How iPhone OS 3.1 Locked Some Out Of Exchange, And How To Fix It

December 1, 2009 By Stephen Leave a Comment

Is your non-3GS iPhone locked out of your Exchange 2007 ActiveSync server after upgrading to iPhone OS 3.1? It’s a feature, not a bug! Here’s how to get older iPhones up and running with Exchange Server 2007 SP1!

What’s The Problem?

Microsoft Exchange Server 2007 SP1 added a feature to require mobile ActiveSync devices to encrypt data, enhancing security. Before iPhone OS 3.1, all iPhones incorrectly told the Exchange server that they supported on-device encryption. This allowed all iPhone hardware to function with Exchange 2007 SP1 servers that required device encryption. But original and 3G iPhones do not support device encryption, undermining corporate security policies.

The iPhone 3GS hardware actually does support device encryption, and iPhone OS 3.1 correctly reports this capability. But iPhone OS 3.1 also (correctly) reports that earlier hardware (the original iPhone and the iPhone 3G) does not support device encryption, so some Exchange 2007 SP1 servers refuse to allow them to connect. Oops!

What’s The Solution?

There are four possible solutions, three of which require IT assistance. Your Exchange administrator can research the meaning and implications of these options:

Disabling device encryption allows all iPhones to connect, but does not force any Exchange ActiveSync device to encrypt data. This is not a great solution from a security perspective, so don’t bother trying to convince IT to implement it!
Allowing non-provisionable devices enables all iPhones to connect but weakens security in general, allowing each device to enforce or ignore policies. This is a slightly better solution, since encrypting devices like the iPhone 3GS will encrypt, but it’s still not a great idea.
Creating a special policy for “old” iPhones and applying it selectively is probably more acceptable. Administrators can allow certain users to ignore the device encryption policy but still apply it to all others. This commandlet (from Krypted) will create such a policy:
New-ActiveSyncMailboxPolicy -Name iPhone -AllowNonProvisionableDevices $true
Upgrading to an iPhone 3GS is probably the best answer. IT doesn’t need to get involved (as long as you know how to configure Exchange ActiveSync) and no security policies need to be weakened to make it work.

You might also want to read these other posts...

GPS Time Rollover Failures Keep Happening (But They’re Almost Done)

This is week “1111111111” in the GPS system. Tomorrow morning it will roll over to week “0000000000”. How well will various systems handle this change? Not well, judging by what we’ve seen so far!

Ranting and Raving About the 2018 iPad Pro

I remain enthusiastic about the iPad Pro, despite getting a scratched screen and my concerns about durability. It’s a worthy successor to the original and offers enough improvements that I’d recommend the upgrade for just about anyone who uses their iPad for serious work. It’s still not yet a laptop replacement, but this is due more to a lack of desktop-class software for iOS than anything in Apple’s control.

From LAN Manager and SMB to CIFS: The Evolution of Prehistoric PC Network Protocols

March 22, 2012

Computers aren’t much good on their own. This simple fact was evident even at the dawn of the microcomputing age, and has never been more true today in the “post-PC” world. If the standard microcomputer is the “Wintel” box (Microsoft’s Windows, Intel’s CPUs, and all that implies) then the standard network services protocol is SMB. So let’s take a nice deep dive into SMB, past, present, and future!

What’s the Difference Between a Jailbroken and an Unlocked Phone?

May 5, 2012

If you’ve traveled much, you’ve probably run across â€œunlockedâ€ mobile phones and devices. If you own an Android or iPhone smart phone, you probably also heard about â€œjailbreakingâ€. It seems like lots of people are confused about these two things, so I decided to write down a quick post explaining them.

Storage Changes in VMware vSphere 5.1

September 4, 2012

As I have done since version 3.5, I’m charting the storage changes in VMware’s latest release of vSphere, 5.1. Unlike version 5, which included many new technical storage features, 5.1 mainly tweaks existing features and adds these new elements to the mix.

How Will Cisco Recover From The Consumer Strategy Blunder?

January 2, 2013

Cisco made a massive strategic blunder in the last decade, aggressively moving into consumer devices rather than focusing on their core enterprise and service provider markets. It seems that Cisco is now in the process of rectifying this mistake, but charting a path to growth is an entirely different matter!

How Fast Is It? A Storage Infographic

October 29, 2010

How fast is a hard disk drive? How about the various flavors of SATA and Fibre Channel? Check out this handy Pack Rat infographic to answer the question, “how fast is it?”

SMB 3 is Going to be Huge, in both Scope and Impact

May 6, 2012

Microsoft is about to release the third major revision to their ubiquitous network storage protocol, SMB. Windows Server 2012 and Hyper-V 3 will really highlight this technology, and I predict it will transform the way people think about networked storage for Windows systems. But SMB 3 is big in another way, too: there are tons of new features, and not all will be implemented by everyone.

A Fairy Tale of Two Storage Protocols

September 23, 2014

It’s clear how this fairy tale ends. So many companies are using “S3 plus” as their standard interface, and even inside their solutions, that it’s safe to say it’s won the cloud storage API battle. But S3 isn’t a finalized spec – the industry will extend and improve it over the coming years. Soon we’ll have a cloud storage standard based on S3, just like we have a LAN file services standard based on CIFS.

Introducing Rabbit: I Bought a Cloud!

September 10, 2020

We live in a world of cattle, not pets, and Kubernetes rules the roost. I’ve been meaning to spend some time getting up to speed on the latest but didn’t have enough hardware to make that happen until now. I recently bought a whole pile of surplus hardware so I will be able to experiment with orchestration and container platforms in the office.

What’s The Problem?

What’s The Solution?

You might also want to read these other posts...

Reader Interactions

Leave a Reply