locked
Issue with Active Sync RRS feed

  • Question

  • Hello, we are currently having issues with users trying to access mail on their phones with active sync.

    Can someone please help


    Attempting the Autodiscover and Exchange ActiveSync test (if requested).
    Testing of Autodiscover for Exchange ActiveSync failed.
    Additional Details
    Elapsed Time: 557 ms.
    Test Steps
    Attempting each method of contacting the Autodiscover service.
    The Autodiscover service couldn't be contacted successfully by any method.
    Additional Details
    Elapsed Time: 557 ms.
    Test Steps
    Attempting to test potential Autodiscover URL https://***.biz:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
    Additional Details
    Elapsed Time: 472 ms.
    Test Steps
    Attempting to resolve the host name ***.biz in DNS.
    The host name resolved successfully.
    Additional Details
    IP addresses returned: 77.104.149.206
    Elapsed Time: 117 ms.
    Testing TCP port 443 on host ***.biz to ensure it's listening and open.
    The port was opened successfully.
    Additional Details
    Elapsed Time: 120 ms.
    Testing the SSL certificate to make sure it's valid.
    The SSL certificate failed one or more certificate validation checks.
    Additional Details
    Elapsed Time: 234 ms.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server ***.biz on port 443.
    The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
    Additional Details
    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
    Elapsed Time: 216 ms.
    Attempting to test potential Autodiscover URL https://autodiscover.***.biz:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
    Additional Details
    Elapsed Time: 40 ms.
    Test Steps
    Attempting to resolve the host name autodiscover.***.biz in DNS.
    The host name couldn't be resolved.
    Tell me more about this issue and how to resolve it
    Additional Details
    Host autodiscover.***.biz couldn't be resolved in DNS InfoDomainNonexistent.
    Elapsed Time: 40 ms.
    Attempting to contact the Autodiscover service using the HTTP redirect method.
    The attempt to contact Autodiscover using the HTTP Redirect method failed.
    Additional Details
    Elapsed Time: 10 ms.
    Test Steps
    Attempting to resolve the host name autodiscover.***.biz in DNS.
    The host name couldn't be resolved.
    Tell me more about this issue and how to resolve it
    Additional Details
    Host autodiscover.***.biz couldn't be resolved in DNS InfoDomainNonexistent.
    Elapsed Time: 10 ms.
    Attempting to contact the Autodiscover service using the DNS SRV redirect method.
    The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
    Additional Details
    Elapsed Time: 32 ms.
    Test Steps
    Attempting to locate SRV record _autodiscover._tcp.***.biz in DNS.
    The Autodiscover SRV record wasn't found in DNS.
    Tell me more about this issue and how to resolve it
    Additional Details
    Elapsed Time: 32 ms.
    Checking if there is an autodiscover CNAME record in DNS for your domain '***.biz' for Office 365.
    Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
    Tell me more about this issue and how to resolve it
    Additional Details
    There is no Autodiscover CNAME record for your domain '***.biz'.
    Elapsed Time: 1 ms.

    • Edited by TomasMac Thursday, August 16, 2018 9:49 AM
    • Edited by Manu Meng Friday, August 17, 2018 8:42 AM remove the sensitive information
    Thursday, August 16, 2018 9:29 AM

All replies

  • Hi TomasMac,

    To narrow down this issue, I want to confirm with you:

    1. Are you using Exchange online or Exchange on-premise?

    2. Could you login mailbox in Outlook client on a non-domain joined computer successfully?

    -----------------------------------------------------------------------------------------------------------------------------------

    >>The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

    From this information, we can know there exist some errors about your network or certificate, so I also want to confirm with you: whether all users cannot login mailbox on their mobile?

    About certificate, I suggest you use the command below to check if the certificate that you used includes your domain name and whether services are assigned to it:

    Get-ExchangeCertificate | fl Subject,Services,CertificateDomains

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, August 17, 2018 3:19 AM
  • Hi,

    We are using Exchange 2010 on-premise.

    All domain-connected clients work fine, I tried connecting using a non-domain connected PC and it kept asking for a password. 

    Owa works fine. Its only active sync that doesn't work after the certificate was changed a while back. I'm new the business and have not got much prior information, apart the certificate was changed.

    All mobile users used to be able to connect, now no mobile android or apple users are able to connect.

    Subject            : CN=ex.***.biz, OU=PositiveSSL, OU=Domain Control Validated
    Services           : IMAP, POP, IIS, SMTP
    CertificateDomains : {ex.***.biz, www.ex.***.biz}

    Regards,

    Tomas

    • Edited by Manu Meng Friday, August 17, 2018 8:44 AM Remove the sensitive information
    Friday, August 17, 2018 8:34 AM
  • Hi TomasMac,

    Do you tried to reconfigure account on mobile again? What kind of certificate do you use? If you use a certificate issued by internal CA, you should import this certificate to your mobile before configuring account on it.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, August 20, 2018 8:39 AM
  • I have tried to reconfigure mobile, no success. 

    The certificate is a third party one. 

    I can see the attempt in the log file if this helps at all.

    2018-08-20 11:32:50 10.2.0.10 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=isd%5Ctomas&DeviceId=*****&DeviceType=Outlook&Log=V0_LdapC18_LdapL79_UserInfo:UserMailbox_Mbx:***.**.***.local_Dc:**-dc.**.***.local_Throttle31_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f2%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a%24null%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F3ef96c93-3936-4d38-8735-e14426094d42%2cNorm_ 443 isd\*** **.**.***.4 Outlook-iOS-Android/1.0 200 0 0 2849


    • Edited by TomasMac Monday, August 20, 2018 1:25 PM
    Monday, August 20, 2018 1:11 PM