How iPhone OS 3.1 Locked Some Out Of Exchange, And How To Fix It

December 1, 2009 by Stephen Leave a Comment

Is your non-3GS iPhone locked out of your Exchange 2007 ActiveSync server after upgrading to iPhone OS 3.1? It’s a feature, not a bug! Here’s how to get older iPhones up and running with Exchange Server 2007 SP1!

What’s The Problem?

Microsoft Exchange Server 2007 SP1 added a feature to require mobile ActiveSync devices to encrypt data, enhancing security. Before iPhone OS 3.1, all iPhones incorrectly told the Exchange server that they supported on-device encryption. This allowed all iPhone hardware to function with Exchange 2007 SP1 servers that required device encryption. But original and 3G iPhones do not support device encryption, undermining corporate security policies.

The iPhone 3GS hardware actually does support device encryption, and iPhone OS 3.1 correctly reports this capability. But iPhone OS 3.1 also (correctly) reports that earlier hardware (the original iPhone and the iPhone 3G) does not support device encryption, so some Exchange 2007 SP1 servers refuse to allow them to connect. Oops!

What’s The Solution?

There are four possible solutions, three of which require IT assistance. Your Exchange administrator can research the meaning and implications of these options:

Disabling device encryption allows all iPhones to connect, but does not force any Exchange ActiveSync device to encrypt data. This is not a great solution from a security perspective, so don’t bother trying to convince IT to implement it!
Allowing non-provisionable devices enables all iPhones to connect but weakens security in general, allowing each device to enforce or ignore policies. This is a slightly better solution, since encrypting devices like the iPhone 3GS will encrypt, but it’s still not a great idea.
Creating a special policy for “old” iPhones and applying it selectively is probably more acceptable. Administrators can allow certain users to ignore the device encryption policy but still apply it to all others. This commandlet (from Krypted) will create such a policy:
New-ActiveSyncMailboxPolicy -Name iPhone -AllowNonProvisionableDevices $true
Upgrading to an iPhone 3GS is probably the best answer. IT doesn’t need to get involved (as long as you know how to configure Exchange ActiveSync) and no security policies need to be weakened to make it work.

You might also want to read these other posts...

GPS Time Rollover Failures Keep Happening (But They’re Almost Done)

This is week “1111111111” in the GPS system. Tomorrow morning it will roll over to week “0000000000”. How well will various systems handle this change? Not well, judging by what we’ve seen so far!

Ranting and Raving About the 2018 iPad Pro

I remain enthusiastic about the iPad Pro, despite getting a scratched screen and my concerns about durability. It’s a worthy successor to the original and offers enough improvements that I’d recommend the upgrade for just about anyone who uses their iPad for serious work. It’s still not yet a laptop replacement, but this is due more to a lack of desktop-class software for iOS than anything in Apple’s control.

Storage Changes in VMware vSphere 5

July 16, 2011

Once again, VMware added a ton of new storage enhancements to vSphere. With storage rapidly becoming the limiting factor in scalability and performance of virtual machine environments, this is no surprise. Also not surprising is the fact that major features like Policy-Driven Storage and Storage DRS (along with SIOC) are exclusive to “Enterprise Plus” licenses.

What’s the Difference Between a Jailbroken and an Unlocked Phone?

May 5, 2012

If you’ve traveled much, you’ve probably run across â€œunlockedâ€ mobile phones and devices. If you own an Android or iPhone smart phone, you probably also heard about â€œjailbreakingâ€. It seems like lots of people are confused about these two things, so I decided to write down a quick post explaining them.

The Rack Endgame: Converged Infrastructure and Disaggregation

September 19, 2014

As Iâ€™ve written about what Iâ€™m calling the â€œRack Endgameâ€, the specter of converged infrastructure hasnâ€™t been far from my thoughts. As others have pointed out, disaggregation of servers, networks, and storage doesnâ€™t require a rack-sized stack; it can exist in a rack-mountable chassis and is already on sale!

My 2012 Project: Improving Energy Efficiency

January 3, 2012

I am in the process of upgrading my own home to make it more energy efficient. I do this mainly as an exercise of faith and science, since my electric and gas bills are not currently all that expensive. But I just can’t countenance burning 10 times more electricity than I need to, even if I can afford it. It’s also an exercise in geekiness, since today’s lighting alternatives and appliances have an undeniable techno-cool factor about them.

The Ideal pfSense Platform: Netgate RCC-VE 2440

September 21, 2015

After some frustration with stability and latency connecting my virtual pfSense router to my cable and DSL modems, I decided to switch to a physical box. I selected the Netgate RCC-VE 2440 as my hardware platform, since it’s the same box that pfSense themselves use as their OEM bundle. It also checks all the boxes with a dual-core Atom CPU, four Gigabit Ethernet ports, and low-power fanless design. Here’s my first impression and installation notes!

The iPhone Revolution 10 Years Later

January 9, 2017

10 years ago today, Steve Jobs introduced the iPhone, perhaps the most revolutionary technological product in history. There have been many important products introduced before and since, but nothing else was as groundbreaking as the iPhone. Watching the introduction, it’s amazing to see just how many things were introduced that day that have become integral to daily life today.

Review: American Standard’s Champion 4 Toilet Flushes Almost Anything

July 31, 2012

Although most crappers are crap, plumbing companies like American Standard are hard at work innovating to eliminate the excrement. The current champion is fittingly called the Champion 4, and I have purchased, installed, and tested two examples of the type. The Champion is engineered to reduce the most common causes of clogs, and it has proved effective and “hands-off” in my real-world testing.

It’s Fine To Mount Hard Drives On Their Side Or Even Upside-Down

August 13, 2016

Have you ever wondered if mounting a hard disk drive on its side or even upside-down affects its lifespan or reliability? According to every drive manufacturer, it’s perfectly acceptable to mount a hard disk drive in any orientation as long as it’s not tilted and has sufficient cooling.

What’s The Problem?

What’s The Solution?

You might also want to read these other posts...

Reader Interactions

Leave a Reply