Exchange 2013 SP1

Motorola MOTO X android phone

I have built the exchange server and can get both internal outlook client and external OWA to the  exchange mailbox

Internal mydomain\longsfi001

external john.lenz@mydomain.com

I have setup android before to access exchange mailbox.  

Here is what happens on the Android when I try to add corporate account via setup:

Domain\Username: mydomain\longsfi001

Password: AD logon password

server: mail.mydomain.com

Port: 443

Security type: SSL/TLS (Accept all certificates)

It goes to validating server settings and returns "Couldn't Finish" ; Can't connect to server

I went to exchange on web via OWA (https:\\mail.mydomain.com\owa) and put in same credentials. It successfully logged on. What do I have to do for the Android (this is the last step in the deployment).

Thanks

Go to this site and test your connection.  Select the Active Sync test, post your results:

https://testconnectivity.microsoft.com/

Did test with active synch and autodiscover. All green except below:

Analyzing the certificate chains for compatibility problems with versions of Windows.
	Potential compatibility problems were identified with some versions of Windows.
	Additional Details   The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled. Elapsed Time: 4 ms.

I use WSUS, how do i resolve?

Thanks

Did you get an SSL error when you went to https:\\mail.mydomain.com\owa ?

Also, does your 3rd party certificate contain autodiscover.mydomain.com ?

No SSL error when using Chrome to access https:\\mail.mydomain.com\owa.

Godaddy certificate has gollowing names:

Mail.mydomain.com

owa.mydomain.com

mydomain.com

autodiscover.mydomain.com

Why does it say can't connect to server? Is it a certificate issue on the phone since it has not been downloaded yet?

Are you using Touchdown or some other app to connect?

I would make sure your phone has all software updates applied, then check the following:

• From a home screen, select Apps (located at the bottom).
• From the APPS tab, select Settings.
• From the ACCOUNTS section, select Add account.
• Select Corporate.
• Enter the appropriate Email address and Password then select Next (located in the lower-right).
• Enter the appropriate information into the following fields:
  • Domain\Username
  • Password
  • Server
• Ensure the following settings are configured as appropriate then select Next:
  Enabled when a check mark is present.
  • Use secure connection (SSL)
  • Accept all SSL certificates

Also make sure you have Active Sync enabled.  And have you tried with another phone to see if they can connect?

Enable or disable Exchange ActiveSync for a mailbox

https://technet.microsoft.com/en-us/library/bb124809(v=exchg.150).aspx

Exchange 2013 Client Access server configuration

https://technet.microsoft.com/en-us/library/hh529912(v=exchg.150).aspx

Mike

I have done the above process multiple times (both WiFi and cellular network connection). Same result; can't connect to server. I was on the phone with Verizon tech level 2 and they suggested that their Android client is not robust enough for Exchange 2013. They mentioned Touchdown. I installed it and tried ActiveSynch option, it failed. I tried again with ActiveSynch and Exchange 2010 option and I got connected.

I think Exchange 2013SP1 is bleeding edge with respect to Android.

I'll work TouchDown for a few days to see if it really works.

One final thought, what ports does ActiveSynch need open to the server?

Mike,

ActiveSynch is setup in Exchange for both external & internal URLs. I tried on a different Android. Still did not connect but I got a different msg: The server responded with an error. Check your username and password and try again. I verified user name & password were correct. still got error. 

John,

  May help to make sure your Exchange environment is fully patched to the latest SP and roll up:

https://technet.microsoft.com/en-us/library/jj907309(v=exchg.150).aspx

I have gone to CU7 patch level with same result. Server validation works, if I have the logon or password wrong, it catches it. The error message says "can't connect to server" which means to me some ports are not set?

