Update: 4/23/2012: Microsoft has completed deployment of the interim solution that should eliminate the need for manual server reconfiguration of the affected devices when your Office 365 server location changes. We continue to work with device manufacturers to help them resolve their Exchange ActiveSync protocol implementation issues.

Update 3/5/2012: In order to mitigate issues with some mobile device implementations of redirection, Microsoft is currently deploying an interim solution that should eliminate the need for manual server reconfiguration of the affected devices when your Office 365 server location changes. We estimate that the fix will be fully deployed worldwide by April 30th, 2012. Look for the announcement on the blog when the fix is fully deployed with instructions for reconfiguring affected devices. In the meantime, we continue to work with device manufacturers to help them resolve their Exchange ActiveSync protocol implementation issues.

This article explains how mobile devices connect to Exchange Online (Office 365) service and how the connectivity may be impacted if the device does not support certain Exchange ActiveSync (EAS) protocol requirements.

Exchange ActiveSync protocol versions

Most mobile devices that connect to Exchange do so using the Exchange ActiveSync protocol. Each successive version of the protocol offers new capabilities. (The Exchange ActiveSync article maintained by the Exchange community on Wikipedia has more details. -Editor)

Before any device accesses an Exchange mailbox, it negotiates with the Exchange server to determine the highest protocol version that they both support, and then uses this protocol version to communicate. Through the protocol version negotiation, the device and the server agree to behave in a particular manner in accordance with the version selected.

Mailbox redundancy in Office 365

In Office 365, we store multiple copies of user mailboxes, geographically distributed across different sites and datacenters. This redundancy ensures that if one copy of the mailbox fails for some reason (for example due to a hardware failure on a particular server), we can access the same mailbox elsewhere. At any given time, one copy of a particular mailbox is considered active and the remaining ones are deemed passive. When a user connects to their mailbox, they take actions on the active copy, and changes are then propagated to its passive copies.

Mailbox database failover

The switch from one active copy of a mailbox to another one stored on a different mailbox server may happen for the following different reasons:

  • Fail over  If hardware or connectivity failures arise in a site, Exchange 2010 in Office 365 automatically switches (or fails over) to a different mailbox database to ensure continuous access to your mailboxes.
  • Load balancing  If some servers are experiencing higher loads, mailboxes may need to be load-balanced across different servers.
  • Testing or maintenance  Mailbox databases may be switched when we are testing our disaster recovery procedures, or when servers are upgraded.

In most cases, the fail over and load balancing are not scheduled in advance. The process is executed automatically when the need arises, without manual intervention.

Exchange ActiveSync connection process

In Office 365, EAS devices connect to a publicly-facing Exchange Client Access Server (CAS). CAS authenticates the user based upon the provided credentials and retrieves the user’s mailbox version and the mailbox’s location. The mailbox’s location is the Active Directory forest and site where the active copy of the user mailbox is stored.

The CAS will handle the connection in one of the following ways, depending on the mailbox location relative to the location of the CAS:

  • Same forest, same site  If the mailbox is in the same Active Directory site as the CAS, CAS will retrieve the content directly from the Mailbox server.
  • Same forest, different site  If the mailbox is in the same Active Directory forest but a different Active Directory site than the CAS, CAS will redirect or proxy the device to the correct Active Directory site in that forest.
  • Different forest, different site  If the mailbox is located in a different Active Directory forest than the CAS, CAS will act differently depending on the EASprotocol version that it previously negotiated with the device:
    • If the device is using earlier versions of the protocol (EAS 12.0 and below), the connection is proxied to a CAS server in the forest where the mailbox is located.
    • If the device is using more recent versions of the protocol (EAS 12.1 and above), CAS issues a redirection request back to the device pointing it to the specific forest containing the mailbox. The device should then establish a direct connection to the new forest.

For an overview of proxying and redirection, see Understanding Proxying and Redirection in Exchange 2010 documentation.

How do devices choose which site to access?

Phones and tablets connect to Office 365 in a number of ways, depending on the device capabilities, configuration and which protocol version has been negotiated. Specifically:

  • The device may automatically discover the correct mailbox forest based on the user’s email address if the device supports the EAS Autodiscover command.
  • The user may configure the device to access a specific URL:
    • If the user enters the Office 365 endpoint URL for mobile devices (m.outlook.com), this address points the device to a number of forests that are geographically closest to user. The device then connects to one of the returned forests.
    • If the user enters a specific forest URL, the device connects to that forest.
    • If the user enters a specific site URL, the device connects directly to that site.

