Announcement

Collapse
No announcement yet.

iPhone 3G help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • iPhone 3G help

    I am almost ready to give up on the iphone 3g and syncing it to my work exchange box.

    I have a server with MS server 2003 and exchange 2003.

    My server has a valid SSL certificate. I have RPC over HTTP (and it works ) set up and users have been able to login, from outside the network to https://mail.company.com/exchange for the past year with no issues. This is OWA.

    Also, OMA works outside of the network. I have tested on Vista and XP machine with IE and I have a user who tested it from his phone which has windows mobile 5.

    My server has SP2 and active sync is enabled. All mobile services are active for all users in AD, that is a default setting. If I am wrong, please correct me.

    There must be something that I am missing.

    I can get the account/user to see the exchange box, that is a good sign, however, nothing syncs.

    Also, I cant send or receive mail from the phone from the exchange account.

    If I add the work email as a pop3 or imap account, mail sends and receives w/o any problems.

    I only have 1 exchange server in my company network.

    I followed a few guides from this site that other people tried on here and other forums.

    Thanks for any help in advance!

  • #2
    Re: iPhone 3G help

    "Valid SSL" - homegrown or external?

    There are a few posts on this forum too, but they may not be relevant
    http://forums.petri.com/showthread.php?t=26624
    http://forums.petri.com/showthread.php?t=26413
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: iPhone 3G help

      I purchased the SSL cert from www.dyndns.com

      They use geotrust. https://www.geotrust.com/

      Thanks.

      Comment


      • #4
        Re: iPhone 3G help

        Not got an iphone to test with but are you able to copy the cert onto it and open it to see if it thinks it is valid?

        Do you have anything between Exchange and the device (ISA for example)?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: iPhone 3G help

          Originally posted by AndyJG247 View Post
          Not got an iphone to test with but are you able to copy the cert onto it and open it to see if it thinks it is valid?

          Do you have anything between Exchange and the device (ISA for example)?
          The only thing between the exchange box and the iphone is a firewall. I know that the firewall is not the problem.

          I tried to email the SSL cert to my gmail account on the iphone and it installed it, but that is as far as I got with that.

          Also, there is a program that you can download that lets you configure the iphone on a computer, including adding the SSL cert, and then you can send the information to the iphone. That didnt work either.

          Personally, I think this is a problem with the SSL cert.

          However, I don't experience any problems with RPC over HTTP, OWA, or OMA...

          One other thing to note, someone from my office has a Sprint Instinct. I was able to set his up w/o any issues. However, his Instinct does not sync contacts or calendars with our exchange box, only email. And his phone actually said "use your company OWA address example: mail.company.com"

          I don't know why the SSL cert is being difficult with the iphone?

          Comment


          • #6
            Re: iPhone 3G help

            Could be a blind track but I don't know if they have the root certificates therefore if they trust the cert itself.
            You need to connect to the certificate name which should match the published IP (the name should resolve to it I mean) but as you have everything else working I suspect the issue is with the phone not Exchange.
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: iPhone 3G help

              Originally posted by AndyJG247 View Post
              Could be a blind track but I don't know if they have the root certificates therefore if they trust the cert itself.
              You need to connect to the certificate name which should match the published IP (the name should resolve to it I mean) but as you have everything else working I suspect the issue is with the phone not Exchange.
              How can I connect to the certificate? And I am assuming you are asking me to connect to the certificate off of the iphone, correct?

              Thanks.

              Comment


              • #8
                Re: iPhone 3G help

                Sorry, that was in response to "And his phone actually said "use your company OWA address example: mail.company.com""

                If you copy the cert onto the iPhone can you do anything with it? Open it to check the chain is valid etc?
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: iPhone 3G help

                  Originally posted by AndyJG247 View Post
                  If you copy the cert onto the iPhone can you do anything with it? Open it to check the chain is valid etc?
                  I don't know how to check 'the chain is valid'

                  I don't even know where the cert installs itself on the phone, because that is what I wanted to try last time. I wanted to see if I could pull the cert up, but I don't know where it saves to.

                  Originally posted by AndyJG247 View Post
                  Sorry, that was in response to "And his phone actually said "use your company OWA address example: mail.company.com""
                  Yes, the user who has the Sprint Instinct phone...his phone displayed that message telling me what address to use.

                  Comment


                  • #10
                    Re: iPhone 3G help

                    You may have to wait for someone that knows the iPhone better than I to find that out as I can't find anything at the moment.

                    In the server field, as shown here
                    http://support.apple.com/kb/HT2480
                    You still put in the owa address like the sprint?