Also I re-ran test connectivity and get this error set:

Attempting each method of contacting the Autodiscover service.
	The Autodiscover service couldn't be contacted successfully by any method.
	Additional Details   Elapsed Time: 11516 ms.
	Test Steps   Attempting to test potential Autodiscover URL https://longsoho.com:443/Autodiscover/Autodiscover.xml   Testing of this potential Autodiscover URL failed. All the certificate tests are green. How to I verify autodiscover is working?

run the following command and post the results:

get-autodiscovervirtualdirectory | fl

Here it is:

[PS] C:\Windows\system32>get-autodiscovervirtualdirectory | fl

RunspaceId                      : 400cd9c2-f6d9-4c68-9409-f823295a1d9a
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication   : False
WSSecurityAuthentication        : True
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
OAuthAuthentication             : True
AdfsAuthentication              : False
MetabasePath                    : IIS://LongExc2013.longsoho.local/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
AdminDisplayVersion             : Version 15.0 (Build 1044.25)
Server                          : LONGEXC2013
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web
                                  Site),CN=HTTP,CN=Protocols,CN=LONGEXC2013,CN=Servers,CN=Exchange Administrative
                                  Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=LongSOHO,CN=Microsoft
                                  Exchange,CN=Services,CN=Configuration,DC=longsoho,DC=local
Identity                        : LONGEXC2013\Autodiscover (Default Web Site)
Guid                            : 1929263f-02ca-4730-9ce1-67411fe1fa26
ObjectCategory                  : longsoho.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 1/12/2015 3:49:03 PM
WhenCreated                     : 1/12/2015 3:49:03 PM
WhenChangedUTC                  : 1/12/2015 9:49:03 PM
WhenCreatedUTC                  : 1/12/2015 9:49:03 PM
OrganizationId                  :
Id                              : LONGEXC2013\Autodiscover (Default Web Site)
OriginatingServer               : long2008.longsoho.local
IsValid                         : True
ObjectState                     : Changed

*****

Originating server is domain controller Long2008???

Sorry for the size of this message. I found residual SBS2008 exchange service entry in DNS records. I removed it and re-ran connectivity test. It fails below. I tried to trace to the "how to solve this" but it was back levels of exchange. All other areas are "Green"

