SBS 2003 and iphone help needed
20 March 2009, 12:41 PM
#1
SBS 2003 and iphone help needed
Okay experts, please help a man who is pulling out the last of his hair 
Setup :
Windows SBS 2003 all patched, network cards teamed
More important the Exchange 2003 is fully patched with SP2
Router has all the necessary ports open for OWA, SMTP, RDP etc
IIS is running with the default web site having our paid for and fully verified Verisign SSl certificate.
Testing:
From an external address (on a mac and PC) we can log onto our OWA and get the certificate warning... Log in with our correct details and all works fine, can see the inbox and folder structure
Now go to the iphone and setup the account as detailed in the numerous walkthoughs available on the web from MS, Apple and other sites.
It seems to verify it.
Go to my mail box on the iphone and every feking time, it just fails.
Have tried just about everything I can think off and it still refuses to play ball
Any bright ideas where I am going wrong ?
Setup :
Windows SBS 2003 all patched, network cards teamed
More important the Exchange 2003 is fully patched with SP2
Router has all the necessary ports open for OWA, SMTP, RDP etc
IIS is running with the default web site having our paid for and fully verified Verisign SSl certificate.
Testing:
From an external address (on a mac and PC) we can log onto our OWA and get the certificate warning... Log in with our correct details and all works fine, can see the inbox and folder structure
Now go to the iphone and setup the account as detailed in the numerous walkthoughs available on the web from MS, Apple and other sites.
It seems to verify it.
Go to my mail box on the iphone and every feking time, it just fails.
Have tried just about everything I can think off and it still refuses to play ball
Any bright ideas where I am going wrong ?
Last edited by SwissTony; 20 March 2009 at 01:22 PM.
20 March 2009, 01:31 PM
#4
Sorry not really any help to you, mines set up on the pop3 account so its much simpler it seems.
I got help over the phone with O2, they have a dedicated help line for the iPhone.
iPhone Pay Monthly Dial Charges
From your iPhone 2302 Free
From a landline 0870 607 2302 National rate
Opening hours Monday - Friday 08:00 - 21:00
Weekend 08:00 - 20:00
Sorry its not much help, best of luck )
I got help over the phone with O2, they have a dedicated help line for the iPhone.
iPhone Pay Monthly Dial Charges
From your iPhone 2302 Free
From a landline 0870 607 2302 National rate
Opening hours Monday - Friday 08:00 - 21:00
Weekend 08:00 - 20:00
Sorry its not much help, best of luck )
Trending Topics
20 March 2009, 02:14 PM
#8
Scooby Regular
have you tried it without the SSL certs on IIS
I got this scenario working on a friends network, i.e. unecrypted (they werent bothered about encryption)
this will prove the config is OK apart from SSL, have you got the correct root cert on the iphone (verisign so would have thought so)
also when testing certs you can spoof DNS by creating a local host file, this will stop the warning message
I got this scenario working on a friends network, i.e. unecrypted (they werent bothered about encryption)
this will prove the config is OK apart from SSL, have you got the correct root cert on the iphone (verisign so would have thought so)
also when testing certs you can spoof DNS by creating a local host file, this will stop the warning message
20 March 2009, 02:25 PM
#9
Scooby Regular
also have you confirmed active synch is working from a windows mobile device
also when you put the url in i dont think you put the /exchange, just http://webmail.domain.co.uk
and also you need to put the username in as domain\username
also when you put the url in i dont think you put the /exchange, just http://webmail.domain.co.uk
and also you need to put the username in as domain\username
20 March 2009, 04:17 PM
#11
have you tried it without the SSL certs on IIS
I got this scenario working on a friends network, i.e. unecrypted (they werent bothered about encryption)
