No announcement yet.

Exchange 2007 and iPhone authentication

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 and iPhone authentication

    A solution to a very annoying problem that I thought I'd share since it's taken me a while to fix it, and most of the guides online are close, but not quite right.

    My boss, in his wisdom, has bought an iPhone. He wants to use his iPhone to pick up his Exchange email. The iPhone supports IMAP, so this is possible, providing you enable IMAP on Exchange.

    By default, the iPhone sets up its IMAP accounts with an incoming port of 993, NTLM authentication, and SSL enabled. Which is good. For outgoing, it sets up port 587, NTLM, and SSL enabled. Which is also good - so you'd think.

    The problem we were having was that incoming mail worked just fine (the iPhone is a lovely little device - can't wait for it to get proper Exchange support), but that it would not send mail for love nor money.

    Eventually, after a great deal of pain, we discovered that if you uncheck the "Offer Basic Authentication only after starting TLS", mail will magically start sending on the iPhone. You have to turn off SSL for outgoing mail which is a bummer, but it will still do NTLM auth rather than simple password, which is something.

    The tickbox in question is on the authentication tab of the receive connector running on port 587, in the Hub Transport role of Exchange.

    I hope this helps out someone else while Apple/Microsoft get their act together and sort out ActiveSync for the iPhone.

  • #2
    Re: Exchange 2007 and iPhone authentication

    Mark Wilson also has a good article about this as well:

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: Exchange 2007 and iPhone authentication

      I had seen Mark's article, but I couldn't work out how to secure the IMAP server with SSL on Exchange 2007. This article (, linked to by Mark, explains how to do it in Exchange 2003, but you don't have the virtual SMTP server in 2007 and I'm at a bit of a loss as to where to add the settings.

      Am I missing something obvious?


      • #4
        Re: Exchange 2007 and iPhone authentication

        Actually, this may just be a naming problem. Again, this technote ( explains exactly what I need to do to enable SSL - but what's the name of the x509 certificate (or how can I list some to choose from; my server does have a valid SSL certificate for OWA)? Apologies if that's a really dumb question.


        • #5
          Re: Exchange 2007 and iPhone authentication

          If you have a valid certificate for OWA, did you import that in to Exchange? IF so then you could switch to using that certificate instead of the self generated certificate that it is probably using now.

          If you don't want to work with EMS then use PowerGui ( to change the SSL certificate.

          Simon Butler
          Exchange MVP

          More Exchange Content:
          Exchange Resources List:
          In the UK? Hire me:

          Sembee is a registered trademark, used here with permission.