                    Anything here too?
                    http://support.apple.com/kb/TS1693
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: iPhone 3G help

                      Originally posted by AndyJG247 View Post
                      You may have to wait for someone that knows the iPhone better than I to find that out as I can't find anything at the moment.

                      In the server field, as shown here
                      http://support.apple.com/kb/HT2480
                      You still put in the owa address like the sprint?
                      I have tried the same address that I use at home for OWA, which is the same for the Sprint user.

                      I have also tried adding the https://, but it seems to delete the https:// on its' own.

                      I have tried adding the user with DomainName/their user login (some forums/sites said that method of logging in worked for them)

                      Nothing....The more and more I think about it, I think that this is an iphone issue/SSL cert on the iphone issue.

                      If it was a problem with the server, OMA, OWA, and RPC over HTTP wouldn't be working.

                      My SSL cert for OWA/RPC over HTTP expired over the weekend. The user, off site, that was setup to use RPC over HTTP called me and said their email wasn't working. I already renewed my SSL cert, but I had to add in the new cert on Exchange. Once the new cert was added, they were able to sync all their settings again. This should have nothing to do with the iphone, since i have been trying since the begining of September to get the iphone working. I figured posting that information would be proof that the SSL cert is working as it should be.

                      Originally posted by AndyJG247 View Post
                      I have not seen this link yet, I am going to read it now.

                      EDIT- I read the link, it looks like they are talking about adding the domain name. I have also tried that, no luck.
                      Last edited by tomdlgns; 30th October 2008, 15:38.

                      Comment


                      • #12
                        Re: iPhone 3G help

                        update.

                        i am holding an iphone right now and i sent my new ssl cert to the phone, just updated it 10-24-08 so it expires one year from that day.

                        when i click on the .crt file from my gmail account, it says

                        Not Verified, in red. when i click install, this is what i see...

                        the authenticity of mail.mycompanydomain.com cannot be verified.

                        installing this profile will change settings in your iphone.
                        after it installs, i try to get mail and this is the error i see

                        Cannot Get Mail

                        the connection to the server failed

                        Comment


                        • #13
                          Re: iPhone 3G help

                          I believe that Apple have set the phone to ignore the certificate in some scenarios to make life "easier" for the user.
                          The easy test is to browse to OMA https://host.example.net/oma from the device.
                          If you get a certificate prompt the certificate is not being accepted.

                          It is possible that you have a bad SSL certificate. I have seen that before.
                          The fact that certificate has come from GeoTrust doesn't mean that it is trusted by the device. The list of supported certificates in mobile devices is much shorter than those on a desktop.

                          I would also suggest that you look to avoid putting the actual certificate on the device. If you are going to do that you may as well use a home grown certificate.

                          I can't answer specific iPhone questions, I haven't even seen one, let alone get one to work. I tell my clients to get a real PDA rather than a jumped up iPod using technology that is two years old.

                          Simon.
                          --
                          Simon Butler
                          Exchange MVP

                          Blog: http://blog.sembee.co.uk/
                          More Exchange Content: http://exchange.sembee.info/
                          Exchange Resources List: http://exbpa.com/
                          In the UK? Hire me: http://www.sembee.co.uk/

                          Sembee is a registered trademark, used here with permission.

                          Comment


                          • #14
                            Re: iPhone 3G help

                            Originally posted by Sembee View Post
                            I believe that Apple have set the phone to ignore the certificate in some scenarios to make life "easier" for the user.
                            The easy test is to browse to OMA https://host.example.net/oma from the device.
                            If you get a certificate prompt the certificate is not being accepted.

                            It is possible that you have a bad SSL certificate. I have seen that before.
                            The fact that certificate has come from GeoTrust doesn't mean that it is trusted by the device. The list of supported certificates in mobile devices is much shorter than those on a desktop.

                            I would also suggest that you look to avoid putting the actual certificate on the device. If you are going to do that you may as well use a home grown certificate.

                            I can't answer specific iPhone questions, I haven't even seen one, let alone get one to work. I tell my clients to get a real PDA rather than a jumped up iPod using technology that is two years old.

                            Simon.
                            haha, damn, you have it out for me...dont you?

                            lol, jk, thanks for the replies!

                            Comment


                            • #15
                              Re: iPhone 3G help

                              i AM able to connect, from the iphone in safari, to

                              https://mail.companydomain.com/oma

                              it asks for user and password

                              i put that in and i see my contacts, calendar, email

                              Comment

                              Working...
                              X