iphone not connecting after sbs exchange migration to new server

Forums › Microsoft Windows › iphone not connecting after sbs exchange migration to new server

gareth41

742 posts

Ultimate Geek
+1 received by user: 79

#41358 14-Sep-2009 17:15

just migrated exchange over to a new server, ports 80, 25, 110, and 443 forwareded in the router to the new sbs exchange server (router also has static ip assigned from the isp with domain A and MX pointed to the static ip), all internal email using outlook 2007 is working no probs, outlook web access works no probs everyone can send the receieve mail without any problems on their pc's connected on the lan, however the iphones no longer work and have lost their contacts, i just cant work why the iphones dont work, im sure its something very simple. can anyone point me in the right direction? there is currently no security certificate installed on the sbs server will this make any difference? i must also add that i cant connect externally to the exchange server using outlook 2003 on my laptop connecting from another location, "exchange server not found" when trying to connect to static ip of router, would this be the reason why the iphones cant connect?

CYaBro

4708 posts

Uber Geek
+1 received by user: 1182

ID Verified

Trusted

#255684 14-Sep-2009 18:24

That will be the problem, not having a cert installed on the server.
Also, not sure if it will help but port 444 and 4125 are usually open for a sbs install. Port 444 is more likely but 4125 is only for RWW I think.

Opinions are my own and not the views of my employer.

gareth41

742 posts

Ultimate Geek
+1 received by user: 79

#255726 14-Sep-2009 20:16

CYaBro: That will be the problem, not having a cert installed on the server.
Also, not sure if it will help but port 444 and 4125 are usually open for a sbs install. Port 444 is more likely but 4125 is only for RWW I think.

if i disable ssl would that fix it?

gareth41

742 posts

Ultimate Geek
+1 received by user: 79

#256031 16-Sep-2009 09:58

ok heres an update of where i am so far, im also sill have problems btw.

after googling tonnes of websites ive found out that the only ports that are needed are the ports i mentioned in my first post, no other ports are needed and imap is not needed, neither rpc over http. i successfully syncd a smartfone but get that dreaded error msg when trying the same with an iphone, "connection failed" ive heard its a common problem with the iphone and there is a way to fix it, how to fix it i wouldnt a clue, ive tried to many settings and following various tutorials, all which reference to imap and rpc over http which i know 100% certain these are not needed. can anyone help i need to get this all sorted

gareth41

742 posts

Ultimate Geek
+1 received by user: 79

#256299 16-Sep-2009 22:07

it would be much appreciated if someone could help me on this, im even willing to pay someone if thats what it takes to get help on these forums, i cant leave it any longer and am also looking for help elsewhere, please pm me thanks.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#256309 16-Sep-2009 22:19

Here is how you configure ActiveSync on your iPhone. Note it says "iPhone or iPod touch will try to create a secure (SSL) connection to your Exchange server. If it cannot do this, it will try a non-SSL connection. To override the SSL setting, go into Settings, then Mail, Contacts, Calendars, select your Exchange account, tap Account Info, then toggle the Use SSL slider."

A SSL certificate shouldn't be needed then. But since you can't access the server when using Outlook from outside your network I'd say that either your port forward is incorrect or your server's firewall is blocking the incoming connections.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

bcourtney

652 posts

Ultimate Geek
+1 received by user: 27

Trusted

#256312 16-Sep-2009 22:26

Use SSL with the default self-signed certificate that SBS creates on your server. This certificate will need to be installed on the iPhones of course.

Where are you based?

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

DavSke

4 posts

Wannabe Geek

#256317 16-Sep-2009 22:50

Could this be your problem have you upgraded to Exchange 2007

Opinion: Apple betrays the iPhone's business hopes
Apple security fix makes many iPhones suddenly incompatible with Exchange
By Galen Gruman, San Francisco | Wednesday, 16 September, 2009
Fixing a major but unacknowledged bug in the operating system, last week's iPhone OS 3.1 update has rendered most iPhones and all iPod Touches incompatible with Exchange 2007 servers that require on-device data be encrypted, a standard safeguard used by businesses.

In other words, Apple has fundamentally betrayed its iPhone users and the businesses that have either explicitly or implicitly supported the device.

If you're like me, you probably ran the iPhone OS 3.1 update late Friday along with all the other Mac OS X updates. And perhaps, like me, you found your device no longer syncing to your company's Exchange 2007 Server. I, for one, assumed something had changed on the back end. After all, a dot-one update is a bug fix, so there shouldn't have been anything major to watch out for. But I learned on Monday it was the update itself that was to blame.

My first reaction was, "Damn. Now I can't check email or schedules when not at my desk. I wonder how long it will take for Apple to fix the issue." Our IT department is not about to relax its encryption requirement to deal with a change in Apple's OS. Why should it?

Then it sunk in. The iPhone has been falsely reporting to Exchange servers since July 2008 that it supports on-device encryption.

The lie the iPhone has been telling
That's right. Thousands of users have been accessing email, calendars, and contacts over Exchange connections through their iPhones or iPod Touches, not knowing they were compromising their corporate security. During that entire time, Apple has extolled its support of Exchange and convinced many businesses that the iPhone was a corporate-class device they should embrace or, at least, tolerate.

