If like me you have encountered problems setting your iPhone 3G up to sync with Microsoft Exchange on SBS 2003, read on.
Judging by the posts in forums all over the Internet, many people are having problems connecting their iPhone to SBS 2003 Exchange. You may be getting a certificate error come up (due to having a self-signed certificate on your SBS 2003 server), but you accept this and the account appears to verify. However, your calendar and inbox remain defiantly empty. I managed to solve this, so check out the following steps and see if it can fix it for you.It’s important to bear in mind that Exchange is something of a behemoth, and different configurations abound. Our server is running Small Business Server 2003 with a single network card and is standard configuration from the SBS setup wizards. If you have a similar environment, your chances of success are high.
Caveat: whilst this all worked smoothly for me, I cannot guarantee this will be the case for everyone – Microsoft products can be tempremental at the best of times! So, if anything goes drastically wrong, it’s not my fault – you use these notes at your own risk.
I don’t know for sure whether the iPhone will work smoothly with the SBS 2003 self-signed SSL certificate. It may work with it, and it will probably work if you switch SSL off, but I took the decision to buy an authenticated certificate as they’re not much money. I can arrange an Equifax certificate for anyone for £50 – get in touch if you want me to do this. Or you can do it yourself. Just avoid intermediate certificate providers like GoDaddy, as these require extra configuration on the iPhone. If you are going to buy a certificate, here’s the process:
- On your SBS box, go to Start > Administrative Tools > Internet Information Services (IIS) Manager
- Expand the server tree on the left, and then the Web Sites tree
- Right click on Default Web Site and click Properties
- Click on the Directory Security tab and then click Server Certificate to start the wizard
- If you don’t have a certificate you can create one (unlikely) – if you do have one, you will have to remove it. This will kill secure connections until you replace it.
- After removing the self-signed cert, run the wizard again and create a new request – don’t choose the option to send it directly to a certificate authority.
- The wizard will create a CSR and save it in a text file. Open this text file and copy the certificate then paste it onto your chosen certificate provider’s order form. Copy the whole certificate request, but only the certificate request (extra spaces will kill it) – it should start and finish with five hyphens —–
- Order your certificate and use the same wizard to paste in the certificate sent to you by the provider – job done
The certificate alone is not enough to fix the problem. The real problem is that SBS 2003 ships with Exchange 2003 SP1, whereas iPhone requires at least Exchange 2003 SP2. So, we need to install Service Pack 2 for Exchange, but before we do this, we need to backup our information store – just to be on the safe side. Choose Start > Run and type ‘ntbackup’ (without the apostophes) then press enter. Follow the wizard.
When you are done with your backup, we need to patch Exchange. You cannot do this with Windows Update as Microsoft have not released an official Exchange 2003 SP2 for SBS 2003. However, you can download the service pack separately and apply it – it works with no problems.
Download SP2 here: http://www.microsoft.com/downloads/details.aspx?familyid=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en (link opens in a new window)
Extract the service pack to the desktop or wherever suits, and find the upgrade.exe – double click it. When the upgrade finishes, reboot the server just to be on the safe side.
Now you should be able to add the Exchange account to your iPhone. Give it a few seconds and your inbox will start filling up.
If it doesn’t, and you’re connected with WiFi to the same LAN that the server is on, it could be that your router doesn’t support loopback. Remember that you put in an external DNS name for your server address, and some routers can handle external DNS names that loop back to the same IP address. If this is the case, switch off WiFi on your iPhone (it’s in the settings) and it will connect via EDGE or 3G instead.
This might seem like a lengthy solution, but the key is really the SP2 thing. The vast majority of SBS 2003 servers out there will be Exchange 2003 SP1, which just won’t work.
Much thanks and kudos must go out to my lifelong chum and Microsoft guru Mike Southby, as he gave freely of his time to help me sort this out.
Let me know if this helps anybody else.
Thanks for blogging this. My wife just got an iPhone for her business phone and it just wasn’t talking to her SBS 2003 server.
We are still using a self-signed certificate and it’s working. So it was the Exchange 2003 SP2 that did the job for us.
