Unfortunately, I'm not able to access our exchange server via IMAP, so I was hoping to at least be able to check it via OWA. Oddly enough, I get as far as the login using safari on the iphone, but it just stalls after that.

Has anyone had any success with OWA?

I was able to access our OWA with no problems.

Yes, I just tried it and it works fine.

I just tried as well, works just fine for me.

Thanks, guys. I'm not sure what it is about ours that's prohibiting me from logging on, but at least I know it's definitely possible (I guess that's a good consolation). :rolleyes:

By any chance, did you need to change any safari settings in order for it to work?

Safari just hangs for me when I try to display the OWA website. I've read lots of reports of similar behavior.

I wonder if it's due to a setting on the exchange server? (I'm obviously not very knowledgeable about mail/exchange settings)

Not working for me either.

Exchange server 2003, via SSL.

Just wanted to see if anyone who previously was unable to use OWA has had any success since.

This is really bumming me out since it's the only means for me to receive my corporate email.

Works fine for me.. Just browsed to the OWA website.

I am having the same problem with OWA, Safari just hangs. I have no problem on my laptop or other public computer.

Like some kind of fiend I've been scouring other forums for more information about this issue. While it definitely seems like other people are experiencing the same problem, I haven't come across an explanation or solution.

Like some kind of fiend I've been scouring other forums for more information about this issue. While it definitely seems like other people are experiencing the same problem, I haven't come across an explanation or solution.

Have you noticed any patterns?

I mean, it would be good to know the version of exchange and whether it's over SSL or not, and compare that information between the ones it's working for and the ones it's not.

I ran across one instance of a person who was able to access OWA via HTTP but not over HTTPS. I'm able to log in to my bank's web site via HTPPS so I'm not sure if that's the culprit.

The only Safari setting I touched ( I think) was cookies. I have it set to accept them "From visited". Could that be the problem?

Also, I can access my bank through https so I don't thnk that's the issue here.

Just checked and mine is already set to that :(

I did a reset on the phone as I could no get the login screen up on the owa domain. I figured Safari had cached it and maybe I typed the passworld wrong. When I went backin the login screen popped up and I tried again, and it just hangs there. I even deleted cookies and history and no go. Needs to be a solution to this soon as I am about at the end of my rope with the Iphone. I made some concessions and paid $600 and would at least like to get webmail if I cannot have activesync.

Leonard

Works fine for me. A little bit of trouble navigating around the page from the folder areas to the content area, but it works.

For those of you who have gotten OWA to work, is yours using http or https?

For those of you who have gotten OWA to work, is yours using http or https?

Mine is working with https.

Mine is working with https.

Could this be an issue of self-signed vs. "issued" SSL certificates?

I know IE7 doesn't like my company's self-signed cert.

B

Could this be an issue of self-signed vs. "issued" SSL certificates?

I know IE7 doesn't like my company's self-signed cert.

B


No, I don't think so.

We use an issued certificate (from Entrust) and I am not able to connect.

For those of you who have gotten OWA to work, is yours using http or https?


https here.

I think this issue has more to do with authentication than SSL. The reason I think that is that on our server I can browse to:

http://mail.mycompany.com and
https://mail.mycompany.com

and both work fine (i get the standard IIS under construction message because there is no page at that address).

Now if I browse to either

http://mail.mycompany.com/exchange or
https://mail.mycompany.com/exchange

I get a the hang after authentication. This makes me believe its the auth process and not the SSL negotiation.

I think this issue has more to do with authentication than SSL. The reason I think that is that on our server I can browse to:

http://mail.mycompany.com and
https://mail.mycompany.com

and both work fine (i get the standard IIS under construction message because there is no page at that address).

Now if I browse to either

http://mail.mycompany.com/exchange or
https://mail.mycompany.com/exchange

I get a the hang after authentication. This makes me believe its the auth process and not the SSL negotiation.

When I browse to either:
http://exchange.company.com
https://exchange.company.com

it redirects me to:
https://exchange.company.com/exchange

and then hangs

I have confirmed it is an authentication issue. On our IIS server we have hundreds of entries in a row from my iphone at the time I tried to log on. Each entry returns HTTP 401 which is authentication failed. Safari seems to be stuck in some sort of loop.

