any other Exchange admins? got a weird one for you

Discussion in 'iPhone Tips, Help and Troubleshooting' started by pesos, Apr 25, 2010.

  1. pesos macrumors 6502a

    pesos

    Joined:
    Mar 30, 2006
    #1
    So our Exchange 2010 activesync has been humming along just fine with winmobile, iphones, droids, etc.

    Over the weekend we renewed our SSL cert - the old one was based on the Starfield root, the new one is based on the GoDaddy root. Shouldn't be an issue though - the intermediates are installed and OWA works just fine on Windows browsers as well as Safari on OS X 10.6 -- OWA also works fine from the iphone.

    However! iPhones have stopped working via activesync, throwing "connection to server failed" - thanks for that helpful generic message apple.

    Palm Pres and Droids still seem to be synching fine, and the weirdest part is that my iphone seems to be the only one that is still working fine (I am running os4 beta 2 - everyone else i've talked to who isn't working are running 3.1.3).

    I would think if anything that I should be the one having problems! Any ideas would be quite welcome...

    thanks,
    Wes
     
  2. Geckotek macrumors G3

    Geckotek

    Joined:
    Jul 22, 2008
    Location:
    NYC
    #2
    Wow, wish I could help you. I'm still running E2K7. Most likely upgrading 3rd Qtr.

    Just reaching here.....are you secured through ISA? Checked the ISA logs?

    Turn up Diag Logging on the Hub Transport server, check the app log. Check IIS logs.

    One of these servers should turn up an error....hopefully.
     
  3. pesos thread starter macrumors 6502a

    pesos

    Joined:
    Mar 30, 2006
    #3
    nope no ISA... yeah I guess it's time to dig into the logs. yay :)

    thanks for the help... by the way you will love 2010!
     
  4. Geckotek macrumors G3

    Geckotek

    Joined:
    Jul 22, 2008
    Location:
    NYC
    #4
    BTW...I meant CAS...not Hub Transport (mine are dual role so wasn't thinking.) Anyhow....you put your CAS server directly on the Net!!! :eek:

    http://msexchangeteam.com/archive/2009/10/21/452929.aspx
     
  5. pesos thread starter macrumors 6502a

    pesos

    Joined:
    Mar 30, 2006
    #5
    yeah, it's not ideal, but we have some pretty nice Juniper boxes sitting in front of everything and it's only port 443 :)

    I am testing out forefront TMG and we may go that route in the near future...

    I think I pinned the problem down to the switch from the Starfield root to Godaddy root... what threw me off was that the iphones can use OWA properly, even though it looks like i have some intermediate cert tweaking to do.

    it would appear that apple somehow has the iphone set to read different cert stores for activesync than they do for safari!

    it also shows that they have updated their root certs for OS 4...
     
  6. pesos thread starter macrumors 6502a

    pesos

    Joined:
    Mar 30, 2006
    #6
    turns out i had done the cert properly...

    it finally dawned on me to check our DAG and see if a couple of databases had somehow failed over to the DR site - YEP! the reason my phone was working even though my colleague and I are on the same DB is that with OS 4, I have multiple exchange accounts configured so the couple that were working were on DBs that hadn't failed over :p
     
  7. Geckotek macrumors G3

    Geckotek

    Joined:
    Jul 22, 2008
    Location:
    NYC
    #7
    Ahhh...that reminds me of an article I started to read tonight:

    http://www.networkworld.com/community/node/48487?page=1

    BTW, it's not just not ideal....it's not good. Read that article I linked earlier. This isn't the same as an E2K3 FE server. The CAS servers have much more access than the E2K3 FE servers did.

    Glad to hear you got it up and running. :D
     

Share This Page