David,
Thanks for the comment. Glad the article was of use, and thanks for clarifying the certificate issue – that will help a few people.
Regards,
David
We have a cert from GoDaddy. What are the steps to get that dang thing on the phone. I have read the apple docs, and they say to email it to the phone. DUH! if email was working I would have no need for this step.
chase
Chase,
Unfortunately, that is the only way to do it. You could set up a POP or IMAP account temporarily and email the cert to that. When it arrives in your inbox, and you tap the attachment, the iPhone will give you the opportunity to install the certificate. GoDaddy certs are not in the root trusted certificates on the iPhone.
Regards,
David
POP3 worked fine. I was able to “download” the cert and install it. Unfortunately that did not help, SSL and Exchange ActiveSync will NOT download email. So I configured back to POP3 and he using it that way. On a side note: just as a test, I turned off all SSL and Exchange ActiveSync worked fine. But due to our windows mobile devices working fine with SSL, I had to turn it back on. Hope this helps someone out there.
My goodness you were not joking i have been rattaling my head for days, and i went to check the service pack version sure enough i needed the update about 15 minutes after the update the phone vibrated and 5000 emails poured in all the contacts and calander. Awesome quick fix.
Thanks for the tip! I had been struggling with an empty inbox for a few weeks now and had finally given in to using imap. But the upgrade to SP2 did the trick. Thanks!
Just before I advise a client on this one, when we say Exchange we mean the whole works, email, contacts
and calendar is sync to the iPhone?
Thanks
Jamie
Yep, it all works fine.
what a star you are, spent nearly three days off and on getting mighty frustrated with the iphone and this was the problem……hooray…..for everyones info I upgraded the iphone to the latest os 2.1 and the godaddy cert i bought on special for £8.00 per year works straight off ! what a result after three days of searching….very surprised apple doesn’t have this fact on its web site or any documentation I found.
thanks phil
Happy to have been able to help Phil.
In fairness, Apple does state Exchange 2003 SP2 as a minimum requirement. I think the problem with SBS users is they probably won’t know which service pack they have, and might assume that auto update would have upgraded their system to the latest, but as there is no SP2 for SBS 2003, that won’t have happened either. Most users would then not automatically assume that they could manually install the service pack for the full version of Exchange.
More documentation would help, but it’s not an Apple problem really. Let’s hope everyone finds this page.
The more people that comment their experiences, the higher the Google rank of the page, and the more people that will be helped.
You are a star. Great page, thx, you saved my weekend.
I’m trying to get this working for someone else so I don’t actually have the iphone handy. I’ve tried to setup the SBS exchange server with the exception of using an self generated cert since I only want it internal for the moment.
Is there any way of testing connectivity to ascertain if the problem is the SBS server or the iphone?
Thanks for your help
Angelo,
If you have installed the service pack as above, it will work. The problem is almost always SBS, not the iPhone. Others have reported success with self-signed certs, so it really just is the service pack issue.
Regards,
David
Thanks David,
I’ve taken a step back and realised that the issue is probably related to the fact that the actual mail domain is externally hosted. Our exchange server is only virtually handling the domain.
So I think the iphone is trying to access the activesync services on the external host and there “ain’t nothing there”, so to speak.
I’ll have to set up another domain that points to our internal server and create a mail alias using that.
I have now had to try and setup two iPhones with SBS 2003 that were running Exchange 2003 SP2 but have found that with the self signed certificate from SBS included in the .mobileconfig file the phones still have not wanted to sync. On the second setup I had to turn off SSL under IIS and then they worked. It should not be like this as both systems have Windows Smartphones working over SSL so why does the iPhone not want to work. It would be alot easier if the iPhone gave a more detailed error message to say why it cannot connect. Overall I am not impressed so far.
David,
I am another frustrated iphone 3g user who is desperately trying to sync his work outlook calender and email…having spoke with our IT guy, i am told we use microsoft SBS with SP2 – what we dont have is a 3rd party licence which i am told is what is needed to allow the syncing to take place.
