iPhone ActiveSynch issue

One issue that keeps rearing it’s ugly head with this new exchange server is that some of my users have a difficult time getting their exchange information on their iPhone.  Whenever they set up the account, it authenticates correctly, but when an attempt to get mail is made, an error “Cannot Get Mail – The Connection to the Server Failed” is received.

This error continues to confound me despite having resolved it several times in the past.   (I keep forgetting I have encountered this before.  🙂  ) 

While there can be several causes of this issue, in my instance what is happening is that the user does not have the correct security permissions to access their own mailbox via activesync.  I needed to change the Exchange security settings by turning on  “Include inheritable permissions from this object’s parent” in the user’s security options in Active Directory Users and Computers.

So after fighting this latest one for about an hour and identifying it wasn’t a phone issue and was indeed and account issue, I remembered this little issue.  So I wanted to journal it again so when it happens to me again I won’t have to fight with it as long.  🙂

Outlook Anywhere Issue

I was having an issue with some of my users being able to connect remotely via Outlook Anywhere.  The problem seemed to be isolated to the folks that had their accounts on the “secondary” Exchange server (secondary only in the sense that it was at a remote site and not the the primary site.)  Worse yet, not only could they not connect, but the Outlook continued to prompt them for their Outlook credentials.  And even if put in correctly, it would prompt them again and again until the user finally gave up in frustration.

Being on the VPN did not seem to resolve the issue either.  Only placing their laptop/computer on the physical network resolved the issue.

The only thing that seemed to work was to take the check mark out of the “Only Connect to proxy servers that have this principal name in their certificate” in the Exchange Proxy Settings of the Outllok client.  Unfortunately, once they put the computer back on the physical network (or autodescovery took place) the checkmark was put right back in by the Exchange system.

I checked a number of posts for a solution including here, here, and here to no avail.  I checked and double checked the certificates and found nothing wrong.

Then I ran across a post that mentioned to run the following EMC command:

Set-OutlookProvider EXPR -CertPrincipalName none

So I tried it leaving the word “none” off and it still didn’t work.  Then after I read it the third time it hit me that I was actually supposed to use the work “none” as the Certificate Principal Name.  I ran that and it worked like a charm.

outlookproxy

Suddenly all my users can access Outlook Anywhere again and there is much happiness in the world!!

Hope this helps!

Offline Address Book not downloading

Okay, here’s the situation:  Exchange 2010 (new installation) migrating from Exchange 2003.  The clients are mostly on Outlook 2010 and using it in cached mode.  When new users are created, they do not show up in the Global Address book.

The first part in troubleshooting this found that the user showed up in the GAL in OWA and iPhones.  Further investigation led me to discover that when the user was taken out of cached mode in Outlook 2010 that the entries showed up correctly in the GAL.  So the problem I discoved was actually in the Offline Addess Book.

After checking numerous things like test-OutlookWebServices to see what the location of the OAB was and checking permissions on the OAB folder on the exchange server, I discovered that the web.config file in C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB was the issue.  I renamed it web.config.old and users were once again able to download the OAB in cached mode.

Ta-da!

exch1