Apple iPhone 3G with Microsoft Small Business Server SBS 2003
If like me you have encountered problems setting your iPhone 3G up to sync with Microsoft Exchange on SBS 2003, read on.
Judging by the posts in forums all over the Internet, many people are having problems connecting their iPhone to SBS 2003 Exchange. You may be getting a certificate error come up (due to having a self-signed certificate on your SBS 2003 server), but you accept this and the account appears to verify. However, your calendar and inbox remain defiantly empty. I managed to solve this, so check out the following steps and see if it can fix it for you.It’s important to bear in mind that Exchange is something of a behemoth, and different configurations abound. Our server is running Small Business Server 2003 with a single network card and is standard configuration from the SBS setup wizards. If you have a similar environment, your chances of success are high.
Caveat: whilst this all worked smoothly for me, I cannot guarantee this will be the case for everyone - Microsoft products can be tempremental at the best of times! So, if anything goes drastically wrong, it’s not my fault - you use these notes at your own risk.
I don’t know for sure whether the iPhone will work smoothly with the SBS 2003 self-signed SSL certificate. It may work with it, and it will probably work if you switch SSL off, but I took the decision to buy an authenticated certificate as they’re not much money. I can arrange an Equifax certificate for anyone for £50 - get in touch if you want me to do this. Or you can do it yourself. Just avoid intermediate certificate providers like GoDaddy, as these require extra configuration on the iPhone. If you are going to buy a certificate, here’s the process:
- On your SBS box, go to Start > Administrative Tools > Internet Information Services (IIS) Manager
- Expand the server tree on the left, and then the Web Sites tree
- Right click on Default Web Site and click Properties
- Click on the Directory Security tab and then click Server Certificate to start the wizard
- If you don’t have a certificate you can create one (unlikely) - if you do have one, you will have to remove it. This will kill secure connections until you replace it.
- After removing the self-signed cert, run the wizard again and create a new request - don’t choose the option to send it directly to a certificate authority.
- The wizard will create a CSR and save it in a text file. Open this text file and copy the certificate then paste it onto your chosen certificate provider’s order form. Copy the whole certificate request, but only the certificate request (extra spaces will kill it) - it should start and finish with five hyphens —–
- Order your certificate and use the same wizard to paste in the certificate sent to you by the provider - job done
The certificate alone is not enough to fix the problem. The real problem is that SBS 2003 ships with Exchange 2003 SP1, whereas iPhone requires at least Exchange 2003 SP2. So, we need to install Service Pack 2 for Exchange, but before we do this, we need to backup our information store - just to be on the safe side. Choose Start > Run and type ‘ntbackup’ (without the apostophes) then press enter. Follow the wizard.
When you are done with your backup, we need to patch Exchange. You cannot do this with Windows Update as Microsoft have not released an official Exchange 2003 SP2 for SBS 2003. However, you can download the service pack separately and apply it - it works with no problems.
Download SP2 here: http://www.microsoft.com/downloads/details.aspx?familyid=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en (link opens in a new window)
Extract the service pack to the desktop or wherever suits, and find the upgrade.exe - double click it. When the upgrade finishes, reboot the server just to be on the safe side.
Now you should be able to add the Exchange account to your iPhone. Give it a few seconds and your inbox will start filling up.
If it doesn’t, and you’re connected with WiFi to the same LAN that the server is on, it could be that your router doesn’t support loopback. Remember that you put in an external DNS name for your server address, and some routers can handle external DNS names that loop back to the same IP address. If this is the case, switch off WiFi on your iPhone (it’s in the settings) and it will connect via EDGE or 3G instead.
This might seem like a lengthy solution, but the key is really the SP2 thing. The vast majority of SBS 2003 servers out there will be Exchange 2003 SP1, which just won’t work.
Much thanks and kudos must go out to my lifelong chum and Microsoft guru Mike Southby, as he gave freely of his time to help me sort this out.
Let me know if this helps anybody else.
Thanks for blogging this. My wife just got an iPhone for her business phone and it just wasn’t talking to her SBS 2003 server.
We are still using a self-signed certificate and it’s working. So it was the Exchange 2003 SP2 that did the job for us.
David,
Thanks for the comment. Glad the article was of use, and thanks for clarifying the certificate issue - that will help a few people.
Regards,
David
We have a cert from GoDaddy. What are the steps to get that dang thing on the phone. I have read the apple docs, and they say to email it to the phone. DUH! if email was working I would have no need for this step.
chase
Chase,
Unfortunately, that is the only way to do it. You could set up a POP or IMAP account temporarily and email the cert to that. When it arrives in your inbox, and you tap the attachment, the iPhone will give you the opportunity to install the certificate. GoDaddy certs are not in the root trusted certificates on the iPhone.