How many businesses will revisit that support now that they know Apple shipped and promoted a product as fit for business only to later find that the device had a major security flaw? Apple clearly knew of the flaw at some point; otherwise, it would not have fixed it in the iPhone OS 3.1 update. Worse, how many users or businesses will trust Apple, now that they know it not only hid a major flaw from their attention but also slipstreamed a fix that broke compatibility with most of its devices?

Consider the implications on Mac OS X Snow Leopard, which now boasts the same Exchange support as the iPhone. As of the Mac OS X 10.6.1 update of last week, it still works with our encryption-requiring Exchange 2007 Server. But how does anyone know Snow Leopard won 't have a similar breakdown in the future, if not for encryption then for something else?

I suspect that Apple has set back its enterprise cause several years, if not permanently.

The fundamental damage that Apple has done to itself involves trust. IT may be glad that now unencrypted iPhones and iPod Touches — meaning every model except the iPhone 3G S released earlier this year — aren't violating their security policies. But IT won't be happy about learning those devices were unsecurely accessing their Exchange servers or about dealing with all those users whose iPhones and iPod Touches suddenly have lost access to Exchange.

No good options to fix the problem
And IT won't be happy to follow Apple's official suggestions: Either replace the devices with 3G S models or change the security policies to allow at least iPhone users to access Exchange without requiring on-device encryption. Neither option is realistic, and both show an amazing naïveté, or perhaps arrogance, about Apple's view of the business environment.

The third option — downgrading the iPhone OS to 3.0 — is unrealistic for many users. If you're lucky and the last backup of your iPhone has the previous OS, go to iTunes and click Restore. Otherwise, you need to have a copy of a 3.0-based backup (Mac OS X users who have Time Machine running likely will), or you need to download the 3.0 version from BitTorrent or other questionable sites, then restore your iPhone or iPod Touch using that older OS. Note that you have to Option-click in Mac OS X or Shift-click in Windows the Restore button in iTunes to be able to choose that backed-up or downloaded 3.0 OS. After the restore is complete, you'll likely have to reinstall some apps, update your music files, and so forth to reflect changes made since the last backup; if you have no backup, you're essentially starting over. Despite what I read on various blogs, I was able to restore an unsanctioned iPhone OS 3.0 onto my iPod Touch using the new iTunes 9.

I have my Exchange access back — but I had to become a hacker to do it. Few people will do that. And many organisations may decide to ban all iPhones and iPod Touches from Exchange rather than risk access by unencrypted devices that hack around their security policies by dowbngrading to the 3.0 OS or not upgrading to the 3.1 version.

There's a fourth possible option, which is the only one that would satisfy legitimate IT security concerns: Apple revs iPhone OS to include software encryption, so the pre-3G S devices can honestly tell Exchange 2007 they support on-device encryption. But Apple has avoided implementing such encryption since Day 1, except for the 3G S released in July. I'm betting there's a reason the on-device encryption is available only on the faster-chip model. Plus, Apple has been very clear in saying it won't support simultaneous processes in the iPhone OS, which any software encryption would likely need to be.

Does Apple have a plan to reenable the pre-3G S models' ability to work with Exchange when encryption is a requirement? I asked Apple that question yesterday, and a spokeswoman said she would let me know when she had an answer. So far, there is none.

The sick feeling of betrayal
I really like my iPod Touch, but at this point, I won't buy another one or an iPhone. Right now, I simply can't count on Apple to do the right thing. If I did get a 3G S or some future encryption-enabled iPod Touch model, what other nasty surprise will I find a year on?

While the apps are fun and being able to go to the Web when on the road is useful, the major benefit that I — and most business users — get is access to email and calendars. If the devices touted for more than a year as great at doing that really can't do it in the real-world business context, they're not worth the several hundred dollars they cost or the limited space in my pockets. I can get a Palm Pre instead; after all, it still works with Exchange, and for my on-the-road music, I can bring along a cheaper iPod.

I've been a champion of the iPhone as more than a fancy iPod for a couple years now, suggesting that businesses give it a serious look despite some of its more IT-desired omissions. Now, I feel embarrassed for having done so. I've tolerated Apple's half-baked iPhone management tools, given that the company has been careful not to claim professional-level management support. But Apple's made a lot of hay about its Exchange support. Yes, it technically supports Exchange, but not in the way that anyone would expect in the real world. Yet Apple let us all think it did. Then it revealed the truth in a damaging, surprising, inconsiderate way.

That's a double betrayal. And a sad, sick feeling.

Apple has to move quickly to fix the immediate problem and start giving business users with the information they need and the respect they deserve.

gareth41

742 posts

Ultimate Geek
+1 received by user: 79

#256364 17-Sep-2009 08:17

thanks everyone
i managed to get it all sorted, was as simple as installing exchange 2003 sp2, since i did the initial server install from sbs 2003 r2 media i assumed all the service packs were included, i didnt think to check the exchange service pack in exchange system manager, however when i did it was only sp1 so downloaded and installed exchange sp2 from microsoft, shortly after i installed sp2 all the iphones started syncing again.

just though i would reference this in case anyone else is having same prob, sp2 for exchange has to be installed for an iphone to sync otherwise you will just get a connection error.