Office 365 contains a number of Active Directory forests, each of which contains several sites. Each forest has a default front-end site. When a device connects to a forest, it transparently connects to the front-end site for that forest.

Depending on whether the device connects to the Active Directory site where the user’s mailbox is located, the connection logic either retrieves the content directly, or proxies or redirects the device to the correct site.

Issues with redirection

More recent versions of EAS protocol support the redirection command. When a device using a more recent version of the protocol reaches a CAS in a site that doesn't contain the requested mailbox, the server responds to the request by redirecting the device to a CAS in the site hosting the active copy of the user’s mailbox. We assume that devices which advertise to the server support for EAS protocol version 12.1 and later comply with the EAS requirement to support the HTTP redirection error code.

Note: If you want to determine the Exchange ActiveSync protocol version that your device is currently using, refer to your device manufacturer’s documentation.

A problem can occur when a device claims to support redirection, but does not reliably do so. These devices cannot access the mailbox, and the user may receive a number of errors depending on the device (for example, unable to connect to server). A very small number of devices connecting to Office 365 are impacted by this failure to implement Exchange ActiveSync completely (about 1%).

Modifying the Office 365 deployment to compensate for these devices that don’t correctly support redirection would result in a degraded experience for all mobile device users. Performance for the devices is better if they connect to the correct Active Directory site directly after being redirected.

Phones and tablets that are part of the Exchange ActiveSync Logo Program support redirection and thus, do not experience this issue. We are working with a number of other manufacturers to help them support the redirection logic and fix their connectivity issues.

How to fix it?

If your users are having trouble connecting to their Office 365 mailboxes on devices that don’t fully support redirection, use one of the following methods to fix the issue:

  1. Update the Exchange server setting on your device to m.outlook.com as shown in the example below. Then, try connecting to your account and see if this change resolves the issue.
  2. If using the Exchange server name m.outlook.comdoes not fix the issue:
    1. Sign in to your account using Outlook Web App on a computer.
    2. Click Options in the top right corner and select See All Options… as shown below.
      Screenshot: OWA | See All Options
    3. On the My Account tab (shown below), click Settings for POP, IMAP and SMTP Access…
      Screenshot: Retrieving the Client Access server name from POP, IMAP and SMTP Access settings in Outlook Web App
    4. On the page that opens, under External POP setting you'll see a server name listed.

      Use the Server nameon this page for the Exchange server value on your device email configuration.

      Note: Although the setting is listed as the server name for POP, it's also an endpoint for Exchange ActiveSync.

  3. If using m.outlook.com and the External POP Settings/Server name value did not fix the issue:
    1. Go back to the main page of Outlook Web App. In the top right corner, click on the question mark next to Options and then select About as shown below.
      Screenshot: Retrieving the Host name using Outlook Web App
    2. On the About page, you'll see the entry for the Host name listed.

      Use the value next to the Host name as the server setting on your mobile device.

    Note: When you use the Host name as your Exchange server setting, you may need to update the setting in the future. As I described before, the mailboxes may be moved from one site to another, and devices that do not support the redirect command correctly will lose connectivity. If your user mailbox moves due to failover or upgrades, your site name (Host name) may change and you may need to reconfigure your device to point to the new site.

  4. Another method to resolve the issue may be to try using a different email application on your mobile device. Some EAS applications are able to properly handle redirection even on a device that doesn’t support the redirection command.

More help and resources

Katarzyna Puchala

The title of this post was changed shortly after publishing. The permalink URL may differ from the post title.

Not applicable

It should be noted that this affects organizations (like ours) running On-Premise Exchange 2010 SP2 implementations using cross-site silent redirection.  We learned that the hard way when ALL of our Android devices stopped functioning after implementation.  The workaround is the same as on 365 and we've discovered that users who have since installed NitroDesk Touchdown on their Android devices now are able to use the redirection without any issue.

Not applicable

"We are working with a number of other manufacturers to help them support the redirection logic and fix their connectivity issues"

Do you have any timeline on that?

Not applicable

@Viministrator: We can't speak for third parties about when they might release updates. Device manufacturers' ability to update devices in the field vary significantly. You should talk to your carrier or device manufacturer for details about whether they are working on a fix and when that might be available.

Not applicable

@Zerin: That's right - although this post is about Office 365, it's the same protocol and devices with Exchange ActiveSync implementations that negotiate a version of the protocol that should support the redirection requirement but don't do so will have a similar issue with cross-site redirection. Thanks for the feedback!

