I am running into an intermittent problem with EAS and it appears to be iOS devices running 10.2 or 10.2.1 (we only have corp iPhones and most users are now on this iOS level).
We have the EAS profile pushed to the devices and the username and password is 100% correct within the profile. However after a period of time mail will stop syncing and users may see "Cannot Get Mail, The connection to the server failed" other users see password incorrect update the password, upon re-entering the same password in the profile mail will work again for a number of days.
On the CAS server I see the following event in the security log:
Event 4625 Audit Failure Logon
An account failed to log on.
Subject:
Security ID:
SYSTEM
Account Name:
SERVERNAME$
Account Domain:DOMAIN1
Logon ID:
0x3e7
Logon Type:3
Account For Which Logon Failed:
Security ID:
NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason:Unknown user name or bad password.
Status:
0xc000006d
Sub Status:
0xc0000064
The mailboxes are in a different AD site and should be proxied but it appears that the auth is failing before the proxying takes place, once re-entering the credentials it proxies and works fine.
the application pool for EAS is set to basic auth, internalauthenticationmethods is blank which means all authentication methods are ok.
My gut feeling is its something to do with the IIS token that is issued to the device that allows mail to sync for 24 hours or so before re-authentication, at the next re-auth its failing for some reason...
Does anyone have any ideas?
Thanks