Monday, October 15, 2012

Apple iPhone iOS6 and Exchange Autodiscover

You may be wondering why iOS6 on the Apple iPhone does not Autodiscover anymore?  It doesn't work!  We have done extensive testing with multiple mobile devices on Exchange Server 2010 SP2 UR4:

iPhone (4 or 4S) running IOS5 works great
iPhone (4, 4S or 5) running IOS6 does not work.

This article was posted 16/10/2012 - Apple might release an update for IOS6 which resolves this issue in the near future which will make this article redundant.

54 comments:

  1. Yep, I can concur. Exchange 2010SP2RU4v1 as CAS.
    Same for when the mailbox is on 2007 (with the 2010 CAS).
    I saw that @JasonSherry tweeted that when upn=mailaddres it does work.

    ReplyDelete
  2. Yes your correct only when the UPN matches there mailaddress does it work which is not the case for most organisations.

    ReplyDelete
  3. Can you describe the symptoms of this issue? Will it affect already provisioned phones?

    ReplyDelete
  4. The symptom is your phone will ask you for the Exchange server address when attempting to setup an Exchange profile on the device. This is ususally autodiscovered.

    No it will not effect already provisioned phones.

    ReplyDelete
  5. it your phone will ask you for the Exchange server address when attempting to setup an Exchange profile on the device.coque iphone 4

    ReplyDelete
  6. thanks for sharing.

    ReplyDelete
  7. This has saved me ripping my hair out, thanks!!

    ReplyDelete
  8. We're on Exchange Server 2010 SP2 UR2, and going through ISA Server 2006. I can confirm it does work with iOS6.0, but the email name (before the @) must match their AD username (FYI we have a .local UPN). Hope that helps someone!

    ReplyDelete
  9. Hi guys,

    To ensure people do not get confused:

    If the users email address matches their UPN suffix it will work. For most organizations this is not the case.

    If the users email address does not match the UPN it will fail. This is because IOS6 no longer asks for the username like IOS5 did. It tries to authenticate with the email address as the username.

    Hope this makes sense

    Regards,
    Clint

    ReplyDelete
  10. Hi Clint, I can assure you the users UPN does not match their email address. The key to it (for us) was to set the ActiveSync IIS folder to use 'basic authentication' and make sure you set the 'default domain' to your internal NetBIOS name, failure to do this will stop autodiscover from filling out the details automatically.
    Regards,
    Terry

    ReplyDelete
  11. Hi Terry,

    From my experiance IOS5 asks for:

    Email Address
    Username
    Password
    Description

    IOS6 asks for:

    Email Address
    Password
    Description

    Because IOS6 does not ask for username you cannot enter domain\username which is required for the authentication. Only if your email address matches the UPN suffix can it authenticate using the email address instead of domain\username.

    Regardless if you populate the Default Domain field or not within the Active Sync IIS folder, how are you going to authenticate if you do not have the field to enter the username?

    Regards,
    Clint

    ReplyDelete
  12. Hi Clint, the username is derived from the email address, if we use an email that doesn't match the username it will fail e.g. username = terryj, so tj@domain.com will fail, but terryj@domain.com will authenticate successfully (but don't forget that default domain name!)
    HTH
    Regards,
    Terry

    ReplyDelete
  13. Hi Terry,

    It's not derived from the email address, it's using a UPN suffix in your instance. Please read into what UPN suffixes are and what they are used for so you understand.

    Regards,
    Clint

    ReplyDelete
  14. Your articles are very well written and unique.
    this URL

    ReplyDelete
  15. Hi Clint, there are no other UPN suffix's in our domain, just the .local UPN (our email addresses are .co.uk, so don't match the UPN).

