You may be wondering why iOS6 on the Apple iPhone does not Autodiscover anymore? It doesn't work! We have done extensive testing with multiple mobile devices on Exchange Server 2010 SP2 UR4:
iPhone (4 or 4S) running IOS5 works great
iPhone (4, 4S or 5) running IOS6 does not work.
This article was posted 16/10/2012 - Apple might release an update for IOS6 which resolves this issue in the near future which will make this article redundant.
iPhone (4 or 4S) running IOS5 works great
iPhone (4, 4S or 5) running IOS6 does not work.
This article was posted 16/10/2012 - Apple might release an update for IOS6 which resolves this issue in the near future which will make this article redundant.
Yep, I can concur. Exchange 2010SP2RU4v1 as CAS.
ReplyDeleteSame for when the mailbox is on 2007 (with the 2010 CAS).
I saw that @JasonSherry tweeted that when upn=mailaddres it does work.
Yes your correct only when the UPN matches there mailaddress does it work which is not the case for most organisations.
ReplyDeleteCan you describe the symptoms of this issue? Will it affect already provisioned phones?
ReplyDeleteThe symptom is your phone will ask you for the Exchange server address when attempting to setup an Exchange profile on the device. This is ususally autodiscovered.
ReplyDeleteNo it will not effect already provisioned phones.
it your phone will ask you for the Exchange server address when attempting to setup an Exchange profile on the device.coque iphone 4
ReplyDeleteThis has saved me ripping my hair out, thanks!!
ReplyDeleteWe're on Exchange Server 2010 SP2 UR2, and going through ISA Server 2006. I can confirm it does work with iOS6.0, but the email name (before the @) must match their AD username (FYI we have a .local UPN). Hope that helps someone!
ReplyDeleteHi guys,
ReplyDeleteTo ensure people do not get confused:
If the users email address matches their UPN suffix it will work. For most organizations this is not the case.
If the users email address does not match the UPN it will fail. This is because IOS6 no longer asks for the username like IOS5 did. It tries to authenticate with the email address as the username.
Hope this makes sense
Regards,
Clint
Hi Clint, I can assure you the users UPN does not match their email address. The key to it (for us) was to set the ActiveSync IIS folder to use 'basic authentication' and make sure you set the 'default domain' to your internal NetBIOS name, failure to do this will stop autodiscover from filling out the details automatically.
ReplyDeleteRegards,
Terry
Hi Terry,
ReplyDeleteFrom my experiance IOS5 asks for:
Email Address
Username
Password
Description
IOS6 asks for:
Email Address
Password
Description
Because IOS6 does not ask for username you cannot enter domain\username which is required for the authentication. Only if your email address matches the UPN suffix can it authenticate using the email address instead of domain\username.
Regardless if you populate the Default Domain field or not within the Active Sync IIS folder, how are you going to authenticate if you do not have the field to enter the username?
Regards,
Clint
Hi Clint, the username is derived from the email address, if we use an email that doesn't match the username it will fail e.g. username = terryj, so tj@domain.com will fail, but terryj@domain.com will authenticate successfully (but don't forget that default domain name!)
ReplyDeleteHTH
Regards,
Terry
Hi Terry,
ReplyDeleteIt's not derived from the email address, it's using a UPN suffix in your instance. Please read into what UPN suffixes are and what they are used for so you understand.
Regards,
Clint
Your articles are very well written and unique.
ReplyDeletethis URL
Hi Clint, there are no other UPN suffix's in our domain, just the .local UPN (our email addresses are .co.uk, so don't match the UPN).
ReplyDeleteI'd like to just state again, that iOS 5 and 6 works with autodiscovery in our environment. To help others who may google this in future, our setup:
We're on Exchange Server 2010 SP2 UR2, and using ISA Server 2006 for all iPhone / iPad users.
For IIS the default settings should already set (if not see here: http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx), the ActiveSync folder should already be using 'basic authentication', just make sure you set the 'default domain' (for basic auth) to your internal NetBIOS name.
I'm also assuming you've setup a different external URL for external users already (if not see: http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html), we're using a wildcard cert and not a SAN cert, but it works just as well.
ISA server is pretty easy to setup, just follow the many guides on the net, one point to note, break out autodiscovery on it's own, set Users to 'All Users', Authentication Delegation to either 'basic' or 'no delegation, but client may authenticate directly'. One thing that caught us out was in the listener -> Authentication -> Advanced -> Require all users to authenticate, was ticked (untick it or the All Users entry will not work).
Regards,
Terry
One last thing you need to do, in IIS you'll need to set NTFS permissions on the autodiscover virtual directory to include everyone (as it uses basic authentication as the preferred choice).
ReplyDeleteSo go to:
IIS manager -> Sites -> Default Web Site -> Autodiscover -> 'Right Click' -> Edit Permissions... -> 'Security' tab -> Edit... -> Add.. -> type: Everyone -> OK -> OK -> OK (Job done!)
