none
Iphone IOS 4 & UAG 2010 / Exchange 2010

    Question

  • Has anyone been succesful geting ios 4 or an iphone 4 to function with UAG 2010 & Exchange 2010?  Prior to moving to IOS 4, all of our iphones on os 3.x worked.  When we moved to ios 4, we are unable to send emails.  Please advise, any help on this would be greatly appreciated.
    Monday, June 28, 2010 1:01 PM

Answers

  • 6 hours in - apple confessed about this bug, it will be in a release of an OS update, NO ETA.
    • Marked as answer by LGI IT Thursday, July 1, 2010 8:07 PM
    Thursday, July 1, 2010 7:08 PM

All replies

  • Did u check the logs on UAG in webmonitor it could be a policy thats blocking iphone . Also how are u accessing exchange form iphone? is it OWA or something else? 
    Monday, June 28, 2010 1:53 PM
  • There are no policies blocking it.  What is odd is keep in mind everything worked for our iphones 3.x versions.  Once we upgraded the 3GS phones to IOS 4, users received emails, but could not send.  Same with Iphone 4s.  The only thing I see on occassion is the following message in UAG:

    Denied Connection

     

    Log type: Firewall service

    Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.

    Rule: None - see Result Code

    Source: External (x.x.x.x.:53409)

    Destination: Local Host (x.x.x.x.:443)

    Protocol: PublishingRule::Tcp443

     

    Lastly, we are publishing activesync

    Monday, June 28, 2010 2:00 PM
  • http://forums.isaserver.org/A_non-SYN_packet_was_dropped_%3F%3F%3F%3F/m_2002059102/tm.htm

    How are u publishing activesync? Is it with basic auth?

     

    http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/441cc6da-b380-47a5-8fe3-728fe2e42098

    and also check this thread, its for ISA but it could be the same thing.

    Monday, June 28, 2010 7:01 PM
  • Tried disabling RSS didn't do anything.  Also from other peers they have mentioned that would not be of material with UAG.

     

    Pretty sure we are using basic auth.  Keep in mind this worked with all other varities of the iphone.  IOS 4 has a problem with this.

    Monday, June 28, 2010 7:16 PM
  • so nobody is running iphone IOS 4 with success on UAG 2010 publishing activeysnc?  It would be great if I could find anyone who has had success with this config.  Or even perhaps the same problem with sending emails.
    Tuesday, June 29, 2010 2:24 PM
  • We're seeing the same thing -- UAG is publishing Exchange 2010. Any iPhone with iOS4 (3G device or Iphone 4) will not SEND email through UAG. Receiving mail and syncing folders works fine. We installed the config update yesterday that Apple posted (which increased the Activesync task timeout on the device from 30 seconds to 240 seconds) but that didn't address the issue with sending email. UAG has no problem with Iphone 3.x, Win Mobile, Droid, etc so we're sure it's an iPhone IOS 4 issue as others are reporting the same problems with Juniper SA reverse proxies. Also, I believe but can't confirm, that ISA 2006 is not presenting this problem and I can't get any information on a regular TMG server.

    Here is an excerpt from the actual iPhone device and then the same logs on UAG.

    Any ideas would be appreciated.

    Mark

     

    Debug output from iPhone:

    Fri Jun 25 15:15:47 Mosk-iPhone MobileMail[2407] <Warning>: EAS|/SourceCache/DataAccess/DataAccess-549.4/ActiveSync/ASTasks/ASSendMailTask.m:202 - Failure at index 0:

    Fri Jun 25 15:15:47 Mosk-iPhone MobileMail[2407] <Warning>: EAS|failure reason was Expected switch to compose mail code page Fri Jun 25 15:16:00 Mosk-iPhone CommCenter[32] <Notice>: apsd (0x0000efdf <-> 0x0001711f) is being killed for not responding.

     

     

    On the UAG server in the TMG logs around this time I get:

     

    Denied Connection

    LGIUAG01CT 6/25/2010 3:15:46 PM

    Log type: Firewall service

    Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.

    Rule: None - see Result Code

    Source: External (166.137.137.124:53409)

    Destination: Local Host (172.19.1.200:443)

    Protocol: PublishingRule::Tcp443

    Additional information

    1.                   Number of bytes sent: 0 Number of bytes received: 0

    2.                   Processing time: 0ms Original Client IP: 166.137.137.124

     

    And

     

     

    Closed Connection

    LGIUAG01CT 6/25/2010 3:15:46 PM

    Log type: Firewall service

    Status: A connection was abortively closed after one of the peers sent an RST packet.

    Rule: PublishingRule::Trunk#001

    Source: External (166.137.137.124:53409)

    Destination: Local Host (172.19.1.200:443)

    Protocol: PublishingRule::Tcp443

    Protocol: PublishingRule::Tcp443

    Additional information

    3.                   Number of bytes sent: 0 Number of bytes received: 0

    4.                   Processing time: 0ms Original Client IP: 166.137.137.124

     


    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Tuesday, June 29, 2010 8:57 PM
  • not yet. but they may post on this thread that I opened on apples site, so keep your eyes peeled.

