as a recipient."

How can I remove activesync devices from all users now that we are fully migrated to exchange online?

Try to connect through iphone/android Outlook but get "Unable to access the server"

September 29, 2015, 11:37 pm
$
0
0

Hi,

I get the error "Unable to access the server" when I try to log in to my exchange mail through my phone.

When I test the connection with microsoft activesync test program it fails at the SSL-certificate phase.

"Hostname mail.domain.se does not match any name in the servercertificate CN=Asa Temporary Self Signed Certificate"

ASA is my router and I do have other certificate for Exchange which matches mail.domain.se, why does it choose a certificate I didnt even make?

Access rights to Manage Mobile Device Quarantine list

October 1, 2015, 4:11 am
$
0
0

Hi

I am a exchange 2013 administrator, recently my organization has requested to create a quarantine policy for Active sync mobile (certain mobile devices model) device to access exchange server.

The teamhead of each department will need permission to view the approve based on thier team user request.

currently team head doesnt have permission to view the quaratine list (activesync) in ECP console. I need to create a group with minimum RBAC to allow the Team head to approve this request. I dont want them to provide any more permission which will affect my exchange 2013

kindly provide us the best RBAC policy which meet my requirment

regards

Ram

Have Exchange Check for Mobile Provisioning Profile Prior to Allowing ActiveSync

October 1, 2015, 9:02 am
$
0
0

It is possible to setup a rule in Exchange that forces Exchange to check a mobile device for a provisioning profile prior to allowing an Activesync connection? I am thinking along the lines of something in the Allow/Block/Quarantine feature where the rule would state 

"Allow only devices provisioned with Meraki Management Device Profile"

Or something similar

question on active sync proxy / redirect in Exchange and urls

October 1, 2015, 10:38 am
$
0
0

question on active sync  proxy / redirect in Exchange and urls

Exchange Server A in AD Site A

InternalUrl                         :https://myexchangeurl.com/Microsoft-Server-ActiveSync

ExternalUrl                         :https://myexchangeurl.com/Microsoft-Server-ActiveSync


Exchange Server B in AD Site B
InternalUrl                         :https://myexchangeurl.com/Microsoft-Server-ActiveSync

ExternalUrl                         :

User A has mailbox on Exchange Server A in  AD Site A. 

User B has mailbox Exchange ServerB  in  AD Site B.

Both Exchange servers are multirole CAS/HUB/Mailbox

If a User A connects to  CAS server in site A , the first CAS server they hit will provide connection to  their Exchange Mailbox  Server   and  the device also update its url if it is not correct ?  Or will the CAS server redirect them to use the their own mailbox server for CAS ? 

If User A connects to CAS in  site B:  it will proxy  them to Site A and the phone will not be updated with the external URL ?

If a user hits site B: and the mailbox is in site B:  since there is no external url it will not redirect the phone to use a different url ?

If Site A goes down do we need to have Exchange Server B externalurl populated ?

Search

Active Sync only working for some users.

October 2, 2015, 8:43 am
$
0
0

Hello 

I am working in a small law office (22 employees) 

We have some users who are able to connect their iphones through the EXCHANGE entry in IOS.

I have more users though that can not.  They are forced to use IMAP.  We attempt to connect the phones to the sever and we get checkmarks showing that the connection works.  But when a send/receive is attempted there is a error saying unable to communicate with server.

I know that Exchange 2010 had a limit of 10 devices per user, but my question is a bit different. I was wondering if there was a max number of allowed users for activesync in 2013.

thanks in advance.


Identify who owns the phones connected to a mailbox

October 2, 2015, 12:25 pm
$
0
0

Trying to do this in PowerShell -  looking for a way to identify all the user phones that are connected to a certain mailbox. But most importantly who actually owns that phone, not just a list of "android" or "iPhone" that doesn't tell us who is the user/owner of that device.

Ex. We have a shared mailbox called "OrgCal" and over a dozen users have their phones connected to this mailbox with ActiveSync to use as a shared calendar.  We need to know who those users are.

get-mobiledevice -mailbox "OrgCal" gives us a big list of phones but there is no way to associate those phones with their actual user, that we know of.

Any ideas? thank you,

Mobile error - You have too many devices paired with outlook

October 4, 2015, 8:03 pm
$
0
0

Hi,

One of my mobile admin mailbox is registered with 51 mobile devices and when he try to test one of the mobile device now he is getting below error. We are having Exchange 2013.

"You have too many devices paired with outlook. Please remove unused devices and try again"

I've collected all the identity of the devices and removed all the devices using below command.

Remove-ActiveSyncDevice –Identity "device identity"

But still all the devices are showing when i run "Get-ActiveSyncDevice -Mailbox user" command and still my mobile administrator unable to connect mailbox using mobile device and getting the same error.

Can you suggest how i can remove all the devices from user's mailbox successfully if more devices registered in the user's mailbox.

Thanks.



Exchange 2013 external internet access Outlook 2013 prompts for password

October 5, 2015, 10:16 pm
$
0
0

Hello, we have two servers (1 Client access and 1 Database) of Exchange 2010 and four servers with NLB and DAG (2 Client access and 2 Database) of Exchange 2013. When domain joined computers are connected to the external network opening Outlook 2013 prompts for credentials. I think it should use computer authentication to open Outlook. My mailbox is in Exchange 2013 server, but we still have some users in 2010 Exchange so we can't decomission 2010 servers yet. Here are our configuration:

Get-OutlookAnywhere:

Exchange 2010 CAS

ServerName                         : EXCH1
SSLOffloading                      : False
ExternalHostname                   : ***.lt
InternalHostname                   :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : False

Exchange 2013 CAS:

ServerName                         : EXCH131
SSLOffloading                      : True
ExternalHostname                   : ***.lt
InternalHostname                   : ***.lt
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True

Other Exchange 2013 CAS:

ServerName                         : EXCH132
SSLOffloading                      : True
ExternalHostname                   : ***.lt
InternalHostname                   : ***.lt
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True

Can the issue be of Exchange 2013 CAS configuration of IISAuthenticationMethods {Basic, Ntlm, Negotiate}? Our Autodiscover configured through SRV record in public DNS.