An ActiveSync session is being attempted with the server.
	Errors were encountered while testing the Exchange ActiveSync session.
	Additional Details   Elapsed Time: 20761 ms.
	Test Steps   Attempting to send the OPTIONS command to the server.   The OPTIONS response was successfully received and is valid.   Additional Details   HTTP Response Headers: Allow: OPTIONS,POST request-id: 74947a4e-6eb7-483e-b30e-b209e747b82b X-CalculatedBETarget: longexc2013.longsoho.local MS-Server-ActiveSync: 15.0 MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1 MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert Public: OPTIONS,POST X-MS-BackOffDuration: L/-470 X-DiagInfo: LONGEXC2013 X-BEServer: LONGEXC2013 Cache-Control: private Content-Type: application/vnd.ms-sync.wbxml Set-Cookie: ClientId=KYNZXVBMUMKRTTOXEKBW; expires=Sat, 13-Feb-2016 19:27:26 GMT; path=/; HttpOnly,X-BackEndCookie=S-1-5-21-2326041243-79130479-1692319487-1156=u56Lnp2ejJqByJqdxpmczsfSxsqZytLLm57L0secnJvSzZvHnsiemcrOnMrPgYHNz87K0s/M0s7Kq87Gxc3Ixc3J; expires=Mon, 16-Mar-2015 00:27:26 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-FEServer: LONGEXC2013 Date: Fri, 13 Feb 2015 19:27:26 GMT Content-Length: 0 Elapsed Time: 177 ms. Attempting the FolderSync command on the Exchange ActiveSync session.   The test of the FolderSync command failed.    <label for="testSelectWizard_ctl12_ctl06_ctl07_ctl01_tmmArrow">Tell me more about this issue and how to resolve it</label>   Additional Details   Exchange ActiveSync returned an HTTP 500 response (Internal Server Error). HTTP Response Headers: request-id: f5cdd802-48be-452e-8f09-3cc100fa8efc X-CalculatedBETarget: longexc2013.longsoho.local MS-Server-ActiveSync: 15.0 X-MS-RP: 2.0,2.1,2.5,12.0,12.1,14.0,14.1 MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1 MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert X-MS-BackOffDuration: L/-470 X-MS-Diagnostics: &Log=PrxFrom:fe80%3a%3a2cdc%3a7c98%3a2b4b%3a9ed9%2512_V120_HH:mail.longsoho.com_SmtpAdrs:John.Lenz%40longsoho.com_NMS1_Ssnf:T_St:F_Sk0_Srv:48a0c0d0s0e0r0A0sd_Ers1_Cpo16827_Fet20016_ExStk:H4sIAAAAAAAEAOVWW2%2fbNhR%2bL7D%2fcB5dQBFsZx0GowigWk5nYI4Dy90ePZo8trjQpEZSgbVfv0PLkpw2TRq3A3bRCw%2bpc%2fnOlZxJbo0zGx9P9jxneotxIm1Wad6st2h3TKP2xICFl0bDxcXFFcw%2blUyZZ3EqLXJvbBUn6bxAy4JIKzuChHt5j9CygWmYYMOkQgFEKaO3w37%2fxzgQzuSGCM5UDMtcOkBrjQUitPFg0VvJ1gpjSISQQRFTIPXGEO7GJEfngoBALVHE3706ohAtCouuMNrhCPr192YEGfKJtSNIs2l60b8cvBn%2bMBhGUFhD5nbwfb9%2fCb3pTfbh%2bnqVjMeTLFstpu9%2fWmavIxAUC%2bi%2fqmOVVc7jrgtNhvZeEqb41hpvuFGu%2b%2fdYzJY5QunQQs7IDe3KzUZySTkBVrtm5Tb3jvwCAOa%2fxN7PghVjozUxkImYSOdtyf3iGIfeVPvLIexIO9viVEQQJFpwXdYiIJFS%2bUSpEESillWBESzlDrOCaTr8o0Tnw35e%2bgjeGaOQzrHxb66P%2f16fjz9DLRa1oV4rdjxoEDyOyZzYfb6mbwN4cZbxh%2fFTp7sIbkqlQhH%2fNgCuQmYzKTBDZnl%2bBBnB9FC00lcZp%2bhT6k92EWTUBnoL1CUK7ZTK%2fwVeJWk4yCjXwZ3JHnnpcWaEpDI7AGy8o5Ze%2f05CQAhtFcHnvW04p9TPVJ2SmjIUUZv8XeGrmuNodt4VfMcmXRhBtSfUSTDRpG5DLaCpGdoCAucZvwNvGcfAdq7jCYGs%2fsT29yTMmd5jKQfekk8FodPUQhWUqrq1vPFMLcL0Qtec2Xo716Hi0f7XUvhv9ORs5Bm7xw4jTW3PNMelCeeU74kud9T%2bdc%2fTlUKzwB8qoUG1rgrm3C9MScGeA9Le2WmKYVLOmKapbeO3V3y1SqUrFKvGitQNh%2fHbsUXmsb4Bg1QtQsXtmaS%2bulqvVgPsvcjvG%2bPb9CTUKZ5sL0p98gLondDAxMno6yq%2fGptSPzmNP%2bfnMy71mpgerEw314eHxjccK38DrnMMzcyaFNR%2feu%2bVWVOd000A25aMYLKn7GG4VMCRpowySBoO8uRzOO9KkOfI766NnbF9rfSkPB9AjmBG69rsj8UPuwfbf7ZHXw19bHb0RBbxh0KEbKdPwX2JPloLhf7ofv2KpRdQWOiqf7JDP1b1q7F3aJc5BUUEQXoBP%2fI6H4z%2bX6%2fzvwDktK5o%2fgwAAA%3d%3d_S111_Error:ADOperationException1%3aActive+Directory+operation+failed+on+long2008.longsoho.local.+This+error+is+not+retriable.+Additional+information%3a+Access+is+denied.