locked
IMAP4 without VPN RRS feed

  • Question

  • hi

    i seem to be able to use IMAP4 via mobile services (iPhone) when on the LAN or connected via a VPN, but cannot get access to it within the VPN. I have checked my firewall/security for the obvious solutions and still no luck, any ideas?
    anf
    Tuesday, July 28, 2009 10:50 AM

Answers

  • its all over...
    finally got it working, main thing was to keep persisting with the https://www.testexchangeconnectivity.com/ website and once that is right the rest is easy...
    the IP being blocked was not on the default website in IIS but on a couple of its sub items, not sure why, but basically just had to go through them one by one until they were all granting access and done...

    thanks for the help mark, much appreciated...


    :)
    anf
    • Marked as answer by anf600 Friday, July 31, 2009 1:08 PM
    Friday, July 31, 2009 1:08 PM

All replies

  • Is there a reason you aren't using ActiveSync on the iPhone?
    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Tuesday, July 28, 2009 11:43 AM
  • Same reason only works if connected via VPN...
    anf
    Tuesday, July 28, 2009 11:47 AM
  • How do your users access OWA? Do they have to VPN in for that as well?

    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Tuesday, July 28, 2009 12:12 PM
  • Nope that works fine as well without the VPN...
    anf
    Tuesday, July 28, 2009 1:20 PM
  • ActiveSync should work in a similar fashion, without requiring anyone to be on the VPN. It is using the same ports.

    https://www.testexchangeconnectivity.com/


    Try running that for an ActiveSync test not on the VPN and see what type of result you get. It may already be open.
    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Tuesday, July 28, 2009 1:25 PM
  • Do you have a local firewall on the Exchange Server and multiple network interfaces? So for instance the IMAP port is blocked on the WAN side and allowed on the LAN side? (Assuming that VPN traffic hits the LAN interface.)

    Assuming you're not connecting Exchange directly to the Internet, and use ISA Server or something similar, I'd look over the firewall rules one more time to be sure. (Can you telnet to the IMAP port from an external location?)
    Tuesday, July 28, 2009 1:28 PM
  • I checked out the website wish i'd seen that earlier lol. It's connecting then finding an issue with my certificate so looks like I need 2 sort that out. I've read some posts that u don't need a cert. For mobile services do u no if that's rite before I try? On ur other post no ISA and local firewall is off for testing this... Il try the cert. And let uno thanx 4the help...
    anf
    Tuesday, July 28, 2009 1:42 PM
  • I don't think you NEED a cert, it will work of HTTP. However, I wouldn't recommend passing username and passwords over HTTP, you should have a cert so you can do HTTPS.
    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Tuesday, July 28, 2009 1:45 PM
  • Alright no probs that's wat I thought but was wondering 4troubleshooting. Thanks again and il keep u posted...
    anf
    Tuesday, July 28, 2009 1:49 PM
  • still no luck, i have added a manual certificate using the certificate services, OWA page loads fine with no messages regarding the certificate, but the website  https://www.testexchangeconnectivity.com/   gives the error: 'Certificate name validation failed'...



    any ideas?

    anf
    Wednesday, July 29, 2009 2:02 AM
  • Have you added the self signed certificate to the iPhone? It is probably giving that error since it can't validate it.

    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Wednesday, July 29, 2009 2:07 AM
  • grrrr, lol...
    still no luck, ive added it and cannot connect, the website seems to still say there is an issue with my certificate but not sure why...
    anf
    Wednesday, July 29, 2009 3:04 AM
  • If you don't require a certificate, are you able to connect? What do the logs say on the ActiveSync server?

    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Wednesday, July 29, 2009 3:07 AM
  • how do i stop the requirement for the certificate and where are the logs?
    anf
    Wednesday, July 29, 2009 3:59 AM
  • Hi Anf,


    If your desktop mail client(just like Outlook) can use IMAP4, but your iphone can't, please contact Apple or write a post on Apple community.

    For ActiveSync issue, What's your Exchange version? The server's external host name must match the name specified in the server certificate. When you run a test on https://www.testexchangeconnectivity.com/, it will guide you what to do when there is a failure. Have you done that? If you still have troubles, please paste the error page in that website here for our further discussion.

    Thanks,

    Elvis

    Wednesday, July 29, 2009 8:09 AM
  • hi

    The certificate matches the name im using and now i get the error on the website (https://www.testexchangeconnectivity.com/ ):


    A network error occurred while communicating with remote host:
    Exception Details:
    Message: Authentication failed because the remote party has closed the transport stream.


    anf
    Thursday, July 30, 2009 12:39 AM
  • ok after some more trial and error, my ssl is now validatiing on the testexchangeconnectivity.com website, but now i get the following error regarding permission:


    Http Authentication Test failed

    An HTTP 403 forbidden response was received. The response appears to have come from IIS6. Body is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
    <META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
    <STYLE type="text/css">
    BODY { font: 8pt/12pt verdana }
    H1 { font: 13pt/15pt verdana }
    H2 { font: 8pt/12pt verdana }
    A:link { color: red }
    A:visited { color: maroon }
    </STYLE>
    </HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

    <h1>You are not authorized to view this page</h1>
    The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
    <hr>
    <p>Please try the following:</p>
    <ul>
    <li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
    </ul>
    <h2>HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.<br>Internet Information Services (IIS)</h2>
    <hr>
    <p>Technical Information (for support personnel)</p>
    <ul>
    <li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
    <li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
    and search for topics titled <b>About Security</b>, <b>Limiting Access by IP Address</b>, <b>IP Address Access Restrictions</b>, and <b>About Custom Error Messages</b>.</li>
    </ul>

    </TD></TR></TABLE></BODY></HTML>

    anf
    Thursday, July 30, 2009 10:07 AM
  • Do you have any directory security set up on that site? From the error it would seem like you have a list of who is allowed to access it.

    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Thursday, July 30, 2009 12:57 PM
  • Na it's strange it's set 2all granted access. But I just read something bout re-running Internet wizard on the server management can correct it so I'll try that and c how I go...
    anf
    Thursday, July 30, 2009 1:29 PM
  • still no good, soooo close, lol...
    anf
    Friday, July 31, 2009 2:32 AM
  • its all over...
    finally got it working, main thing was to keep persisting with the https://www.testexchangeconnectivity.com/ website and once that is right the rest is easy...
    the IP being blocked was not on the default website in IIS but on a couple of its sub items, not sure why, but basically just had to go through them one by one until they were all granting access and done...

    thanks for the help mark, much appreciated...


    :)
    anf
    • Marked as answer by anf600 Friday, July 31, 2009 1:08 PM
    Friday, July 31, 2009 1:08 PM