Not applicable

Same problem here. See, Microsoft. This is why EVERYONE is eager to find an alternative to Microsoft. Because you do sneaky underhanded things like this. Is this your way of TRYING to force your users to buy into your upcoming Windows 7 updates? This is ridiculous. If it worked before, I have every right to expect it will work for the duration of my contract with you. And if you plan on breaking it, I have every right to know before you do so I can find an alternative.

Not applicable

This has been a HUGE problem for my Android users.  M.outlook.com doesn't work for them so they are forced to use the unique host name address.  The problem is that this host name has changed 3-4 different times within the last 30 days.  My users don't realize the host name has changed until several hours later when their boss is asking them why they didn't respond to an email.  

This issue is very frustrating.

Not applicable

@Rick: Device manufacturers/OEMs write their own Exchange ActiveSync clients. See this  previous post for details.

Users can get a better experience with devices that carry the Exchange ActiveSync logo, as indicated in this post. For a list of EAS logo qualified devices, see Exchange ActiveSync Logo Program. Users can also look for third-party EAS client software which can be installed on existing devices.

Not applicable

the suggested fix on this is not working for users all over the world.  m.outlook.com does NOT resolve the issue on Android 2.3.5 devices.  Using the mobile setup wizard to find the hostname again is currently working but a manual resolution to getting mail back online and totally unacceptable.  Please make sure that people stop pointing to this article as a fix for the issue.

Not applicable

This is pretty strange. I mean, you (MS) didnt warn anyone that these issues will happen. Did  you do your verification properly before transitioning everyone over to Office365 etc?

or did you not see a reason to inform people of these issues?

We pay for a service, that was once working, and now broken.

Not applicable

This needs to be fixed asap.  I can't have 300+ users come to me everytime you guys move their mailbox to a new server.  The only way to get some android devices to work is to put the host server address in.  Everytime that changes the sync breaks and like effing zombies people start heading over to my desk.  This is a wide spread problem that needs to be addressed by Microsoft.  

Not applicable

I'm trialling Office365 with a Samsung Galaxy 10.1 and my mailbox is changing each and every day. Worst still, the tablet doesn't give an error message, it just doesn't receive mail. I certainly won't be converting the trial to a paid subscription, even though the issue appears to be with the tablet. I have it now and can't return it...

Not applicable

I have Galaxy SII and had a great deal of difficulty getting it sync with Exchange online - now that it is working -for email - it is sporadic with calendar entriees - does not always sync them... this is a major problem for me - what can i do?

Not applicable

have Galaxy SII and had a great deal of difficulty getting it sync with Exchange online - now that it is working -for email - it is sporadic with calendar entriees - does not always sync them... this is a major problem for me - what can i do?

Buy Touchdown from NitroDesk to use instead of the built in email client on the phone

Not applicable

Regarding the april 30th fix, will it be a "complete" fix?

In other words, will the devices then be able to connect to m.outlook.com or - for instance - will it just fix so the mail configuration keeps working after failover/load balancing but you still have to connect initially with podxxxxx.outlook.com?

We're in the process of migrating our entire mail structure to Live and this could be a potential showstopper if we have to phase out all the incompatible devices first, so it would be very helpful to know the extent of the upcoming fix.

Not applicable

How does the 4/23 fix work? Anything need to be done on the client end? Should we be connecting to m.outlook.com, the POP server, or the Exchange Client Access server?

How was it fixed? Is it now using a more sensical redirection than the HTTP 451 error code it was sending before?

Will the autodiscover now work better?

Not applicable

What is the status of this fix?

Not applicable

James: Nope, you don't need to do anything on client side. On server side, when your mobile device connects and if your mailbox has moved to another server, the requests from your device will be passed on to that new server. You can connect to any server name in Office 365 (i.e. m.outlook.com, 'pod' or host based names as mentioned in the blog post above), the new mechanism will work for you in all three cases.

Solko: Read 'Update' from 4/23/2012 posted at the top of this blog post. The fix has been fully deployed in Office 365.

Not applicable

@up to old tricks again:  I fail to see how this is a "trick".  Microsoft upgraded its service to give a better experience to "Everyone", but 1% of users had a problem connecting after the upgrade, and it was "their" fault, because their clients had a legacy defect which was not detected until now.

BTW, the defect in Android is fixed in 4.0.4, according to the Android support site.  

And in the meantime, Microsoft even decided to use a "non-standard" solution to please as many users as possible.

that's good customer service, not tricks!