    I'd like to just state again, that iOS 5 and 6 works with autodiscovery in our environment. To help others who may google this in future, our setup:
    We're on Exchange Server 2010 SP2 UR2, and using ISA Server 2006 for all iPhone / iPad users.
    For IIS the default settings should already set (if not see here: http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx), the ActiveSync folder should already be using 'basic authentication', just make sure you set the 'default domain' (for basic auth) to your internal NetBIOS name.
    I'm also assuming you've setup a different external URL for external users already (if not see: http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html), we're using a wildcard cert and not a SAN cert, but it works just as well.
    ISA server is pretty easy to setup, just follow the many guides on the net, one point to note, break out autodiscovery on it's own, set Users to 'All Users', Authentication Delegation to either 'basic' or 'no delegation, but client may authenticate directly'. One thing that caught us out was in the listener -> Authentication -> Advanced -> Require all users to authenticate, was ticked (untick it or the All Users entry will not work).

    Regards,
    Terry

    ReplyDelete
  16. One last thing you need to do, in IIS you'll need to set NTFS permissions on the autodiscover virtual directory to include everyone (as it uses basic authentication as the preferred choice).
    So go to:
    IIS manager -> Sites -> Default Web Site -> Autodiscover -> 'Right Click' -> Edit Permissions... -> 'Security' tab -> Edit... -> Add.. -> type: Everyone -> OK -> OK -> OK (Job done!)

    Regards,
    Terry

    ReplyDelete
  17. Here are the logs from our IIS server (using an iPhone4 with iOS6) to prove it's not purley a UPN issue:

    2012-11-16 18:02:29 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 109
    2012-11-16 18:02:29 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 62
    2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 0
    2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 15
    2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 62
    2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 0
    2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj@domain.com p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 0
    2012-11-16 18:02:31 e.e.e.e POST /Autodiscover/Autodiscover.xml - 443 terryj p.p.p.p Apple-iPhone4C1/1001.403 401 1 1326 62

    Notice it tries the username first, THEN the email address? This is why it works using basic auth (and why it needs to match their AD account), in combination with the default domain name and the everyone permissions on the autodiscover folder in IIS.

    Regards,
    Terry

    ReplyDelete
  18. The innovative solution in the iPhone was to remove the traditional keyboard; instead, there is a touch screen supported by the Multi-Touch technology. No stylus is needed; everything is operated with the use of a finger or multiple fingers. Coque iphone 4

    ReplyDelete
  19. Great blog you people have maintained there, I totally appreciate the work.
    restore iphone contacts

    ReplyDelete
  20. This is a great article. I too thought IOS6 and Autodiscover would not work. After playing with our Exchange this weekend, I can confirm these settings DO work! However there was one "gotcha" I'd like to throw out there for anyone else. When you set the "Default Domain" in IIS, you also MUST set "Realm" to the internal domain name as well. At first all I did was set the Default Domain and left Realm blank and it did not work. As soon as I set Realm, Autodiscover worked beautifully!!

    ReplyDelete
  21. I had to make the autodiscover folder (basic authentication) use the 'default domain' as well.

    ReplyDelete
  22. Why are people still amazed that iOS 6 works with autodiscover? The guy never said it does not if you read the comments! The simple fact is that the UPN needs to match the users email address. If that is the case, autodiscover works fine. If, however, the logon name does NOT match the email address then there is absolutely no way the iOS device knows the logon name to use with the password and that is when autodiscover fails. It's as simple as that really. If the UPN matches the email and you have a default domain set in IIS then iOS works fine.

    ReplyDelete
  23. Now its time to use latest technology. iphone ipad and other latest technology made our life so easy.

    ReplyDelete
  24. Does anyone know how to acomplish this in a multi-domain forest? Oyr root contains all the servervices for multiple companies. Therefor, we cannot use the default domain or realm. All our users login with UPN on all workstations and other access points. The UPN is bumbed against the AD until it is found so works with all companies. The suggestions I see here are only for single domain and will not work with multi domain. True?