this will prove the config is OK apart from SSL, have you got the correct root cert on the iphone (verisign so would have thought so)
also when testing certs you can spoof DNS by creating a local host file, this will stop the warning message
I got this scenario working on a friends network, i.e. unecrypted (they werent bothered about encryption)
this will prove the config is OK apart from SSL, have you got the correct root cert on the iphone (verisign so would have thought so)
also when testing certs you can spoof DNS by creating a local host file, this will stop the warning message
also have you confirmed active synch is working from a windows mobile device
also when you put the url in i dont think you put the /exchange, just http://webmail.domain.co.uk
and also you need to put the username in as domain\username
also when you put the url in i dont think you put the /exchange, just http://webmail.domain.co.uk
and also you need to put the username in as domain\username
Sorry none of that works
We have tried it with, without certificates
We have tried it with all ports open on the firewall
We have tried making a new test account on the exchange server that has one message in the in box
We have tried different combinations on the username/url/servername
Everything and still the ****ing thing will not work
20 March 2009, 05:02 PM
#12
Scooby Regular
have you tried it with a windows mobile device
when you tried it without SSL did you disable SSL on the iphone
have you tried web browsing to the https://webmail.domainname.co.uk/oma, if so did it give you a certificate error
does your website support SSL or require SSL
when you tried it without SSL did you disable SSL on the iphone
have you tried web browsing to the https://webmail.domainname.co.uk/oma, if so did it give you a certificate error
does your website support SSL or require SSL
Last edited by hodgy0_2; 20 March 2009 at 05:03 PM.
20 March 2009, 05:09 PM
#13
have you tried it with a windows mobile device
when you tried it without SSL did you disable SSL on the iphone
have you tried web browsing to the https://webmail.domainname.co.uk/oma, if so did it give you a certificate error
does your website support SSL or require SSL
when you tried it without SSL did you disable SSL on the iphone
have you tried web browsing to the https://webmail.domainname.co.uk/oma, if so did it give you a certificate error
does your website support SSL or require SSL
2. yes
3. cant get onto that url
4. not quite sure what you mean. Our default website on the sbs 2003 box is running and has the SSL installed
20 March 2009, 05:50 PM
#14
Scooby Regular
when you run SSL on a website, you can just install the cert it will then accept requests on port 80 and 443, however if you check the box that says "require secure channel" then it will only accept connections on port 443
are you running "forms based authentication" if you are i would disable it and vice versa
re "cant get onto that url", you should be able to, using the web browsing on the Iphone connect to the OWA in exactly the same way you connect with PC/MAC, if you try this and get a certificate error then active sync wont work, and it will prove that the Iphone has the correct root cert for your SSL cert
PS -- this is based on my experiance with server 2003/exchange not SBS
SBS can be a bit quirky so i,ve heard, it maybe that it simply doesnt work
are you running "forms based authentication" if you are i would disable it and vice versa
re "cant get onto that url", you should be able to, using the web browsing on the Iphone connect to the OWA in exactly the same way you connect with PC/MAC, if you try this and get a certificate error then active sync wont work, and it will prove that the Iphone has the correct root cert for your SSL cert
PS -- this is based on my experiance with server 2003/exchange not SBS
SBS can be a bit quirky so i,ve heard, it maybe that it simply doesnt work
Last edited by hodgy0_2; 20 March 2009 at 05:53 PM.