He is understandably reluctant to use dodgy certificates etc he normally uses companies such as Verisign who i understand charge £500….i dont have this sort of cash, so would like to enquire about the certificate service you offer? Can you give me some details?
Thanks,
Alan
Alan,
I buy certificates from GeoTrust that are secured by Equifax. These work fine with iPhone and all web browsers. The cost is £39 + VAT per year.
Your IT guy will need to generate a certificate request on his server, and send this to me by email, at which point I will turn the certificate around, usually within 15 minutes. He will need to phone me on 01935 426958 when he intends to do this, as it needs to be done quickly. SBS does not allow more than one certificate, and does not allow you to generate a new request without removing the self-signed certificate that is in place. Removing the existing cert will cause all remote services (e.g. Outlook Anywhere webmail) to fail temporarily.
Alternatively, you can deal direct with http://www.geotrust.com, but you will pay a lot more.
Regards,
David
David,
Bingo!!! I installed Exchange 2003 SP2 and emails started pouring into my iPhone. Thank You!!!
Greg
David & all,
I could not sync the iPhone to SBS 2003 R2 prior to the steps below:
Installed MS Exchange SP2 (thanks David).
Extracted the SBS self generated certificate from IIS.
Imported the SBS self generated certificate onto the iPhone.
Set up the iPhone Exchange account settings (I had to ensure the Exchange Account domain setting was FQDN)
All works beautifully.
Thanks again.
Raphael
I have inherited administration of an SBS 2003 Server that I need to hook several iPhones up to. My problem is that the users are all hosting their email on another server on the internet ( mail.their-domain-name.com), and they have pop accounts setup on each users outlook, in addition to their Exchange account. Of course, they POP their email from the internet mailserver and it goes into their exchange mailbox and seems to work fine for them. My question is, can I stilll sync the iPhone to an exchagne server that doesn’t have an internet presence? I can use the SBS OWA and RWW via their IP address, but I didn’t know if that would work on the iPhone. I could setup a subdomain (i.e. exchange.their-domain-name.com ) that would point to the IP address of the router and forward the appropriate ports to the exchange server, but I didn’t know if it wold work with the iPhone. The comments here seem to be people that have their SBS server hosting all of their mail. Any (helpful) comments?
Steve,
If you set up the sub-domain and the port forwarding, and follow the instructions above, it should work fine.
Regards,
David
If Exchange says it is SP2 (in Exchange System Manager) can we trust it? We have a standard SBS 2003 server here. I’m the admin by default, but much more experienced in Linux servers.
We have never been able to get the iPhone to sync using the “Exchange” account type while using IMAP is flaky (it does work for email but not really for contacts and calendars). The iPhone always says “Cannot Get Mail The connection to the server failed.” no matter if using SSL or not, or using LAN or 3G. I even tried putting the IP address directly in (both the 192.168 IP and our external IP).
I can use OWA from Safari on it, so that connection is working. I can’t find any troubleshooting guides anywhere that work! I’ve probably spent about 20 hours over the last few months trying to figure this out. The boss is getting annoyed, and has been using his me.com account instead, but that has its own problems.
I think I got it working. I randomly found a comment on some blog about turning off SSL in IIS the ExchWeb virtual server. Then I looked at the iPhone and it had a message about setting a passcode. I set one and then it downloaded all the email!
And now it’s broken again with the same error message after he tried switching to 3G mode…
Thanks David,
This was a lifesaver. Who would have thought that Microsoft wouldn’t pust SP2 to SBS2003? Applied SP2 and everything works great now!
Finally, finally got my first gen iphone to work properly with exchange for work email. I’ve tried most of the other solutions suggested by all these forum threads trying to address this issue. Hopefully, this will help some of you who have been frustrated by your iphone’s inability to access work email! No server adjustments required!
My iphone exchange situation: calendar exchange worked, could send emails and see all my inbox folders but received “failed to connect to server” message when retrieving emails.
I have many folders in my email exchange inbox and many rules setup (e.g. if email from John Doe comes in move to John Doe folder).
First, I deleted my exchange account on the iphone so I could start from scratch. Then in Outlook, I had to move all emails from my inbox folder to another folder. I guess this somehow clears the pipes for the iphone/exchange communication to work.
