Home / server / Questions / 138862
Accepted
colemanm
Asked: 2010-05-06 08:09:28 +0800 CST

iPhones don't sync with Exchange 2003 ActiveSync

  • 772

We're having problems getting iPhones to sync properly with SBS 2003 Exchange.

When you add a new Exchange ActiveSync account on an iPhone and enter all the pertinent information, it shows a "Verifying Exchange account info" message for a minute or so, then says everything's verified and asks what you want to sync, Mail, Contacts, Calendars... so it looks like it's working.

However, when you go to the Mail app and select the Exchange email account, it just shows an "Inbox" folder with nothing in it. When you try refreshing, it attempts for a second, then says "Last Updated" with a timestamp, as if it worked, but there's no mail and no error message/feedback at all.

I think I've narrowed it down to some sort of certificate issue, but I'm having trouble finding out where to go from here... I ran MS's Exchange connectivity testing tool with these results:

alt text

Our cert was purchased from Network Solutions, and I'd already added it to the IIS Default Website for OWA purposes. But this report makes it look like the cert is somehow problematic. I don't know what to do now...

Here's a shot of the cert details, just in case:

alt text

exchange-2003 iphone activesync ssl-certificate

3 Answers

  1. Does the iPhone have the CA for that certificate on it by default (I'd expect it to being a Verisign cert but you never know)?

    If you can browse on the iPhone to https://yourdomain.com/exchange with no warnings then it shouldn't be a certificate issue.

    If you've not already had activesync working I'd be thinking authentication settings in IIS or something along those lines.

    • 0

  2. You're getting that error in the Exchange connectivity testing tool because the Network Solutions SSL certificate isn't trusted by default in Windows Mobile phones. The only ones that are trusted by default are:

    * Class 2 Public Primary Certification Authority (VeriSign, Inc.)
* Class 3 Public Primary Certification Authority (VeriSign, Inc.)
* Entrust.net Certification Authority (2048)
* Entrust.net Secure Server Certification Authority
* Equifax Secure Certification Authority
* GlobalSign Root CA
* GTE CyberTrust Global Root
* GTE CyberTrust Root
* Secure Server Certification Authority (RSA)
* Thawte Premium Server CA
* Thawte Server CA
* Valicert

    I usually go with GoDaddy certs for this reason (they purchased Valicert and their CA root awhile ago).

    That being said, iPhones do trust Network Solutions certs. Are you running Exchange 2003 SP2? iPhones need Exchange 2003 SP2 to sync.

    • 0
  3. Best Answer

    So... it turns out the issue is a Small Business Server Exchange 2003 problem. I got it solved by following this Microsoft KB article.

    Though different diagnostic tools were hinting at unrelated issues, like certificates and authentication, the problem was that ActiveSync on SBS is expecting a specific Virtual Directory in IIS called exchange-oma that was not there for some reason, so I had to create the directory myself:

    The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.

    I'm not sure how that VDir wasn't there, but recreating it did the trick.

    Thanks everyone...

    • 0