November 21, 2014

The iPhone Exchange ActiveSync Troubleshooting Guide

If all does not well and you can’t get connected, here are some things to try:

My iPhone can’t connect to my Exchange server!

  1. Check the Server name – The most common reason for an Exchange ActiveSync configuration failure is the use of an incorrect Exchange server name. See “Which Server Name Do I Enter?” for possible solutions.
  2. Clear the Domain name – That “Domain” field is not for your Internet domain. In fact, most users can leave it blank! Try that first.
  3. Try a different Domain name – If clearing the “Domain” field doesn’t help, see “What Domain Name Do I Enter?” for more ideas to try.
  4. Enable or disable SSL – The iPhone usually detects whether or not to use SSL, but it sometimes gets this wrong. You can manually enable or disable SSL from the account’s “Account Info” page under “Mail, Contacts, Calendars”.
  5. Try a different network – Some network or email administrators restrict access to the ActiveSync server to those outside the corporate firewall (it sounds weird but is actually pretty common). Try an outside Wi-Fi network or just turn off Wi-Fi and use 3G to set it up. In this case, you will not be able to access your email from inside the corporate Wi-Fi network.

My iPhone can’t send or receive email!

The most common reason that an otherwise properly-configured iPhone cannot send or receive email is the use of an incorrect Domain string. Try leaving it blank or see “What Domain Name Do I Enter?” for more ideas to try.

It only works inside/outside my company’s Wi-Fi!

Many corporate networks have different Exchange server names inside and outside the firewall. Some will even disallow access to the Exchange ActiveSync server on the internal network. This configuration will greatly complicate your iPhone use. You have two choices:

  1. Set up two different connections to your mail, one ActiveSync and another IMAP, based on what is and is not available on the internal network.
  2. Only use the outside/public configuration. Don’t use the internal network at all, or turn off Wi-Fi whenever you want to access your mail.

Neither is really a good option. A better solution is to get the email and network administrator to make everything work no matter where you happen to be connected!

Exchange ActiveSync does not work with iPhone OS 3.1 on my non-3GS iPhone!

Microsoft Exchange Server 2007 SP1 added a feature to require mobile ActiveSync devices to encrypt data, enhancing security. Before iPhone OS 3.1, all iPhones incorrectly told the Exchange server that they supported on-device encryption. This allowed all iPhone hardware to function with Exchange 2007 SP1 servers that required device encryption.

The iPhone 3GS hardware actually does support device encryption, and iPhone OS 3.1 correctly reports this capability. But iPhone OS 3.1 also correctly reports that earlier hardware (the original iPhone and the iPhone 3G) does not support device encryption, so some Exchange 2007 SP1 servers refuse to allow them to connect.

There are three possible solutions (apart from upgrading to an iPhone 3GS), all of which require IT assistance. Your Exchange administrator can research the meaning and implications of these options:

  1. Disabling device encryption allows all iPhones to connect, but does not force any Exchange ActiveSync device to encrypt data. This is not a great solution from a security perspective
  2. Allowing non-provisionable devices enables all iPhones to connect but weakens security in general, allowing each device to enforce or ignore policies.
  3. Creating a special policy for “old” iPhones and applying it selectively is probably the best answer. Administrators can allow certain users to ignore the device encryption policy but still apply it to all others. This commandlet (from Krypted) will create such a policy:
    New-ActiveSyncMailboxPolicy -Name iPhone -AllowNonProvisionableDevices $true

I can’t add another Exchange server!

Versions of iPhone software prior to iOS 4 are limited to a single Exchange ActiveSync account. iOS 4 supports multiple servers. All versions can sync email messages to any number of IMAP or POP accounts without a problem. So you can set up Gmail over IMAP or EAS, Yahoo over SMS/IMAP, your local provider over POP, a Google Apps account over IMAP or EAS, etc at the same time as your work Exchange servers without a problem.

How can I find my Exchange ActiveSync server name?

By far the biggest problem folks have encountered when trying to enable Exchange ActiveSync on the iPhone has been finding the correct server name. Exchange 2007 has an Autodiscovery service for ActiveSync devices, and the iPhone supports and attempts to use this. But it will fail for anyone using Exchange 2003 or with an admin that turned this off. If Autodiscovery fails, you have to manually enter the address. Most Exchange implementations have a variety of different servers these days, each with a unique hostname and IP address:

  • The main Exchange server, which is normally only used for internal or VPN connections to Outlook using the MAPI/RPC protocol and often has an excitingly-weird name like em22dc.yourcompany.com. This is not what you are looking for.
  • The external Exchange server for RPC over HTTPS connections from Outlook, which often has a nicer name like rpc.yourcompany.com. This is also not what you’re looking for.
  • The Outlook Web Access server used by Entourage and for accessing mail using a web browser, which is often called “owa.yourcompany.com”. Getting warmer, but still not the right one.
  • Entourage also uses an LDAP server, often called “ldap.yourcompany.com”, and might alias the OWA server as “dav.yourcompany.com”. Still not the right server for the iPhone.
  • The one you want is the ActiveSync server, sometimes called “oma.yourcompany.com” since it’s mainly used for Outlook Mobile on Windows Mobile devices.