Second, I recreated the exchange account on the iphone. Calendar sync worked like before. I sent a test email to myself using Outlook. Miraculously, the iphone retrieved it! In my previous 50 or so attempts this never worked.
But then I noticed when I tried to go into one of the folders where a rule was applied (e.g. move email to this folder if sent from John Doe) it would not retrieve email and I got the usual annoying “failed to connect to server” error message. I suspect you need to remove all rules created before setting up your iphone exchange account and then recreate the rules. So far, this has worked.
My co-workers (with 1st gen and 3g iphones) have applied these same steps with positive results. Hope this helps some of you who can’t easily adjust your company’s exchange server settings or can’t get the IT folks to do it because they don’t officially support the iphone. Enjoy!
The President and VP of my company both traded their Windows Mobile smart phones in for iPhones. All of the other smart phones in use have no problem connecting via ActiveSync. We have had Exch SP2, and we even went as far as purchasing an SSL cert, which is installed on the ISA webproxy. When putting the account information in on the iPhones they get an “Account Verification Failed” message every time. Using the iphone config tool it displays a message saying, “Error Domain=DAErrorDomain Code=0 ‘Operation could not be completed. (DAErrorDomain Error 0.)” in the iPhone log. I have tried all kinds of things including disabling forms-based authentication and have had no luck.
I can get my iphone to sync with SBS 2003 wirelessly when I point it to the servers LAN IP address while connect to our LAN wirelessly. I cannot get it to work outside of the LAN. We have webmail set up through SBS 2003 and that works fine, but no active sync outside of the LAN………..
any ideas?
My system claims to have SP2 installed (Exchange system Manager>server>properties>build 7638.2 SP2) and we Have a signed certificate for our mail domain (mail..com). I have verified that the OMA works without any problems an dyet I continue to get the “Cannot get mail. The connection to server failed.” message. I have also rebuilt the virtual directories as I found a blog which claims that had fixed several issues but to no avail.. Does anyone have any other suggestions. This thing is killing me.
The problem is that very few SBS installations are the same. Mine is almost completely standard, apart from a dew changes to allow sharing with OS X. I also have only one network card in our server, which did require a couple of tweaks that my friend Mike did for me. (He may be able to help on a consultancy basis, so if anyone needs help I can ask him). Other than that, it’s completely standard.
The key thing to remember is that it is rarely the iPhone at fault. If the SBS is set up right, the email will just come flying in.
I finally got mine working with some help. We ran the server wizard through it’s paces first off. Also noticed that the host domain name in the Xchange OMA & MS Active sync Virtual directories was in different formats (one was all uppercase the other all lower case). Also turned off anonymous access in both directories. Not sure which of these it was but as soon as we went thru these changes it immediately started working.
Afternoon David,
I am connecting to SBS 2K3 with a CA from Network Solutions. I can get the IPhone setup using IMAP but want to be able to sync contact and calendar with exchange. The problem I am running into is the account will verify (leading me to think it will work) but trying to connect to the mailbox I get – Cannot Get Mail Connection to the server failed. I have read numerous posts but none seem to address this issue. I’ve checked the virtual directory security and removed anonymous access as well as check windows integrated. So far….no dice. I’m hoping you know where I am going wrong…
Anyone who hates fog-lights as much as I do deserves a reply! Could you contact me about the £50 SSL certificate from Equifax? I’ve just got my new iPhone talking to SBS 2003 R2, but not over SSL, so I giess I need to try a proper cert…
David
I have SBS2003 and I am thinking of getting an iphone. Your instructions don’t faze me too much but I have an even more basic question! Which is… what can you actually do with an iphone and SBS?
I imagine that I can access exchange over wi-fi when I’m in server range. Will it see public folders (where we keep our calendars and contacts)?
What about outside in the big wide world? By what process will it access my exchange email account (I have OWA active)? Again, will it see public folders? Will the browser access sharepoint intranet?
Thanks for your help
Ian,
Lots of questions.