Regards,
David
POP3 worked fine. I was able to “download” the cert and install it. Unfortunately that did not help, SSL and Exchange ActiveSync will NOT download email. So I configured back to POP3 and he using it that way. On a side note: just as a test, I turned off all SSL and Exchange ActiveSync worked fine. But due to our windows mobile devices working fine with SSL, I had to turn it back on. Hope this helps someone out there.
My goodness you were not joking i have been rattaling my head for days, and i went to check the service pack version sure enough i needed the update about 15 minutes after the update the phone vibrated and 5000 emails poured in all the contacts and calander. Awesome quick fix.
Thanks for the tip! I had been struggling with an empty inbox for a few weeks now and had finally given in to using imap. But the upgrade to SP2 did the trick. Thanks!
Just before I advise a client on this one, when we say Exchange we mean the whole works, email, contacts
and calendar is sync to the iPhone?
Thanks
Jamie
Yep, it all works fine.
what a star you are, spent nearly three days off and on getting mighty frustrated with the iphone and this was the problem……hooray…..for everyones info I upgraded the iphone to the latest os 2.1 and the godaddy cert i bought on special for £8.00 per year works straight off ! what a result after three days of searching….very surprised apple doesn’t have this fact on its web site or any documentation I found.
thanks phil
Happy to have been able to help Phil.
In fairness, Apple does state Exchange 2003 SP2 as a minimum requirement. I think the problem with SBS users is they probably won’t know which service pack they have, and might assume that auto update would have upgraded their system to the latest, but as there is no SP2 for SBS 2003, that won’t have happened either. Most users would then not automatically assume that they could manually install the service pack for the full version of Exchange.
More documentation would help, but it’s not an Apple problem really. Let’s hope everyone finds this page.
The more people that comment their experiences, the higher the Google rank of the page, and the more people that will be helped.
You are a star. Great page, thx, you saved my weekend.
I’m trying to get this working for someone else so I don’t actually have the iphone handy. I’ve tried to setup the SBS exchange server with the exception of using an self generated cert since I only want it internal for the moment.
Is there any way of testing connectivity to ascertain if the problem is the SBS server or the iphone?
Thanks for your help
Angelo,
If you have installed the service pack as above, it will work. The problem is almost always SBS, not the iPhone. Others have reported success with self-signed certs, so it really just is the service pack issue.
Regards,
David
Thanks David,
I’ve taken a step back and realised that the issue is probably related to the fact that the actual mail domain is externally hosted. Our exchange server is only virtually handling the domain.
So I think the iphone is trying to access the activesync services on the external host and there “ain’t nothing there”, so to speak.
I’ll have to set up another domain that points to our internal server and create a mail alias using that.
I have now had to try and setup two iPhones with SBS 2003 that were running Exchange 2003 SP2 but have found that with the self signed certificate from SBS included in the .mobileconfig file the phones still have not wanted to sync. On the second setup I had to turn off SSL under IIS and then they worked. It should not be like this as both systems have Windows Smartphones working over SSL so why does the iPhone not want to work. It would be alot easier if the iPhone gave a more detailed error message to say why it cannot connect. Overall I am not impressed so far.
David,
I am another frustrated iphone 3g user who is desperately trying to sync his work outlook calender and email…having spoke with our IT guy, i am told we use microsoft SBS with SP2 - what we dont have is a 3rd party licence which i am told is what is needed to allow the syncing to take place.
He is understandably reluctant to use dodgy certificates etc he normally uses companies such as Verisign who i understand charge £500….i dont have this sort of cash, so would like to enquire about the certificate service you offer? Can you give me some details?
Thanks,
Alan
Alan,
I buy certificates from GeoTrust that are secured by Equifax. These work fine with iPhone and all web browsers. The cost is £39 + VAT per year.
Your IT guy will need to generate a certificate request on his server, and send this to me by email, at which point I will turn the certificate around, usually within 15 minutes. He will need to phone me on 01935 426958 when he intends to do this, as it needs to be done quickly. SBS does not allow more than one certificate, and does not allow you to generate a new request without removing the self-signed certificate that is in place. Removing the existing cert will cause all remote services (e.g. Outlook Anywhere webmail) to fail temporarily.
Alternatively, you can deal direct with www.geotrust.com, but you will pay a lot more.
Regards,
David
David,
Bingo!!! I installed Exchange 2003 SP2 and emails started pouring into my iPhone. Thank You!!!
Greg
David & all,
I could not sync the iPhone to SBS 2003 R2 prior to the steps below:
Installed MS Exchange SP2 (thanks David).