     

    http://discussions.apple.com/thread.jspa?messageID=11800282#11800282

    Tuesday, June 29, 2010 11:00 PM
  • I have the same issue with publishing EAS on ISA 2004. Everything worked like a charm with E2K10 mailboxes on iOS 3.1.3 and prior.

    Then they used EAS version 12 and earlier. Now in iOS 4 they use EAS version 14. I dont think they did the implementation right.

    We are also good on everything EXCEPT sending mail. It is very frustrating. I reported this and worked with Apple since Beta 1 of iOS 4 and still nothing.


    Exchange Freak | @ntpro | http://geekswithblogs.net/ntpro
    Tuesday, June 29, 2010 11:08 PM
  • I find it hard to believe that nobody else is using apple's IOS 4 and UAG 2010.   Any help or thoughts on this would be great.
    Wednesday, June 30, 2010 11:25 AM
  • I'm trying to collect some data from others here on the forum, if you're experiencing this would you mind providing the following info?

    • Exchange Server Version?
    • Reverse Proxy Version (UAG, TMG, IAG, ISA 2006, 2004, etc)?
    • Is your Reverse Proxy downstresm from another firewall?
    • Do you only have the problem with iPhone iOS 4 when Sending Email e.g. do all folders/calendar sync but you just can't send?
    • Do you still have the "can't send" problem when the reverse proxy is not in the data path? For example, if you connect the iPhone to the internal network's WiFi and connect directly to Exchange therefore bypassing UAG/ISA, etc?

    Thanks all!

    Mark


    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Wednesday, June 30, 2010 2:32 PM
  • Non-working config:

    Exchange 2010, UAG, Yes, Yes, Not sure

    Working config:

    Exchange 2007, TMG, Yes, No problem, N/A

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, June 30, 2010 3:53 PM
    Moderator
  • Non-Working Config:

    • Exchange 2010 with iOS 4
    • ISA Server 2004
    • Yes
    • ISA Servers x 2 in a F5 NLB pool
    • Sending only is an issue
    • Cant t test this in our environment
    Working Config:
    • Exchange Server 2003 with iOS4
    • ISA Server 2004
    • Yes
    • ISA Servers x2 in a F5 NLB pool
    • or Exchange 2010 with iOS 3.1.3 all else same as Non-Working config


    Exchange Freak | @ntpro | http://geekswithblogs.net/ntpro
    Wednesday, June 30, 2010 4:30 PM
  • I've done testing in my lab with ISA 2006, TMG, and UAG.

    I can only reproduce the problem with UAG publishing Exchange 2010.

    http://marksmith.netrends.com/Lists/Posts/Post.aspx?ID=104

    Mark


    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Wednesday, June 30, 2010 11:34 PM
  • Does this help: http://support.apple.com/kb/TS3398

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, July 1, 2010 12:08 AM
    Moderator
  • Nope the profile fix doesn't help (it increases the EAS task timeout from 30 seconds to 240 but still doesn't address the send mail issue)

     

    Mark


    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Thursday, July 1, 2010 12:35 AM
  • Hi,

      I'm not able to say anything particularly useful to help out here but I'll try and reply.  From what I've heard and read, the issue appears to be related to iOS4 and Exchange 2010, regardless of what's between the two.  There seems to be some specific scenario around the trigger / cause of the issue as not every iOS4 user seems to experience this problem.  I would guess that it will not be of much help or a particularly useful expenditure of time, but if one of you is willing to open up a support case we can collect synced traces from iPhone <-> UAG <-> Exchange2010 and collaborate with the Exchange support team try to determine what scenario is causing the issue.  From previous cases like this it is likely to take a VERY significant amount of time as there is no automated way to correlate the 3 logs other than a manual read of the very verbose logs.  That said if the problem is with the iOS4 implementation of EAS14 there is likely little to nothing that we can do to assist other than wait for Apple to release a fix.

    Wish I had better news.
    Regards,
    Dan Herzog
    Microsoft CSS IAG/UAG Support

    Thursday, July 1, 2010 7:50 AM
    Moderator
  • Dan,

     

    I have a case opened up with Microsoft.  Hopefully we could identify the problem.  Is there something different in EAS14 compared to previous version?  Also, any insight on why this would work with ISA 2006 and not UAG 2010?

    Thursday, July 1, 2010 12:45 PM
  • Please let us know what you find.
    Exchange Freak | @ntpro | http://geekswithblogs.net/ntpro
    Thursday, July 1, 2010 12:56 PM
  • will do
    Thursday, July 1, 2010 1:22 PM
  • Looks like there is an Exchange Sync fix released from Apple for IOS 4

    http://www.engadget.com/2010/06/30/apple-patches-ios-4-exchange-issue/


    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    • Proposed as answer by TWHarrington Thursday, July 1, 2010 4:03 PM
    Thursday, July 1, 2010 4:03 PM
  • Yup, this was released earlier this week (Jason Jones post above has the Apple link) and mainly addresses the issue where users can't sync folders at all. In short it increases the EAS sync task timeout from 30 seconds to 240 seconds.