The iPhone will work with Exchange email, calendar and contacts. You can access your Exchange server by wi-fi. The iPhone automatically makes the fastest connection possible. If it can’t find wi-fi it will access over 3G, EDGE or GPRS. As far as I’m aware, the iPhone runs on RPC over HTTPS or HTTP, which is not the same as OWA. With RPC, you can access from anywhere where your iPhone can get connected.
The browser will access the intranet and you can probably access public folders this way, but I don’t believe the iPhone natively supports them. I don’t use public folders so I can’t be 100% sure. The browser on the iPhone is Safari and works just like a desktop computer web browser. The only thing it lacks is Flash support.
iPhone OS 3.0 will add more functionality, and this is likely to be released in July as a free upgrade to iPhone owners.
Hope that helps.
Regards,
David
I am running SBS Exch 2003 SP2 and after lots of problems setting up my new iphone have purchased an SSL and my iphone worked – Sounds great!
But- now i have tried to et up 2 other users on iphones and neither of them will work- just keep getting failed to connect to server
Any ideas?
looks like we got it sorted – it was a n exchange permissions problem
Thanks anyway for the oportunity to ask for advice
Well done Tony. Sorry – I was a bit slow on approving the first post. Unfortunately I have to moderate everything due to the idiots who think spamming my blog is acceptable.
Hi, we have set-up a sbs server with sp2 for exchange, and have tried to set-up a smartphone, but the owa uses a webmail.mydomain/exchange to open owa, but you can not put the /exchange in the phone settings. ISP will not allow to set-up a fqdn to the /exchange folder, so can not get the phone to synch or use the push email on the sbs server. Any ideas how we can set up a fqdn so the phone can use the push email ?
Mark,
iPhone uses RPC over HTTP or HTTPS which is not OWA. The /exchange bit is a red herring. Providing the FQDN before the /exchange bit is pointed at the IP address of the Exchange server, that’s all you need to enter. If that’s not working, something else is wrong.
Regards,
David
Having problems getting this going.
Have Windows 2003 sbs. Have exchange sp2.
Can connect to owa.
Using a self signed certificate.
The iphone keeps prompting me for my password once i setup the account.
I have my website hosted external and a dns record (my_exchange_server.my_domain.xx) pointing to my exchange server.
I have also tried installing the certificate on my iphone which points to my_exchange_server.my_domain.xx and it still wont work.
In my iphone settings i have:
server: my_exchange_server.my_domain.xx
domain: my_domain.xx
and my username.
Also note that my server domain is different than my external domain.
Any ideas?
got this working. Turned out i had to use my internal domain in the iphone settings.
don’t forget to open the sbs’ internal firewall for outlook mobile access.
server management console > internet and email > configure firewall. activate outlook mobile access for access from outside. leave all other settings the same.
did work for me.
First thanks for the great site. Very useful info that got me almost all the way there. A couple of things I noticed in getting our iPhones syncing.
1. We started with WiFi on our local LAN, using the following data:
- standard UserName (without domain qualification)
- domain (without extension ‘.com’ or ‘.local’)
- password
- Internal IP address for server (for some reason DNS didn’t always kick-in)
This eliminated issues with firewall/routers, and IP security on the websites.
2. When adding the exchange email account to the iPhone we specified only mail (no contacts or calendar). This may not be necessary, but once connected when you turn on calendar and contacts you get prompted to delete existing data which we did. Without going this route it APPEARED that we couldn’t get desktop sync’d iPhones to connect.
At this point we had everything syncing over WiFi and the iPhone VPN if you take the time to set that up. I don’t suggest using VPN since it is not ‘on-demand’ like it is with Windows Mobile and you’ll have to turn it back on each time you wake-up your iPhone.
To get the sync to work externally I did the following:
1. Edit the iPhone exchange account setting and change the server to the external/public address
2. In IIS on the server removed the IP access restrictions from Microsoft-Server-ActiveSync and OMA websites
3. Since we have a single NIC server setup, I opened the ports on the firewall and routed them to the server’s internal IP.