Regards,
Terry
Here are the logs from our IIS server (using an iPhone4 with iOS6) to prove it's not purley a UPN issue:
ReplyDelete2012-11-16 18:02:29 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 109
2012-11-16 18:02:29 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 62
2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 0
2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 15
2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 62
2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 0
2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 0
2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 62
Notice it tries the username first, THEN the email address? This is why it works using basic auth (and why it needs to match their AD account), in combination with the default domain name and the everyone permissions on the autodiscover folder in IIS.
Regards,
Terry
looks great but too unbelievable
ReplyDeleteGreat blog you people have maintained there, I totally appreciate the work.
ReplyDeleterestore iphone contacts
This is a great article. I too thought IOS6 and Autodiscover would not work. After playing with our Exchange this weekend, I can confirm these settings DO work! However there was one "gotcha" I'd like to throw out there for anyone else. When you set the "Default Domain" in IIS, you also MUST set "Realm" to the internal domain name as well. At first all I did was set the Default Domain and left Realm blank and it did not work. As soon as I set Realm, Autodiscover worked beautifully!!
ReplyDeleteI had to make the autodiscover folder (basic authentication) use the 'default domain' as well.
ReplyDeleteWhy are people still amazed that iOS 6 works with autodiscover? The guy never said it does not if you read the comments! The simple fact is that the UPN needs to match the users email address. If that is the case, autodiscover works fine. If, however, the logon name does NOT match the email address then there is absolutely no way the iOS device knows the logon name to use with the password and that is when autodiscover fails. It's as simple as that really. If the UPN matches the email and you have a default domain set in IIS then iOS works fine.
ReplyDeleteNow its time to use latest technology. iphone ipad and other latest technology made our life so easy.
ReplyDeleteDoes anyone know how to acomplish this in a multi-domain forest? Oyr root contains all the servervices for multiple companies. Therefor, we cannot use the default domain or realm. All our users login with UPN on all workstations and other access points. The UPN is bumbed against the AD until it is found so works with all companies. The suggestions I see here are only for single domain and will not work with multi domain. True?
ReplyDeleteThis is so amazing and unbelievable. I like your info. en ucuz iphone 5
ReplyDeleteThanks for sharing this amazing tips. This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality resource for free. - on the main page
ReplyDeleteNice post with great details. I really appreciate your info. Thanks for sharing this lovely tips. ucuz iphone
ReplyDeleteWonderful blog you have shared a great information here in this great blog.
ReplyDeleteThesis Help
Essay Writer Australia
great stuff that you have shared here in this blog keep posting the good work in up coming days.
ReplyDeleteThesis Help
Essay Writer
Apple Trade In AppleShark is one of the best places to sell your iPhone or other Apple device. It doesn't matter if your iPhone is old, has a cracked screen, or wont turn on. If you have an iphone to sell, appleshark will make you a competitive offer. When you have an Apple product that you want to get rid of, you have two choices: you can sell or recycle. As a re-commerce service, appleshark specializes in buying Apple products you don't want anymore. You can sell your iPhone, iPad, iPod, Mac Apple TV, or virtually any other Apple device that you can name.
ReplyDeleteAustralia Assignment Help for MBA
ReplyDeleteAssignment Help in Adelaide
Do Assignment Help on Economics
Key Elements Sociology Homework & Assignment Help, Key Elements Political scientists Thomas R. Dye and Harmon Zeigler (2008) have summarized the key elements of pluralism.
ReplyDeleteSociology Homework Help
Assignment Writing Services
Hi buddy, your blog' s design is simple and clean and i like it. Your blog posts about Online Dissertation Help are superb. Please keep them coming. Greets!!. Java Homework Help Responses Java Assignment Help
ReplyDeleteBuy unlocked apple iphone from Shopprice Australia. For sleek Apple design and pioneering technology, choose from the new range of Apple products.
ReplyDeleteGreat blog. Thanks for sharing info.
ReplyDeleteassignment help Australia
Writing Essay Service
Fantastic post I like it. Keep it up Biology Assignment Help
ReplyDeleteI like your working style. Your blog is so interesting and nice. You have done superb job. Thanks for sharing. Accounting Dissertation Help
ReplyDeleteGreat Information,it has lot for stuff which is informative.I will share the post with my friends. Cancer Medical Assignment Help
ReplyDeleteWell thanks for posting such an outstanding idea. I like this blog & I like the topic and thinking of making it right. Ohm's Law Projects
ReplyDeleteI appreciate this work amazing post for us I like it. Stats Homework Help
ReplyDeleteAssignment Help
ReplyDeleteWe are Number 1 website in Medical Assignments Help - Hire us for A grade consultation of your Medical Science Homework, assignments and other academic papers.
ReplyDeleteMedical Assignment Help
Thanks a lot for the awesome read!I know this is an older post, but great nonetheless. Qualified and reputable essay editing service - edit-ing.services work truly hard in order to provide you with absolutely original essays; register and login with the credentials to place an order.
ReplyDeleteYou have got some great posts in your blog. Keep up with the good work. read this
ReplyDeleteYour blog is really amazing and thanks for sharing.
ReplyDeleteCase Study Solutions Help
ordervenue is big online shopping plateform to choice our product at a affordable price.
ReplyDeleteordervenue