Spotting the five most common iPhone and Exchange ActiveSync problems

Are your iPhone users having difficulty connecting to Exchange? Before you do anything else, check these five trouble spots.

Although the iPhone is designed to connect to Exchange Server with ActiveSync, administrators and users have reported...

a number of issues. Before you allow your users to connect their iPhones to Exchange, take a look at the five most pervasive iPhone and Exchange 2010 connectivity problems and their solutions.

1. Coexistence challenges
The most widely reported issue is an Autodiscover compatibility problem that prevents an iPhone from connecting to Exchange. It occurs if the iPhone user’s mailbox resides on Exchange Server 2007 in a mixed Exchange 2007 and Exchange 2010 environment.

In this setup, mobile devices that run ActiveSync version 12.0 or lower connect to the Exchange 2010 client access server (CAS) and are then proxied to the Exchange 2007 CAS. Newer versions of ActiveSync use the Autodiscover service to determine which CAS that devices connect to.

The iPhone 4 uses a version of ActiveSync that should be able to use the Autodiscover service. Unfortunately, it does not work correctly. Users that have difficulty connecting an iPhone to an Exchange 2007 mailbox server in a mixed environment have three options:

  1. Wait for Apple to fix the problem.
  2. Move the mailbox to an Exchange 2010 mailbox server.
  3. Force the CAS to proxy the connection. This is done with the following Exchange Management Shell (EMS) command:

Get-ActiveSyncVirtualDirectory –Server <Exchange 2007 CAS server name> | Set-ActiveSyncVirtualDirectory –ExternalURL:$Null

You can read more about coexistence at Microsoft’s TechNet site.

2. Non-provisionable devices
TheExchange ActiveSync Mailbox Policy contains a setting called Allow Non Provisionable Devices. This setting -- which is disabled by default -- controls which mobile devices are allowed to establish ActiveSync connections with Exchange. If the setting is enabled, any ActiveSync-enabled device can connect to Exchange. If the setting is disabled, devices will only connect if they can be automatically provisioned with all of your ActiveSync policy settings.

Get more iPhone tips

Learn about connecting an iPhone to OWA>

The iPhone technically qualifies as a non-provisionable device because a number of ActiveSync policy settings cannot be applied to it. If you’re having difficulty connecting an iPhone to Exchange, or if you find that some ActiveSync policy settings are being ignored, compare your company’s ActiveSync policy settings with the ActiveSync settings the iPhone supports.

3. Heartbeat intervals
ActiveSync is based on Direct Push technology. Direct Push uses heartbeats to keep an HTTPS session open even when data is not actively sent or received. 

Mobile devices send requests to the CAS, asking to be notified when new items arrive. Requests are valid for a set length of time. The request validity period is also known as the heartbeat. If data is not received from the server within the request period, the device issues another request and another heartbeat occurs, keeping the session alive.

Exchange Server 2010 uses dynamic heartbeats. Exchange 2010 also defines both minimum and maximum heartbeat intervals. The mobile device usually starts with a short heartbeat interval and gradually works up to a longer interval once the session proves stable.

Normally, there’s no reason to change the minimum and maximum heartbeat interval values; Microsoft actually discourages altering the default values. According to Apple however, if an iPhone has difficulty with the existing heartbeat settings, you should set the maximum heartbeat to 59 minutes.

You can find more information on how heartbeats work at TechNet. Additionally, TechNet has instructions on adjusting heartbeat values if you need to do so.

4. Firewall timeouts
An iPhone may experience ActiveSync timeout issues unless all of the firewalls between the iPhone and the CAS are configured with a timeout period of 30 minutes or longer. The method to adjust the timeout depends on your firewall.

5. IP address settings
Some iPhone users find that their devices works well when connected to ActiveSync over the Internet, but that mail flow stops when connecting over corporate networks. This problem is usually traced to a domain name system (DNS) setting.

Your CAS must use a consistent IP address and a fully qualified domain name regardless of how the iPhone connects. If your internal DNS server provides a different IP address for the CAS than the one listed by external DNS servers, mail flow may cease until the device is no longer connected to the corporate network.

The iPhone is generally a solid ActiveSync client. However, every network is different and it’s possible that settings unique to your network may cause problems for iPhone users. If this happens, you can probably trace the problem to one of the causes described here.

Brien Posey
is an eight-time Microsoft MVP with two decades of IT experience. Before becoming a freelance technical writer, Brien worked as a CIO for a national chain of hospitals and healthcare facilities. He has also served as a network administrator for some of the nation’s largest insurance companies and for the Department of Defense at Fort Knox.

Dig Deeper on Apple iOS in the enterprise