Sorry for my bad English, hope you understood my problem. Thanks for any help.

EDIT: I've created test Exchange 2010 mailbox and it prompts for credentials on external network too.


iPhone - This message has not been downloaded from the server

October 7, 2015, 1:37 am
$
0
0

Hi,

I have recently changed the main accepted domain to another and this is when the issues started.

On the iPhone I can setup the account fine with no problems. I can see the mail and it even shows a preview of the message but when I go into the message I receive the "This message has not been downloaded from the server" error message.

It's been driving me up the wall for the last few days.

I have removed and re-created all the virtual directories, installed a new wildcard ssl certificate to match the new domain, updated to the latest CU10. I have configured the external directories to point to correct place.

Any ideas would be great.

Thanks in advance

exchange 2013 - certificate renew question

October 7, 2015, 11:22 pm
$
0
0

Hello, 

  1. our RapidSSL Certificate will expire.  
  2. How to insert the new ALPHA SSL Certificate in the exchange 2013?   (client allready bought it - but I think there is something wrong - certificate name is  9111.customer-domain.com and it links to the IP of the Homepage.  (which is wrong I think).  Ideally the exchange certificate links to the extern exchange server hostname (the public ip)
  1. I noticed, that the current RapidSSL Certificate is only visible / binded to Port 443 in  IIS Manager
  2. I didn´t see it under Exchange ECP/ECM - Server - Certificate.  (I assume that there are only the local certifcates for outlook 2013)

What do you suggest?

As far as I know - this is the normal way to generate / install a new self signed certificate:

http://www.msblog.eu/exchange-2013-serverzertifikat-erstellen/

Will the iphones, windows phone and android phone will get the new certificate automatically?  (no manually install?) (only deleted account / create account on mobile phone in case it is not working?)

thank you!  Best regards

Non-domain authentication for autodiscover

October 8, 2015, 4:45 am
$
0
0

Hi,

We have a new Exchange 2013 setup and a selection of new Android handsets that I need to get the mail set up on. At the moment, my autodiscover record is picked up but I need to add domain credentials to complete the set up. Is there a way for me to configure our Exchange server to allow connections based purely on the email address and password that I have entered?

Thanks in advance!

Search

Apple Mail and Exchange 2010 SP1 Account via RPC over HTTPS (outlook anywhere)

October 8, 2015, 3:52 am
$
0
0

Hello, 

client have 14000 Mails in Inbox and a 7 Gigabyte Mailbox.

He is complaining that Apple Mail is syncing / refreshing all the time.

Do you have any Idea in that case?

thank you in advance

Calendar Stops updating in IPhone 6 in exchange 2013 CU5 environment

October 8, 2015, 9:46 pm
$
0
0

Hi,

We are running exchange 2013 CU5

We have an issue of calendar sync for one our VIP user in Ihpne 6

Calendar sync stops randomnly

It updates in OWA and outlook, but in the device it never updates

Steps Follwed:

1. unchecked calendar sync in the settings and checked back

2. Tried remove and adding account

3. Tried different internet source than mobile data as well

Any thing know issue in this combination? please suggest

Manju Gowda

My galaxy S4 not able to receive emails from my office microsoft exchange

October 14, 2015, 12:26 am
$
0
0

I have Galaxy S4 GT-I9505 with android version 5.0.1.

I have configured my office email on android email. Configuration  works fine but I do not receive any email.

I just get blue circle rotating all the time

Then I downloaded outlook app and configured, but same issue I do not receive any emails.

I get message "You ve reached Inbox zero".

I have contacted our system administrator with the issue, he configured test email account on my mobile and it works fine.

I received email with test account.

He says there is some issue with configuration of my email account on MS exchange server. But not able to find out what is the issue.

All my colleagues with difference mobiles they get all emails on their phone. 

Can anyone help me please?

Active Sync policy based on client subnet or computer group?

October 14, 2015, 9:58 am
$
0
0

i wish to have an active sync policy for internal lan clients so they can use the mail and calendar apps in windows 10. Since the machines are desktops they don't have encryption enabled and thus don't satisfy the current active sync policy used by phones.

is there a way to have separate active sync policies for a specific subnet or computer group?

thanks

Tech with Alberta Education

CBA and basic authentication with one virtual directory

September 18, 2015, 8:27 am
$
0
0

Hi,
as per
https://technet.microsoft.com/en-us/library/bb125170(v=exchg.150).aspx
Authentication settings The two methods of authentication you can configure for the Exchange ActiveSync virtual directory are Basic authentication and Client certificate authentication.

in several tutorials we read  Basic authentication should be disabled and client certificate should be required

http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based-authentication-for-exchange-activesync.aspx

The question we have is:
Can the let basic authentication active and set "Accept client certificate" in order to set up some clients with CBA without impact the existing Active Sync user using user name / Password
or do we need separate ActiveSync virtual directories?

Thanks

Eckhard

Viewing all 1206 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>