Marcomullet -

Any ideas for a fix. I am stuck and obviously much less tech. qualified than you. This is a real downer as I can't keep the phone w/o some sort of access to office email.


Thanks,

Leonard

I have confirmed it is an authentication issue. On our IIS server we have hundreds of entries in a row from my iphone at the time I tried to log on. Each entry returns HTTP 401 which is authentication failed. Safari seems to be stuck in some sort of loop.

OK I was able to work around this but I'm not sure if it's going to be available in large enterprises.

The solution is to only allow basic auth to OWA. If NTLM auth is enabled along with basic auth, then apparently the iPhone safari browser doesnt handle it well and it gets caught in a loop.

As soon as I check that I only want to allow basic auth I can authenticate an use OWA over SSL.

Note I don't condone any of the security ramifications associated with this change. I'm just merely reporting my results.

Marco,

Thanks, where do I find the meno on our server to make the change?

Leonard
OK I was able to work around this but I'm not sure if it's going to be available in large enterprises.

The solution is to only allow basic auth to OWA. If NTLM auth is enabled along with basic auth, then apparently the iPhone safari browser doesnt handle it well and it gets caught in a loop.

As soon as I check that I only want to allow basic auth I can authenticate an use OWA over SSL.

Note I don't condone any of the security ramifications associated with this change. I'm just merely reporting my results.

I believe you can also enable "Light Mode", for non-IE browsers which don't support seamless NTLM auth. This is what we do at Microsoft, anyway... when I use IE i get a "rich" client, and when using Safari or FF I get the "light client" which I prefer anyway. The light client works fine for my iphone.

One other thing I noticed, when typing, if you use autocomplete and a space gets added at the end of the username, OWA reports a bad username/password!

OK I was able to work around this but I'm not sure if it's going to be available in large enterprises.

The solution is to only allow basic auth to OWA. If NTLM auth is enabled along with basic auth, then apparently the iPhone safari browser doesnt handle it well and it gets caught in a loop.

As soon as I check that I only want to allow basic auth I can authenticate an use OWA over SSL.

Note I don't condone any of the security ramifications associated with this change. I'm just merely reporting my results.

That should be fine, as long as all authentication is happening over SSL. I don't believe browsers running on OS X that are able to talk to exchange can use NTLM anyway - and would be reverting to basic.

I could be wrong though.

Leonard,

You have to make this change on the IIS server that hosts OWA. I'd ask your admin about it as the instructions might be quite lengthy. I really cant recommend doing this however as further testing has shown that this prevents ActiveSync clients from being able to synchronize. A guy in my office uses ActiveSync with windows mobile 6.0 and after I turned off NTLM he couldnt sync his Exchange emails, so I was forced to turn it back on. It's really a browser issue.

As for the light mode. We have that enabled i think because that's what I get when I use firefox on the PC and firefox/safari on OS X. Still, I cant even get to that with NTLM enabled, but again, I cant disable NTLM because it messes up our ActiveSync clients it seems.

Catch-22

Well thanks. It shouldn't be this hard.

Leonard

Leonard,

You have to make this change on the IIS server that hosts OWA. I'd ask your admin about it as the instructions might be quite lengthy. I really cant recommend doing this however as further testing has shown that this prevents ActiveSync clients from being able to synchronize. A guy in my office uses ActiveSync with windows mobile 6.0 and after I turned off NTLM he couldnt sync his Exchange emails, so I was forced to turn it back on. It's really a browser issue.

As for the light mode. We have that enabled i think because that's what I get when I use firefox on the PC and firefox/safari on OS X. Still, I cant even get to that with NTLM enabled, but again, I cant disable NTLM because it messes up our ActiveSync clients it seems.

Catch-22

Leonard,

You have to make this change on the IIS server that hosts OWA. I'd ask your admin about it as the instructions might be quite lengthy. I really cant recommend doing this however as further testing has shown that this prevents ActiveSync clients from being able to synchronize. A guy in my office uses ActiveSync with windows mobile 6.0 and after I turned off NTLM he couldnt sync his Exchange emails, so I was forced to turn it back on. It's really a browser issue.

As for the light mode. We have that enabled i think because that's what I get when I use firefox on the PC and firefox/safari on OS X. Still, I cant even get to that with NTLM enabled, but again, I cant disable NTLM because it messes up our ActiveSync clients it seems.

