How iPhone OS 3.1 Locked Some Out Of Exchange, And How To Fix It

December 1, 2009 By Stephen Leave a Comment

Is your non-3GS iPhone locked out of your Exchange 2007 ActiveSync server after upgrading to iPhone OS 3.1? It’s a feature, not a bug! Here’s how to get older iPhones up and running with Exchange Server 2007 SP1!

What’s The Problem?

Microsoft Exchange Server 2007 SP1 added a feature to require mobile ActiveSync devices to encrypt data, enhancing security. Before iPhone OS 3.1, all iPhones incorrectly told the Exchange server that they supported on-device encryption. This allowed all iPhone hardware to function with Exchange 2007 SP1 servers that required device encryption. But original and 3G iPhones do not support device encryption, undermining corporate security policies.

The iPhone 3GS hardware actually does support device encryption, and iPhone OS 3.1 correctly reports this capability. But iPhone OS 3.1 also (correctly) reports that earlier hardware (the original iPhone and the iPhone 3G) does not support device encryption, so some Exchange 2007 SP1 servers refuse to allow them to connect. Oops!

What’s The Solution?

There are four possible solutions, three of which require IT assistance. Your Exchange administrator can research the meaning and implications of these options:

Disabling device encryption allows all iPhones to connect, but does not force any Exchange ActiveSync device to encrypt data. This is not a great solution from a security perspective, so don’t bother trying to convince IT to implement it!
Allowing non-provisionable devices enables all iPhones to connect but weakens security in general, allowing each device to enforce or ignore policies. This is a slightly better solution, since encrypting devices like the iPhone 3GS will encrypt, but it’s still not a great idea.
Creating a special policy for “old” iPhones and applying it selectively is probably more acceptable. Administrators can allow certain users to ignore the device encryption policy but still apply it to all others. This commandlet (from Krypted) will create such a policy:
New-ActiveSyncMailboxPolicy -Name iPhone -AllowNonProvisionableDevices $true
Upgrading to an iPhone 3GS is probably the best answer. IT doesn’t need to get involved (as long as you know how to configure Exchange ActiveSync) and no security policies need to be weakened to make it work.

You might also want to read these other posts...

GPS Time Rollover Failures Keep Happening (But They’re Almost Done)

This is week “1111111111” in the GPS system. Tomorrow morning it will roll over to week “0000000000”. How well will various systems handle this change? Not well, judging by what we’ve seen so far!

Ranting and Raving About the 2018 iPad Pro

I remain enthusiastic about the iPad Pro, despite getting a scratched screen and my concerns about durability. It’s a worthy successor to the original and offers enough improvements that I’d recommend the upgrade for just about anyone who uses their iPad for serious work. It’s still not yet a laptop replacement, but this is due more to a lack of desktop-class software for iOS than anything in Apple’s control.

Debit or Credit? Always Choose Credit!

December 19, 2013

“Credit of debit?”ï»¿ It’s all very confusing for American shoppers. But the news about a massive point-of-sale data theft at Target makes one thing very, very clear: Always choose “credit” when the cashier asks!

Instapaper for iPad and iPhone Enhances My Web World

June 1, 2010

One of my favorite iPad and iPhone apps is Instapaper. Like the iPad itself, Instapaper seems almost foolishly simple and derivative until you experience it. Then it becomes something else entirely: A product so useful you may ask yourself “how did I ever get along without this?”

How To Keep Your Family Activities In Sync With A Shared Google Calendar

April 18, 2010

Smartphones, computers, and iPads are proliferating in families today. Although my three kids do not (yet) have their own mobile phones, we still have quite a few devices with calendar functions: An iPhone each for me, my wife, and our au pair along with an iPad and a few computers. Using Google Calendar, we have set up an awesome shared calendar to keep all of our activities in sync. Read on for instructions!

Microsoft’s Big Chance to Change

August 23, 2013

It takes a truly-remarkable leader to be willing to kill his old golden geese to make room for a new one; so far, only Apple and Amazon seem willing to forgo continuity in the name of profitable destruction. But new corporate leadership at Microsoft might un-stick the company and awaken the once-innovative Redmond powerhouse. The retirement of Steve Ballmer is welcome news.

Ten Terrible Apple Products

June 14, 2012

I’m often accused of being an Apple fanboy. While it’s true that I love my vast selection of fruity products from Cupertino, I’m not blind when the company makes mistakes. In fact, I think Apple’s mistakes are as enlightening as their successes: They reveal a company that is fallible, sometimes learning but often allowing the junk to rot far longer than other companies would.

Storage Changes in VMware vSphere 5

July 16, 2011

Once again, VMware added a ton of new storage enhancements to vSphere. With storage rapidly becoming the limiting factor in scalability and performance of virtual machine environments, this is no surprise. Also not surprising is the fact that major features like Policy-Driven Storage and Storage DRS (along with SIOC) are exclusive to “Enterprise Plus” licenses.

The Prime Directive of Storage: Do Not Lose Data

December 12, 2014

People call on storage devices and systems to do lots of things, from accelerating I/O to copying and sharing data. But at the heart of it all, storage arrays really have just one job: Do not lose data!

The Rack Endgame: A New Storage Architecture For the Data Center

September 3, 2014

Top-of-rack flash and bottom-of-rack disk makes a ton of sense in a world of virtualized, distributed storage. It fits with enterprise paradigms yet delivers real architectural change that could “move the needle” in a way that no centralized shared storage system ever will. SAN and NAS aren’t going away immediately, but this new storage architecture will be an attractive next-generation direction!

What’s The Problem?

What’s The Solution?

You might also want to read these other posts...

Reader Interactions

Leave a Reply