Extracted the SBS self generated certificate from IIS.
Imported the SBS self generated certificate onto the iPhone.
Set up the iPhone Exchange account settings (I had to ensure the Exchange Account domain setting was FQDN)
All works beautifully.
Thanks again.
Raphael
I have inherited administration of an SBS 2003 Server that I need to hook several iPhones up to. My problem is that the users are all hosting their email on another server on the internet ( mail.their-domain-name.com), and they have pop accounts setup on each users outlook, in addition to their Exchange account. Of course, they POP their email from the internet mailserver and it goes into their exchange mailbox and seems to work fine for them. My question is, can I stilll sync the iPhone to an exchagne server that doesn’t have an internet presence? I can use the SBS OWA and RWW via their IP address, but I didn’t know if that would work on the iPhone. I could setup a subdomain (i.e. exchange.their-domain-name.com ) that would point to the IP address of the router and forward the appropriate ports to the exchange server, but I didn’t know if it wold work with the iPhone. The comments here seem to be people that have their SBS server hosting all of their mail. Any (helpful) comments?
Steve,
If you set up the sub-domain and the port forwarding, and follow the instructions above, it should work fine.
Regards,
David
If Exchange says it is SP2 (in Exchange System Manager) can we trust it? We have a standard SBS 2003 server here. I’m the admin by default, but much more experienced in Linux servers.
We have never been able to get the iPhone to sync using the “Exchange” account type while using IMAP is flaky (it does work for email but not really for contacts and calendars). The iPhone always says “Cannot Get Mail The connection to the server failed.” no matter if using SSL or not, or using LAN or 3G. I even tried putting the IP address directly in (both the 192.168 IP and our external IP).
I can use OWA from Safari on it, so that connection is working. I can’t find any troubleshooting guides anywhere that work! I’ve probably spent about 20 hours over the last few months trying to figure this out. The boss is getting annoyed, and has been using his me.com account instead, but that has its own problems.
I think I got it working. I randomly found a comment on some blog about turning off SSL in IIS the ExchWeb virtual server. Then I looked at the iPhone and it had a message about setting a passcode. I set one and then it downloaded all the email!
And now it’s broken again with the same error message after he tried switching to 3G mode…
Thanks David,
This was a lifesaver. Who would have thought that Microsoft wouldn’t pust SP2 to SBS2003? Applied SP2 and everything works great now!
Finally, finally got my first gen iphone to work properly with exchange for work email. I’ve tried most of the other solutions suggested by all these forum threads trying to address this issue. Hopefully, this will help some of you who have been frustrated by your iphone’s inability to access work email! No server adjustments required!
My iphone exchange situation: calendar exchange worked, could send emails and see all my inbox folders but received “failed to connect to server” message when retrieving emails.
I have many folders in my email exchange inbox and many rules setup (e.g. if email from John Doe comes in move to John Doe folder).
First, I deleted my exchange account on the iphone so I could start from scratch. Then in Outlook, I had to move all emails from my inbox folder to another folder. I guess this somehow clears the pipes for the iphone/exchange communication to work.
Second, I recreated the exchange account on the iphone. Calendar sync worked like before. I sent a test email to myself using Outlook. Miraculously, the iphone retrieved it! In my previous 50 or so attempts this never worked.
But then I noticed when I tried to go into one of the folders where a rule was applied (e.g. move email to this folder if sent from John Doe) it would not retrieve email and I got the usual annoying “failed to connect to server” error message. I suspect you need to remove all rules created before setting up your iphone exchange account and then recreate the rules. So far, this has worked.
My co-workers (with 1st gen and 3g iphones) have applied these same steps with positive results. Hope this helps some of you who can’t easily adjust your company’s exchange server settings or can’t get the IT folks to do it because they don’t officially support the iphone. Enjoy!
The President and VP of my company both traded their Windows Mobile smart phones in for iPhones. All of the other smart phones in use have no problem connecting via ActiveSync. We have had Exch SP2, and we even went as far as purchasing an SSL cert, which is installed on the ISA webproxy. When putting the account information in on the iPhones they get an “Account Verification Failed” message every time. Using the iphone config tool it displays a message saying, “Error Domain=DAErrorDomain Code=0 ‘Operation could not be completed. (DAErrorDomain Error 0.)” in the iPhone log. I have tried all kinds of things including disabling forms-based authentication and have had no luck.
I can get my iphone to sync with SBS 2003 wirelessly when I point it to the servers LAN IP address while connect to our LAN wirelessly. I cannot get it to work outside of the LAN. We have webmail set up through SBS 2003 and that works fine, but no active sync outside of the LAN………..
any ideas?