21 March 2009, 08:24 AM
#15
when you run SSL on a website, you can just install the cert it will then accept requests on port 80 and 443, however if you check the box that says "require secure channel" then it will only accept connections on port 443
Dont have that box ticked
are you running "forms based authentication" if you are i would disable it and vice versa
correct, dont have have feature enabled
re "cant get onto that url", you should be able to, using the web browsing on the Iphone connect to the OWA in exactly the same way you connect with PC/MAC, if you try this and get a certificate error then active sync wont work, and it will prove that the Iphone has the correct root cert for your SSL cert
PS -- this is based on my experiance with server 2003/exchange not SBS
SBS can be a bit quirky so i,ve heard, it maybe that it simply doesnt work
Dont have that box ticked
are you running "forms based authentication" if you are i would disable it and vice versa
correct, dont have have feature enabled
re "cant get onto that url", you should be able to, using the web browsing on the Iphone connect to the OWA in exactly the same way you connect with PC/MAC, if you try this and get a certificate error then active sync wont work, and it will prove that the Iphone has the correct root cert for your SSL cert
PS -- this is based on my experiance with server 2003/exchange not SBS
SBS can be a bit quirky so i,ve heard, it maybe that it simply doesnt work
22 March 2009, 10:39 PM
#16
Scooby Regular
i would go back to square one
get it working without ssl certs first, (i have this non ssl working on a mates iphone/exchange environment)
I seem to remember getting the iphone to "turn off" ssl was a bit of a palava (maybe it was an early version)
but this will confirm the basic setup works, then you just have to trouble shoot getting it working with ssl
btw some iphone siteS seem to suggest you need forms based authentication turned on for it to work (in ssl)
get it working without ssl certs first, (i have this non ssl working on a mates iphone/exchange environment)
I seem to remember getting the iphone to "turn off" ssl was a bit of a palava (maybe it was an early version)
but this will confirm the basic setup works, then you just have to trouble shoot getting it working with ssl
btw some iphone siteS seem to suggest you need forms based authentication turned on for it to work (in ssl)
23 March 2009, 10:57 PM
#17
Scooby Regular
Join Date: Sep 2001
Location: Suffolk
Posts: 1,822
Likes: 0
Received 0 Likes
on
0 Posts
In IIS, what are the permissions set to on the Exchange, OWA & the remote folders? Should say something along the lines of "only allow IP's in the list below to access this site" etc, what are these set to?
When testing via a web browser (using the "/exchange") does it work?
Oh, and it's probably not the case here but make sure your phone is set to the correct date and time, otherwise it will also fail
When testing via a web browser (using the "/exchange") does it work?
Oh, and it's probably not the case here but make sure your phone is set to the correct date and time, otherwise it will also fail
Last edited by stiscooby; 23 March 2009 at 11:00 PM.
24 March 2009, 08:40 AM
#18
i would go back to square one
get it working without ssl certs first, (i have this non ssl working on a mates iphone/exchange environment)
I seem to remember getting the iphone to "turn off" ssl was a bit of a palava (maybe it was an early version)
but this will confirm the basic setup works, then you just have to trouble shoot getting it working with ssl
btw some iphone siteS seem to suggest you need forms based authentication turned on for it to work (in ssl)
get it working without ssl certs first, (i have this non ssl working on a mates iphone/exchange environment)
I seem to remember getting the iphone to "turn off" ssl was a bit of a palava (maybe it was an early version)
but this will confirm the basic setup works, then you just have to trouble shoot getting it working with ssl
btw some iphone siteS seem to suggest you need forms based authentication turned on for it to work (in ssl)
In IIS, what are the permissions set to on the Exchange, OWA & the remote folders? Should say something along the lines of "only allow IP's in the list below to access this site" etc, what are these set to?
When testing via a web browser (using the "/exchange") does it work?
Oh, and it's probably not the case here but make sure your phone is set to the correct date and time, otherwise it will also fail
When testing via a web browser (using the "/exchange") does it work?
Oh, and it's probably not the case here but make sure your phone is set to the correct date and time, otherwise it will also fail
Testing a web browser works fine
Phone is set to correct date and time
24 March 2009, 10:32 AM
#19
Scooby Regular
just to confirm that when you access it from the web browser you put the /exchange in the url -- but when you set it up from the iphone and it asks you for the server you just put in the url so
http(s)://webmail.mydomain.com/exchange ------ from a browser
webmail.mydomain.com ------- from your iphone active synch setup
i think stiscooby is asking whether you have IIS "locked down" to accept a specific range of IP addresses --- obvioulsy you dont want that
I also presume your browser checks are being done from an external internet connection i.e. from outside your LAN
http(s)://webmail.mydomain.com/exchange ------ from a browser
webmail.mydomain.com ------- from your iphone active synch setup
i think stiscooby is asking whether you have IIS "locked down" to accept a specific range of IP addresses --- obvioulsy you dont want that
I also presume your browser checks are being done from an external internet connection i.e. from outside your LAN
25 March 2009, 12:43 AM
#20
Scooby Regular
Join Date: Sep 2001
Location: Suffolk
Posts: 1,822
Likes: 0
Received 0 Likes
on
0 Posts
Yea as Hodgy say's, there are security settings on the virtual directories, well on the default web site too.