%0d%0aActive+directory+response%3a+00000005%3a+SecErr%3a+DSID-03152612%2c+problem+4003+(INSUFF%5FACCESS%5FRIGHTS)%2c+data+0%0a_Uuhp:T_Mbx:LongExc2013.longsoho.local_Dc:long2008.longsoho.local_Throttle0_SBkOffD:L%2f-470_DBL7_DBS1_CmdHC-1477255686_TmRcv19:27:27.0631445_TmSt19:27:27.0631445_TmDASt19:27:29.7038982_TmPolSt19:27:29.7038982_TmExSt19:27:29.7038982_TmExFin19:27:30.2195467_TmFin19:27:30.2351757_TmCmpl19:27:47.0797856_ActivityContextData:ActivityID%3df5cdd802-48be-452e-8f09-3cc100fa8efc%3bDbl%3aMAPI.T%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d296%3bDbl%3aMBMC.T%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d4%3bDbl%3aMBLB.T%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d38748%3bI32%3aMB.C%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d79%3bF%3aMB.AL%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d3.708861%3bDbl%3aBudgUse.T%5b%5d%3d3172.03125%3bDbl%3aST.T%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d218%3bDbl%3aSTCPU.T%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d168%3bI32%3aATE.C%5blong2008.longsoho.local%5d%3d14%3bF%3aATE.AL%5blong2008.longsoho.local%5d%3d7.928571%3bI32%3aADW.C%5blong2008%5d%3d1%3bF%3aADW.AL%5blong2008%5d%3d1.0373%3bI32%3aROP.C%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d5584487%3bI32%3aADR.C%5blong2008%5d%3d2%3bF%3aADR.AL%5blong2008%5d%3d5.4412%3bI32%3aMAPI.C%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d183%3bI32%3aRPC.C%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d79%3bI32%3aADS.C%5blong2008%5d%3d16%3bF%3aADS.AL%5blong2008%5d%3d12.80039%3bDbl%3aRPC.T%5bLongExc2013.7eb9fc18-95f5-4da4-8ccd-2d8a7af51c50%5d%3d293%3bS%3aWLM.Cl%3dCustomerExpectation%3bS%3aWLM.Type%3dEas%3bS%3aWLM.Int%3dTrue%3bS%3aWLM.SvcA%3dFalse%3bS%3aWLM.Bal%3d480000%3bS%3aWLM.BT%3dEas_Budget:(D)Owner%3aSid%7eLONGSOHO%5clongsfi001%7eEas%7efalse%2cConn%3a0%2cMaxConn%3a10%2cMaxBurst%3a480000%2cBalance%3a480000%2cCutoff%3a600000%2cRechargeRate%3a1800000%2cPolicy%3aGlobalThrottlingPolicy%5F26354fbe-99bd-48b2-9071-7dc5db20a6ec%2cIsServiceAccount%3aFalse%2cLiveTime%3a00%3a00%3a20.3291632_ X-DiagInfo: LONGEXC2013 X-BEServer: LONGEXC2013 Cache-Control: private Content-Type: text/html; charset=utf-8 Set-Cookie: ClientId=KIRBTEDPCEYESTPCKFVW; expires=Sat, 13-Feb-2016 19:27:27 GMT; path=/; HttpOnly,X-BackEndCookie=S-1-5-21-2326041243-79130479-1692319487-1156=u56Lnp2ejJqByJqdxpmczsfSxsqZytLLm57L0secnJvSzZvHnsiemcrOnMrPgYHNz87K0s/M0s7Kq87Gxc3IxcvI; expires=Mon, 16-Mar-2015 00:27:47 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-FEServer: LONGEXC2013

Check the security permissions for that account in AD.  Make sure the "Include inheritable permissions from this object's parent" is checked. Then try again.

Hi John,

To view the Security tab in ADUC. Please click View, and make sure the Advanced Features option is checked for view. Then check the security permissions in Mike's suggestion.

Regards,

Very close now.

I added advanced to the view and the security tab is available. However, there is no "Include inheritable permissions from this object's parent" check box. Security properties have multiple groups ( I presume authenticated users to be the one I choose). Permissions does not include the inherit checkbox. I go to "Advanced" and I see a button at the bottom of the permissions window that says "Enable Inheritance". Is this what I should check?

I can provide screen shots, if necessary.

Server 2012 R2 ADUC

Mike,

As I pointed out in my post, there is no discernable checkbox that you labeled. There is "Enable Inheritance". When I selected this on a little used AD User, it had a VERY large warning so I did not apply it.  Where do I find the include inheritable permissions checkbox?

John,

  The checkbox is on 2008 and older Operating Systems.  The button "Enable Inheritance" and "Disable Inheritance" are the options now.  What is the warning?

Mike

Thanks for the location in 2012R2

It is a serious warning about what you are about to do. I will try on a little used account first.

It now works

Much Thanks

Great! Glad we finally got it!