Catch-22

I disabled NTLM on our exchange/OWA server. Active Sync clients seem to be unaffected (so far) - and my iphone safari client is now able to connect to webmail - so thanks for looking into this.

-Paul

Leonard,

You have to make this change on the IIS server that hosts OWA. I'd ask your admin about it as the instructions might be quite lengthy. I really cant recommend doing this however as further testing has shown that this prevents ActiveSync clients from being able to synchronize. A guy in my office uses ActiveSync with windows mobile 6.0 and after I turned off NTLM he couldnt sync his Exchange emails, so I was forced to turn it back on. It's really a browser issue.

As for the light mode. We have that enabled i think because that's what I get when I use firefox on the PC and firefox/safari on OS X. Still, I cant even get to that with NTLM enabled, but again, I cant disable NTLM because it messes up our ActiveSync clients it seems.

Catch-22

There must be a solution to that, because our mail server still supports activesync AND the iPhone. So does our client whom I access via OWA. So it is possible, you just need to figure out how.

I don't admin our exchange box. In fact, I'm not even in IT. So I'm afraid I can't help much there except ask them on Thurs.

Wow. Thanks guys. We're finally getting somewhere...at least in understanding the root of the issue.

I'll continue to investigate. I actually have a PocketPC with ActiveSync that I'm replacing (hence my desire to have this work also so I can do some testing on my own late at night.

We are using Exchange 2003 SP2 BTW. It might be good to know what versions of Exchange others are using.

Also exchange 2003, SP2.

Well thanks. It shouldn't be this hard.

Leonard

I would be interested to learn what criteria leads you to this conclusion.

Strictly a lay guy who can get web mail from my office exchange on my MacBook, Windows machine, local coffee shop, the guys computer next door, my current PDA, but not on the Iphone via Safari.

:rolleyes:
Leonard
I would be interested to learn what criteria leads you to this conclusion.

I'll continue to investigate. I actually have a PocketPC with ActiveSync that I'm replacing (hence my desire to have this work also so I can do some testing on my own late at night.

We are using Exchange 2003 SP2 BTW. It might be good to know what versions of Exchange others are using.

As long as you have only Basic authentication set for the "Exchange" directory on the web server, but have NTLM (and Basic) set for the Exchange-OMA & Microsoft-Server-ActiveSync objects, you should find that ActiveSync will continue to work along with iPhone Safari connectivity.

Other combinations will cause one or the other to function but not both at the same time.

-Paul

I'll look into that. I disabled NTLM just on exchange, but I haven't verified that it is enabled on the other virtual directories.

I'll try it as soon as I can and let you know the results.

Strictly a lay guy who can get web mail from my office exchange on my MacBook, Windows machine, local coffee shop, the guys computer next door, my current PDA, but not on the Iphone via Safari.

:rolleyes:
Leonard

And every one of those things, that are working for you now, probably did not work at some point in time. Maybe when you 'drove up' thing were working. But, few technological advances were bought without a trail of tears. It is not a perfect world in IT.

You sound like someone who does not have appreciation for the incredible complexity of today's technology. Tens of thousands (maybe hundreds of thousands) of people worked on the array of challenges it took to put email in the little device you have in your hand. All it takes is one small error, omission, or admin's checkbox and you are 'singing the blues'.

Others have reported that they are using this function successfully. So, it is probably not an issue with the phone. Have your IT department work the issue. That is what they are paid for.

When you get this resolved, always remember, there is a lot of blood spilled on the cutting edge. If you do not have the patience for it, wait awhile. My God, the thing have only been out for about four days. The 'underground how-to' is just getting started.

I am trying to get my wife's to work with Exchange as well. What does OWA stand for? Online Web Access?

paulpet,

Have you confirmed that is how your environment is configured? As soon as I turn off NTLM nothing will sync.

Here is what we have in our environment when it works:
OMA - Basic Only
Microsoft-Server-ActiveSync - Basic Only
Exchange - NTLM and Basic

I tried changing it to what you suggested
OMA - Basic and NTLM
Microsoft-Server-ActiveSync - Basic and NTLM
Exchange - Basic only

And activesync immediately stopped working on my PPC6300 device running windows mobile 5.0. As soon as I enabled NTLM again on the exchange things started working.