You just want to make sure that its not set to "allow only from these IP addresses".
Ideally you could also do with testing it on a windows mobile device if possible.
I know this can be a real bitch to get working sometimes, although I have never done it with an iphone. The first time we done this, well I got "assigned the job" of doing this at work I spent over 3 hours on the phone to Microsoft while they went through all settings etc within IIS.
Turns out there were some incorrect settings on certain IIS virtual folders. Needless to say I now have my "bible" on this subject which includes resetting IIS to default, creating the certificates etc etc..... I will take it to the grave!!
You just want to make sure that its not set to "allow only from these IP addresses".
Ideally you could also do with testing it on a windows mobile device if possible.
I know this can be a real bitch to get working sometimes, although I have never done it with an iphone. The first time we done this, well I got "assigned the job" of doing this at work I spent over 3 hours on the phone to Microsoft while they went through all settings etc within IIS.
Turns out there were some incorrect settings on certain IIS virtual folders. Needless to say I now have my "bible" on this subject which includes resetting IIS to default, creating the certificates etc etc..... I will take it to the grave!!
Last edited by stiscooby; 25 March 2009 at 12:54 AM.
31 March 2009, 01:31 PM
#21
Hi - had the same issues with my SBS / Exchange 2k3 setup.
I had to ensure all SP's were on completely as you have already and use the iphone advanced settings option.
Also ensure you've installed the certificate correctly?
I noted on mine that it took a few mins for the folder structure to appear so don't think that sometyhing you've done hasn't worked - give it a few mins before trying something else.
SOrry I may have repeated but am at work so didn't get chance to read full posts above
thanks
I had to ensure all SP's were on completely as you have already and use the iphone advanced settings option.
Also ensure you've installed the certificate correctly?
I noted on mine that it took a few mins for the folder structure to appear so don't think that sometyhing you've done hasn't worked - give it a few mins before trying something else.
SOrry I may have repeated but am at work so didn't get chance to read full posts above
thanks
31 March 2009, 08:45 PM
#22
Moderator
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
The Amset set is a good place for Exchange config (including OWA/ActiveSync etc)
Exchange - Mobile - Working with Windows Mobile Devices | Amset.info
Exchange - Mobile - Working with Windows Mobile Devices | Amset.info
01 April 2009, 08:46 AM
#23
Nice info there chris 
Just a little update, we are still struggling with this. To the point where in the meantime we have had a forward set up on the exchange server so the iphone can collect the mail via gmail
Shows how frustrated and annoying it is when you have to resort to a low level heath robinson method like that !!
Anyway we have not given up and so armed with a lot of the info and help given on this thread, we shall attempt to try again. Will keep you posted. If it does not work, anyone in the W1 area of London, please mind your step when walking around as there may well be an HP Proliant server landing on a pavement near you soon !!
Just a little update, we are still struggling with this. To the point where in the meantime we have had a forward set up on the exchange server so the iphone can collect the mail via gmail
Shows how frustrated and annoying it is when you have to resort to a low level heath robinson method like that !!
Anyway we have not given up and so armed with a lot of the info
and help given on this thread, we shall attempt to try again. Will keep you posted. If it does not work, anyone in the W1 area of London, please mind your step when walking around as there may well be an HP Proliant server landing on a pavement near you soon !!
02 April 2009, 04:24 PM
#25
******** IT IS BLOODY FIXED !!!! ************
Well today we came back to it for one more go !! Armed with all the info from here and various websites, plus a good degree of '****it' attitude we approached the machine with the intention of giving it a damn good kicking if it misbehaved.