    ReplyDelete
  25. This is so amazing and unbelievable. I like your info. en ucuz iphone 5

    ReplyDelete
  26. Thanks for sharing this amazing tips. This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality resource for free. - on the main page

    ReplyDelete
  27. Nice post with great details. I really appreciate your info. Thanks for sharing this lovely tips. ucuz iphone

    ReplyDelete
  28. Wonderful blog you have shared a great information here in this great blog.
    Thesis Help
    Essay Writer Australia

    ReplyDelete
  29. great stuff that you have shared here in this blog keep posting the good work in up coming days.
    Thesis Help
    Essay Writer

    ReplyDelete
  30. Apple Trade In AppleShark is one of the best places to sell your iPhone or other Apple device. It doesn't matter if your iPhone is old, has a cracked screen, or wont turn on. If you have an iphone to sell, appleshark will make you a competitive offer. When you have an Apple product that you want to get rid of, you have two choices: you can sell or recycle. As a re-commerce service, appleshark specializes in buying Apple products you don't want anymore. You can sell your iPhone, iPad, iPod, Mac Apple TV, or virtually any other Apple device that you can name.

    ReplyDelete
  31. Key Elements Sociology Homework & Assignment Help, Key Elements Political scientists Thomas R. Dye and Harmon Zeigler (2008) have summarized the key elements of pluralism.
    Sociology Homework Help
    Assignment Writing Services

    ReplyDelete
  32. Hi buddy, your blog' s design is simple and clean and i like it. Your blog posts about Online Dissertation Help are superb. Please keep them coming. Greets!!. Java Homework Help Responses Java Assignment Help

    ReplyDelete
  33. Buy unlocked apple iphone from Shopprice Australia. For sleek Apple design and pioneering technology, choose from the new range of Apple products.

    ReplyDelete
  34. Thanks your blog is awesome.
    thanks for sharing information.
    videocon plan
    Videocon Telecom invests approx Rs 130 Cr to upgrade its network to 2.75G EDGE, a 3G standard technology, to enhance Customer experience on data speed. Rolls out a full-fledged marketing campaign to get Customer attention.

    ReplyDelete
  35. I like your working style. Your blog is so interesting and nice. You have done superb job. Thanks for sharing. Accounting Dissertation Help

    ReplyDelete
  36. Great Information,it has lot for stuff which is informative.I will share the post with my friends. Cancer Medical Assignment Help

    ReplyDelete
  37. Well thanks for posting such an outstanding idea. I like this blog & I like the topic and thinking of making it right. Ohm's Law Projects

    ReplyDelete
  38. I appreciate this work amazing post for us I like it. Stats Homework Help

    ReplyDelete
  39. We are Number 1 website in Medical Assignments Help - Hire us for A grade consultation of your Medical Science Homework, assignments and other academic papers.
    Medical Assignment Help

    ReplyDelete
  40. Our website is number 1 in AutoCad Help. This is preferred destination for various students to get their Autocad assignments and Autocad Projects and Homework Done.
    Autocad Assignment Help

    ReplyDelete
  41. Thanks a lot for the awesome read!I know this is an older post, but great nonetheless. Qualified and reputable essay editing service - edit-ing.services work truly hard in order to provide you with absolutely original essays; register and login with the credentials to place an order.

    ReplyDelete
  42. Thanks for sharing useful information

    Item, Tariff. Use of USSD for USSD-based mobile banking services Charge for outgoing USSD session for USSD based mobile banking services, Rs. 1.50 per ...

    ReplyDelete
  43. Great information
    Videocon offers a wide range of mobile handsets with great data plans for both prepaid and postpaid mobiles.

    ReplyDelete
  44. You have got some great posts in your blog. Keep up with the good work. read this

    ReplyDelete
  45. Your blog is really amazing and thanks for sharing.
    Case Study Solutions Help

    ReplyDelete
  46. ordervenue is big online shopping plateform to choice our product at a affordable price.
    ordervenue

    ReplyDelete