"unable to verify account info" on the iPhone 4


  • I've set up the Active Sync in Exchange 2007 and it works for Exchange 2003 users but Exchange 2007 users are getting "unable to verify account info" on the iPhone 4.

    Any ideas?
    Friday, October 15, 2010 11:29 PM

All replies

  • So is it just iphone on 2007 or all devices on 2007?  You say that 2003 users work....are you using a different server adderss for the 2007 users, or trying to use the same?  If using the same name, is that name pointing to the 2003 or 2007 server?  Can you test user from: https://www.testexchangeconnectivity.com/ and report any errors?
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, October 15, 2010 11:55 PM
  • ExRCA is testing Exchange ActiveSync.
      The Exchange ActiveSync test failed.
    Test Steps
    Attempting to resolve the host name activesync. in DNS.
      Host successfully resolved
    Additional Details
    Testing TCP Port 443 on host activesync. to ensure it is listening and open.
      The port was opened successfully.
    ExRCA is testing the SSL certificate to make sure it's valid.
      The certificate passed all validation requirements.
    Test Steps
    The IIS configuration is being checked for client certificate authentication.
      Client certificate authentication wasn't detected.
    Additional Details
    Testing Http Authentication Methods for URL https://activesync./Microsoft-Server-Activesync/
      The HTTP authentication test failed.
    Additional Details

    An HTTP 500 response was returned from Unknown


    It's just the iphone on 2007. It's the same server address for 2003 and 2007 and it's pointing to a brand new 2007 server.

    Saturday, October 16, 2010 12:28 AM
  • Is the user a Domain Admin?  Check this link: http://technet.microsoft.com/en-us/library/dd439375(EXCHG.80).aspx

    To check whether inheritance is disabled on the user:

    1. Open Active Directory Users and Computers.
    2. On the menu at the top of the console, click View > Advanced Features.
    3. Locate and right-click the mailbox account in the console, and then click Properties.
    4. Click the Security tab.
    5. Click Advanced.
    6. Make sure that the check box for "Include inheritable permissions from this object's parent" is selected.

    If the user is a member of certain protected groups such as Domain Administrators, it is normal for this box to be unchecked. If you are experiencing a problem with members of these protected groups you should check the permissions on the AdminSDHolder object.

    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Saturday, October 16, 2010 12:36 AM
  • Yes the users are domain admins.

    The box is unchecked in security advanced.

    Where should I check for AdminSDHolder?

    Saturday, October 16, 2010 1:17 AM
  • So the recommendation of course is to not have Domain Admins with email accounts.  By best practice, you should have separated accounts for everyday and administration.

    Modifying the AdminSDHolder object is not something that should be taken lightly.  Here is a article that will explain the object in AD:


    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Saturday, October 16, 2010 1:24 AM
  • But the section those notes came out of said for Exchange 2010. My user is Exchange 2007.

    Active sync works on the Exchange 2003 server for mailbox on Exchange 2007 but not on the Active Sync 2007 server.

    Saturday, October 16, 2010 1:28 AM
  • I just had someone that's not a domain admin try and switch from ActiveSync on the Exchange 2003 server to Active Sync on the 2007 and she gets the same error. "Unable to verify account info"
    Saturday, October 16, 2010 1:45 AM
  • Same issue applies to 2007.  Does the iphone (or the test website mentioned above) sync to Exchange 2007 using a "regular" user?  If so, I think you have your answer.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Saturday, October 16, 2010 1:47 AM
  • No a regular user can't connect to the Active Sync Exchange 2007 server either.
    Saturday, October 16, 2010 1:53 AM
  • and the regular user has the  "Include inheritable permissions from this object's parent" box checked on the security tab?  Also check the same secutiy option on the OU.

    Ok...it seemed from the description above that this was just affecting one user on 2007.  So do any users work at all on 2007?

    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Saturday, October 16, 2010 1:57 AM
  • the regular user has the box unchecked.

    Sorry don't understand the check the same security option on the OU line.


    The only users that can connect to 2007 have mailboxes on 2003. Anyone with mailboxes on 2007 cannot connect.

    Saturday, October 16, 2010 2:07 AM
  • Check the  "Include inheritable permissions from this object's parent" box for the regular user.  Follow the instructions above if you need the step by step.  Allow for AD replication, then try the test again.  If you right-click, and select properties on the OU that the user resides in, you can run through the same steps for the check-box.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Saturday, October 16, 2010 2:10 AM
  • Tried that on a regular user and it still isn't working.
    Tuesday, October 19, 2010 12:16 AM
  • I had my phone setup correctly, was getting Exchange e-mail, then it stopped working.

    We had just updated some server software, maybe that was the start of it? Who knows.

    I deleted the account and tried to set it up again - no go - could not verify account, could not connect to server. Tried every combination of SSL on/off, Wi-Fi on/off, etc... for hours.

    What finally worked for me was to use the IP address for the Server instead of the name, and when entering my Username, I put a \ in front of the name. Suddenly it could immediately verify, connect, and sync my Exchange e-mails and calendar.

    When I go into Settings now and look at the Exchange settings, the Username appears WITHOUT the backslash, but it had to have the backslash there when setting it up before it would work. Sigh. Best of luck.

    Saturday, January 28, 2012 2:14 AM
  • Hi Guys,

    I'm having an issue with iPads and Exchange 2010.

    I have setup Exchange 2010 and configured Activesync. To test i
    ran ExRCA and it passed successfully. I also have a windows mobile and a
    Android 3.1 set up using the 2010 environment.

    We have a public
    certificate and require SSL enabled on the Activesync virtual directory.
    We also have http redirect enabled on the root to redirect to https and
    /owa but not on sub directories.

    Interestingly iphones seem to work.the ipads i've tried have been 5.0.1 and 5.1. Iphones that work have also been a mixture.

    get a Unable to verify account information error when trying to setup
    an exchange account. I also cannot browse to owa using safari from the
    ipads but can from all other devices and safari on my pc.

    I have done a reset network setting and even wiped a ipad but all with no joy. I'm really stuck.

    Any help would be great :)


    Friday, March 16, 2012 3:50 PM
  • Even I'm having the same issue with my iPhone 4S. our exchange is 2007 only. 

    Any help would be appreciated.

    Gangadhar Kotu, MCTS SharePoint 2010

    Please mark this post as answer if it solved your problem.

    Thursday, May 03, 2012 4:15 AM
  • Whitney, THANK YOU!!!!!!!!!!

    That was the only thing that helped me!!! It was so frustrating trying to figure that out!!!

    Tuesday, July 24, 2012 1:58 PM
  • We had the same problem here until I finally realized that 1 little check box needed to be selected and then everything worked. I forgot to put a checkmark in the box that says "Basic authentication (password is sent in clear text) under the section Server Configuration -> Client Access -> then in the properties of Microsoft-Server-ActiveSync under the tab called Authentication.

    Hope that helps you too.


    Friday, August 31, 2012 6:44 PM
  • Since this post comes up first for me on Google, I decided to respond to this post even though it's old. My co-worker had the same error. I found an article with some great tips.


    The tip that finally worked for me was verifying settings without any changes to the current configuration while not connected to our company's wifi. After I switched to 3G, it verified instantly. I switched back to wifi and was still able to receive mail on that exchange account. Our exchange admin had made some recent certificate changes and I think that may be related somehow.

    good luck iphone users!

    Eric Hula - CRM Administrator

    Thursday, January 10, 2013 2:12 PM