But then I discovered something when looking at my clients exchange servers which work with the iphones. Everything was working fine yet each section on the servers matched. The ONLy difference was that ours was running SBS 2003 STANDARD whilst theirs were running SBS 2003 PREMIUM.
Now whilst I know there is a difference between the two versions, surely it could not make that much a difference ???
Yes it does. We simply upgraded our server from std to premium, upgraded the IIS and server tools, a quick reboot and suddenly everything worked !!
Now I know why I prefer the Apple OS
Well today we came back to it for one more go !! Armed with all the info from here and various websites, plus a good degree of '****it' attitude we approached the machine with the intention of giving it a damn good kicking if it misbehaved.
But then I discovered something when looking at my clients exchange servers which work with the iphones. Everything was working fine yet each section on the servers matched. The ONLy difference was that ours was running SBS 2003 STANDARD whilst theirs were running SBS 2003 PREMIUM.
Now whilst I know there is a difference between the two versions, surely it could not make that much a difference ???
Yes it does. We simply upgraded our server from std to premium, upgraded the IIS and server tools, a quick reboot and suddenly everything worked !!
Now I know why I prefer the Apple OS
02 April 2009, 04:34 PM
#26
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Chris,
Good to know you fixed it! I would love to know what the difference is between Standard and Premium that allowed it to work. Looking at things the main differences are MS SQL Server and MS Internet Security and Acceleration (ISA) Server.
The word "security" does make me wonder if perhaps it's this component that is the culprit, that it has something that is required.
Good to know you fixed it! I would love to know what the difference is between Standard and Premium that allowed it to work. Looking at things the main differences are MS SQL Server and MS Internet Security and Acceleration (ISA) Server.
The word "security" does make me wonder if perhaps it's this component that is the culprit, that it has something that is required.
03 April 2009, 08:28 AM
#28
Markus, appreciate the info there and cheers for the digging around
It would seem that our std version of SBS 2003 was fine, properly patched but for some reason just refused to play ball.
Now I am not usually a major fan of whacking on a new version in the vain hope that it works, I would rather work my way through the issue to find the root of the problem. However in this case, because of the time restraints and the fact I was ready to hurl it out the window, the upgrade to premium did the trick
Microsoft Internet and Security Acceleration (ISA) Server 2004 - I think this IS the culprit. Somewhere in the upgrade it changed the server tools, firewall settings etc. Bear in mind that before the upgrade, our router was also changed to one that was used and proven on another site. So it wasnt the firewall settings on the router but something in the internet and security settings on the premium version.
Suffice to say, I am now one happy bunny as I have true Activesync integration with calendering and mail on the iphone. I have resisted synching the contacts as my contacts on the iphone are perfect from my apple address book and if I sync it with exchange it would much it all up. I would get our company GAL but at what cost ?
Anyway, it works, end of
It would seem that our std version of SBS 2003 was fine, properly patched but for some reason just refused to play ball.
Now I am not usually a major fan of whacking on a new version in the vain hope that it works, I would rather work my way through the issue to find the root of the problem. However in this case, because of the time restraints and the fact I was ready to hurl it out the window, the upgrade to premium did the trick
Microsoft Internet and Security Acceleration (ISA) Server 2004 - I think this IS the culprit. Somewhere in the upgrade it changed the server tools, firewall settings etc. Bear in mind that before the upgrade, our router was also changed to one that was used and proven on another site. So it wasnt the firewall settings on the router but something in the internet and security settings on the premium version.
Suffice to say, I am now one happy bunny as I have true Activesync integration with calendering and mail on the iphone. I have resisted synching the contacts as my contacts on the iphone are perfect from my apple address book and if I sync it with exchange it would much it all up. I would get our company GAL but at what cost ?
Anyway, it works, end of
Thread
Thread Starter
Forum
Replies
Last Post
Scott@ScoobySpares
Full Cars Breaking For Spares
61
11 January 2021 03:08 PM
robbie1988
Wanted
2
13 September 2015 09:25 AM
Scooby-Doo 2
Wheels And Tyres For Sale
1
09 September 2015 06:51 PM