If your techies don’t know the first thing about the iPhone, change your tactics. Ask them which hostname they enter when configuring Windows Mobile smartphones and PDAs – these are very common, and this is the server you need with the iPhone!

One more thing: You might get lucky and find that one of those other server names works for the iPhone’s ActiveSync. This does not mean you’re using DAV or OWA on the iPhone – instead it means that they set up two services on the same hostname. But I haven’t seen this myself.

How can I find my Exchange ActiveSync domain name?

It sure can be confusing when two different things have the exact same name. The part of your email address after the “@” sign is called a domain name, as is the first part of your web page URL. When setting up Exchange ActiveSync email, you may be required to enter an Exchange Domain, and this can be something else entirely!

So what should you enter in the iPhone’s “Domain” field? Here are the possibilities, in order of liklihood:

  1. Nothing – The majority of Exchange environments will automatically detect the Exchange Domain, so you should leave the “Domain” field blank on your first attempt
  2. Ask For Help – If leaving it blank doesn’t work, go ask someone in IT what your Exchange Domain is and use whatever they suggest
  3. Your Internet Domain – Many hosted Exchange environments use the company’s internet domain as the Exchange domain, so try “yourcompany.com”
  4. Part of your Internet Domain – If “yourcompany.com” doesn’t work, try just “yourcompany”
  5. Fewer Letters – The next thing to try is just the first seven or eight letters of your truncated domain name, “yourcom” instead of “yourcompany”

If blank doesn’t work and IT can’t help, you might be stuck. You can try different combinations, but trial and error doesn’t always work!

The Problem With Push

Let me start by saying that, so far, the push email experience with Exchange ActiveSync to the iPhone has been flawless for me. Amazingly, messages appear on my iPhone before they show up in Outlook on my PC, which is online with RPC over HTTPS. Whatever Apple (and Microsoft) did to enable push email certainly worked well! Perhaps a bit too well, though. After using ActiveSync push for a few days, I noticed that my battery was draining by early afternoon.

At first, I chalked this up to increased usage of the phone’s new features. But having spent the day (mostly) ignoring the phone while on vacation, I was shocked to see the battery icon turn red before dinner. Clearly something was eating my battery alive!

As an experiment, I turned off push in the iPhone’s “Mail, Contacts, Calendars” settings pane, opting for manual just to be safe. Are you surprised to learn that my battery was green all the next day? In fact, it barely used any power at all, even with 30-minute IMAP updates from Google Mail still running.

Clearly ActiveSync push is a major battery hog, and I would imagine that 3G would be even worse than the miserly EDGE in the first-generation phone! What to do? You’ve got just a few choices:

  1. Go back to IMAP fetch and lose Exchange integration (boo!)
  2. Leave push enabled but plan to charge up more often or use WiFi, which is much more battery-friendly.
  3. Switch Exchange from push to fetch, which leaves the integration intact but doesn’t guzzle the juice as quickly
  4. Switch Exchange to manual update, which is very battery-friendly

I have decided on option 3 when I’m out and about to conserve battery power, since most of my email can wait a few minutes. And if I’m low on juice, I’ll switch over to option 4. But if I’m in the office, with my most-excellent WiFi and broadband connectivity, I’m leaving push enabled.

What The iPhone Still Lacks

  1. The original iPhone will remain limited to full ActiveSync with a single Exchange server, though iOS 4 devices support multiple EAS connections.
  2. Spotlight does not include full-text search of mail messages. Although it’s nice to be able to search through everything on the iPhone, and even content on the Exchange server, you still have to remember the sender, subject, etc.
  3. Battery life is poor with Exchange ActiveSync push and the new push notifications enabled. iPhone push battery life has been a problem for quite a while.
  4. Still no notes and tasks sync (with Exchange). Although iPhone OS 3.0 does allow synchronization of notes with Apple Mail for Mac users, it does not support Exchange or Apple’s own MobileMe over-the-air services.
  5. No public folder support.

As the iPhone advances, I will keep my eyes open for enterprise Exchange ActiveSync features and post them here. Subscribe to my Apple feed for up-to-date details!