That has me up and running. I initially opened up a wide range of ports (OK, all ports) just to eliminate the problem on not opening the right port. I’m now trying to figure out specifically which port is used since opening the published ActiveSync Port 443 doesn’t work.
Anyone with an answer to that would be appreciated.
A quick correction Port 443 is the correct port if you are using an SSL certificate. Since I wanted to eliminate that variable initially, I went without the SSL setup and needed to open up port 80 on the firewall and route it to the server. Of course in doing so this opens all websites on our server to public http access, unless restricted by some other means, so I’ll be installing the SSL Certificate shortly.
Thanks very much, I have spent all day with exchange and iphone without any progress.
Thanks to your information I have updated Exchange to SP2 and it worked first time. Brilliant.
Thanks again.
I have done the R2 upgrade .. but now i cant seem to receive any emails with outlook ..
can some one help me please
All of our business iPhones work fine with a standard SBS2003 R2 with Exchange SP2 using a FQDN and 3rd party cert. All of the configs worked straight out of the box.
Almost 100% of issues that I come across with sbs are due to errors in the server network settings.
Many thanks once the SP2 was installed worked like a charm. Isn’t it amazing that Microsnot makes it hard to get their stuff to work.
Great Site
For all that are wondering, Exchange push does not require a third party certificate if you have SBS Server. The standard one generated by the SBS Installation works just fine.
Oh and by the way this is not an April fool just in case you were wondering.
This is a self-signed certificate and they do work fine, but will generate browser warnings. Mac users will find that self-signed certs cause Entourage to throw a security error and default to a non-secure port. There is often nothing wrong with this, but the irritation factor may prompt some to purchase a recognised cert.
just bought an iPhone 3G for my mom as a birthday present. she is very happy about her new iPhone..:
I have 100 domains on Godaddy and i can say that this company is very reputable.,-`
Sam,
I wasn’t disputing the reputation of GoDaddy, nor was I talking about its domain name registration services. The point I was making was that GoDaddy SSL certificates are intermediate certificates and therefore require additional configuration on the iPhone because it does not automatically trust GoDaddy as a CSA. This means a lengthy process of emailing, importing and trusting individual certificates – this process is not necessary if you buy direct from a trusted CSA.
This was certainly the case when I wrote this post anyway.
Cheers,
David
Hi Dave,
I’ve been using my iPhone (16GB Ver 3.1.3) on my SBS2003 fine for some time now but when I upgraded my sever to a faster spec still running SBS2003 I get the following error, ‘Cannot Get Mail, The connection to the server failed’
When I swop it back to the old server it works fine and as far as I know I’ve installed the new server in the same way as the old one.
Any ideas what’s wrong?
Many Thanks
Steve
Hi, i have done all upgrades to SBS without getting it to work. I have a cisco firewall infront that might block. What ports does the iPhone use? Both with and without ssl.
I hope anyone still reads this .
Regards Claes
Hi,
thats it!
The realy important thing is to install the Exchange SPs.
Many thanks
Karsten
SBS2003:
Hi – perfect – thank you – it works perfect now. I have only installed the SP2 for Exchange
This worked great thanks
I tried your solution. I used your link and updated to SP2 for Exchange and installed a new SSL certificate from Network Solutions. OWA (mail.domain.com/remote and mail.domain.com/exchange) work fine. Unfortunately, however, I still cannot set up an account to sync with Exchange on my iPhone 4. Any help would be much appreciated.
As a follow up to my earlier post (#12), the error i continue to receive on my iPhone is: “Exchange Account: Unable to verify account information.” Any thoughts. Here are the fields that I am inputting in the iPhone:
Email: name@domain.com
Server: mail.domain.com
Domain: domain.com
username: name
password: password
Am i doing something wrong?
Ken,
The domain field should contain your Windows domain name, not the URL, e.g. DOMAIN.local
Regards,
David
Thanks for responding, David.
I tried that as well. But I still get the same error. Any other suggestions?
Best,
Ken
I installed SP2 and In IIS on the server removed the IP access restrictions from Microsoft-Server-ActiveSync and OMA websites
Bingo!!! Many thanks to all that have been updating this bad boy!
Scott.