    It does not, however, fix the issue we're seeing with the device not being able to send through UAG/ISA.

    Mark


    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Thursday, July 1, 2010 5:12 PM
  • Update, been on the phone with MSFT for roughly 3 1/2 hours.  They have been fantastic and have ruled out any issues on UAG/TMG/Exchange 2010, but are offering up an abundance of information to apple.  Though Apple does not seem to be cooperative on this matter at all and after 2 hours on the phone with them and MSFT, they patched me in through to MICROSOFT and dropped the call.  Meanwhile I have been on the phone with the PSS team for hours.  We are on the phone again trying to get details. 
    Thursday, July 1, 2010 5:39 PM
  • 6 hours in - apple confessed about this bug, it will be in a release of an OS update, NO ETA.
    • Marked as answer by LGI IT Thursday, July 1, 2010 8:07 PM
    Thursday, July 1, 2010 7:08 PM
  • Hi,

      Glad to hear our team was able to help, and I'm sorry that we didn't have this infromation earlier to save you the time and the call.

    Regarding the timeout change for iOS4 from 30seconds to 4 min I can unfortunatly only share the following message from our Exhange team. 

    Apple implemented changes to how the iPhone utilizes Exchagne ActiveSync when they recently released the iOS 4 update for the iPhone.  These changes impact Exchange Server 2003/2007/2010 in a way that causes increased load to the mailbox server and thus negatively impacts performance.  All technical details on these changes must come from Apple as Microsoft does not comment on 3rd party implementations of the Exchange ActiveSync protocol and only guarantees the fidelity of the Exchange ActiveSync experience when used with Windows Phone devices.  Apple has requested we share the following Apple KB article with our customers as the resolution to this issue: http://support.apple.com/kb/TS3398

    In speaking with the Exchange Support Team earlier today they also provided the following information, there appear to be the following Apple KBs also available for other issues with iOS4 and Exchange/ActiveSync.

    iOS 4: Unable to configure a repeating event for an Exchange account - http://support.apple.com/kb/TS3359
    iOS 4: Unable to resolve unicast DNS names that end in .local - http://support.apple.com/kb/TS3389

    Hope this information helps anyone who's having issues.

    Regards,
    Dan Herzog
    Microsoft CSS IAG/UAG Support

    Thursday, July 1, 2010 10:59 PM
    Moderator
  • Helo , If this info can help in debugging this issue, iOS4 and EX2010 will not work also when the reverse Proxy is Squid.

    Regards,

    Tzali Sagiv

     

     

    Wednesday, July 7, 2010 10:21 PM
  • Hello

    same issue with iOS4 and EX2010 and Nginx or Squid as reverse Proxy.

    Regards

    Tuesday, July 13, 2010 1:53 PM
  • I have the same setup described and am experiencing this problem.

    Has there been any progress made in this area?  Is there a workaround, such as modifying UAG/TMG policy?  An included fix in Update Rollup 5 of Exchange 2010?  Some other hotfix Microsoft can provide more quickly, until Apple updates iOS?

    The Apple implementation of EAS14 appears to be at fault.  Hopefully it will be addressed by iPhone 4.0.1 or 4.1.  This thread provides insight:

    http://discussions.apple.com/thread.jspa?threadID=2470316&start=120&tstart=0

    Wednesday, July 14, 2010 1:42 AM
  • issue was fixed with the iOS update 4.0.1.

    Exchange2010 and Squid as reverse Proxy -> working

    Exchange2010 and Ngnix as reverse Proxy -> working

    • Proposed as answer by isnu Saturday, July 17, 2010 11:10 AM
    Saturday, July 17, 2010 11:10 AM
  • The issue has not been fixed with UAG using iOS update 4.0.1

     


    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Saturday, July 17, 2010 12:53 PM
  • The issue is not fixed in 4.0.1 - however, it is included as a fix in 4.1 which is currently in beta 1. I would think it should be out soon - 30 days perhaps?
    Exchange Freak | @ntpro | http://geekswithblogs.net/ntpro
    Monday, July 19, 2010 2:21 PM
  • This is our configuration and Send is still not working after the 4.0.1 update.  Any other thoughts anyone?
    Wednesday, July 21, 2010 4:16 PM
  • Hi,

      As I understand the fix in 4.0.1 update is related to the previously discussed timeout settings addressed in the Apple KB http://support.apple.com/kb/TS3398 and is not related at all to the iOS 4 implemetation of EAS 14 that's causing the issues you are facing.  I do not belive Apple has yet confirmed when the bug that they confirmed to LGI IT in this thread.

    Regards,
    Dan Herzog
    Microsoft CSS IAG/UAG Support

    Thursday, July 22, 2010 8:01 AM
    Moderator
  • I have heard from friends that are beta testing 4.1 (NOT 4.0.1) that it fixes this bug. It is in beta 2. However, Apple has not advertised a final release date.
    Exchange Freak | @ntpro | http://geekswithblogs.net/ntpro
    Saturday, July 31, 2010 8:08 PM