The documentation from this Exchange MVP and every other ActiveSync configuration documentation I've found says that NTLM is needed on the Exchange virtual dir:

http://www.shijaz.com/exchange/Exchange_ActiveSync_Windows_Mobile.htm
He says:
"Windows Integrated Authentication should be enabled on the Exchange virtual directory on the Exchange server."

At this point I'm really interested to know how you have it working cause turning off NTLM definitely grinds things to a halt on my server.

Thanks for your help in resolving this with me.

OWA is Outlook Web Access.

It's essentially a fancy marketing term that means

"An Outlook style web-interface into Exchange Server"

macro,

I went through a short process of trial and error, but what I wrote earlier is definitely working for me.

I probably should say I am not an exchange administrator, I manage our IT department - but I didn't want to hassle one of my mail admins to troubleshoot this issue for the one person in our company (that I know of) that has an iphone. So I am somewhat ignorant in the underlying mechanics of the OWA server. But know just enough to cause some mischief. :)

Here is the definitive list of directories and objects under our Default Web Site configuration for the exchange server that have either Basic, NTLM or both authentications configured. I'm not sure what's relevant and what's not - that's why I'm listing them all.

Exadmin - NTLM only
Exchange - Basic only
Exchange-OMA - NTLM & Basic
Microsoft-Server-ActiveSync - NTLM & Basic
OMA - Basic only
Public - Basic only

YES! I figured this out. paulpet, thanks for the help and information on your configuration. By cross referencing your config with mine and using good ol' google I was able to find this article:

http://support.microsoft.com/kb/817379/

The key here is that you had an Exchange-OMA directory and we didn't. What Exchange allows you to do (the article above was written to address SSL requirements) is create one virtual dir for ActiveSync and another for the OWA area you would normally see over the web. Both use HTTP of course but you can create the Exchange-OWA vdir and put different restrictions/authentication types on it. Like you can say that that directory doesnt require SSL (which is a requirement for ActiveSync to work) and that it DOES require NTLM (also a requirement for ActiveSync).

By having that virtual directory, you are free to change the Exchange virtual dir to whatever you need. In our case, requiring SSL and supporting basic auth only. This actually creates a more secure configuration because it enforces SSL for users using OWA (not possible if activesync and OWA access the same vdir).

Anyway, if anyone has any questions LTM. The above article describes the process, but I definitely wouldn't attempt it unless you have rights to do so and you know what you are doing (in case it doesn't work for you).

Good luck!

Unfortunately, I'm not able to access our exchange server via IMAP, so I was hoping to at least be able to check it via OWA. Oddly enough, I get as far as the login using safari on the iphone, but it just stalls after that.

Has anyone had any success with OWA?

Yes, works great.

As far as I can tell, it only doesnt work if you have NTLM enabled and are using integrated auth.

If you use forms based auth (you type your login into a welcome screen, rather than the iPhone asking you for credentials) or have your server configured to support basic auth only, you wont run into issues.

Paul & Macro,

Thanks for digging into this. While I certainly won't be tinkering with any of the settings you described above, I think I have enough info to refer to my IT group. Once I am able to access my corporate email I'll have everything I need on this phone.

Thanks again!

for those who had problems accessing owa before...did anyone figure a workaround or way of getting to owa now?

i'm able to log into owa for corporate email on ie and safari with my windows pc (and any machine with web browser).

but i'm having no luck with logging in through iphone. this sucks.

if anyone has ideas...please let me know. thanks.

My OWA problems have magically disappeared. I was playing around. On my Mac, I saved the Inbox frame of OWA from a Safari session to a text file. I then uploaded that file to my personal website as a static HTML page. From the iPhone, I then navigated directly to that page and it displayed. I was very surprised. But, now, standard OWA access works! I have no idea why. Maybe some resource is now cached in the iPhone. But, I can now navigate to my company's OWA page without problem.

really? how the heck? can you describe it a bit more on how? maybe i can try it out myself. thanks.

I can logon fine on my OWA webmail using my iphone Safari.

but I want my iphone' MailApp to logon onto my company's Exchange.

I can logon fine on my OWA webmail using my iphone Safari.

but I want my iphone' MailApp to logon onto my company's Exchange.

Ditto is there no app to act as an owa interface??
I found some apps for notes and tasks via owa, but not mail.