iPhone 2.0; Welcome to Exchange!
Published Jul 11 2008 11:04 AM 9,958 Views

If you've not heard; Apple released iPhone 2.0 today which includes a software update to the existing iPhones in the market (yes, we mentioned it when it was announced as well).  We're thrilled to add them to the family of Exchange ActiveSync licensees that enable all sorts of devices to connect to Exchange Server.  For those of you that manage Exchange Servers this means you may see some new devices connecting and we wanted to give you a few notes about what to expect.

What iPhone looks like from an Administrator's perspective

From the server side, you need to look at a user's device from the Exchange Management console (EMC):

From the user screen you can scroll though any devices the users has connected to their account (iPhone circled here - note that the version number will vary by iPhone firmware version, we took this screenshot with beta firmware):

Users using OWA will see their iPhones showing up in the Options > Mobile Device screen as shown in the image below:

Note: If you want to look for connections in your IIS server logs you can do a string search for "Apple-iPhone".

How do I find out more info on what policies the iPhone supports, how it connects to your server and other administrative questions?

Apple has published an Enterprise Deployment Guide for organizations that are deploying iPhones.  This is where you should look for Administrator info on the technical side of what Apple has created.

How can I see how many iPhones are connecting to my server and which users have them?

To see how many users have iPhones and who they are, go though the following steps:

First you need to open an Exchange Management Shell window and execute the following command:

export-activesynclog -Filename:<IISlog dir>\*.log -outputpath:<output path>

An example is shown below though we just parsed one of the logs for simplicity.

Now open the file Users.csv in Excel.  Below you can see the first three columns of this spreadsheet that we're sorted by column C (circled).  You can see that by doing this you will be able to see all the iPhones grouped together and their owners will be listed in column A (circled):

What are your experiences?

So now you know what the iPhone will look like connected to your servers using Exchange ActiveSync (instead of IMAP) and how to find out who is using them in your organization.   We're glad to have Apple connecting their devices to Exchange Server and hope you have fun using these tools to stay informed about when iPhones connect to your Exchange Server.  We're always looking to hear how people are using our technology and we'd love to hear your experiences; are you seeing iPhones show up in your organization?  What experiences are your users having?  Let us know.

Adam Glick

101 Comments
Not applicable
For those of us who don't have one to test with, is there anywhere we can see what setup looks like from the phone perspective?
Not applicable
In your export-activesync command, the switch -output should be -outputpath as is shown in the screenshot.
Not applicable
It's a terrible shame that the iPhone has less EAS problems than a Windows Mobile 6 device ... e.g. the iPhone doesn't dork up Outlook's reminders on the desktop after syncing!  Do you know if the WM team is actively working on this?  This is a problem with multiple brands of WM6 devices, and it's a gigantic pie in MS's face ... IMHO.
Not applicable
Will SCMDM have support for the iPhone in the future?
Not applicable
Lee: Thanks - fixed that!
Not applicable
Great information, and I have to say that the implementation is very well done... even in spite of it being an Apple product! *grin*

Once again, Microsoft demonstrates the abilities of Exchange in all its blazing glory, and I'm happy to be an Exchange admin! :)
Not applicable
I tried to set up my Iphone to push email and calendar. when I try to access email the MS Exchange keeps saying my password is incorrect even though it pushed all my calendar info through to my phone. Help!
Not applicable
Thanks for the post guys, it answers some questions we had about how it would integrate and show up!

Would you mind commenting on or making a new post about this? Our TAM tried to get an answer on some Exchange DLs at MSFT, but came up with nothing.

http://gizmodo.com/5018051/most-sprint-phones-getting-exchange-and-lotus-notes-corporate-email

We're afraid this will be a very easy way for our clients with Sprint phones to bypass our EAS security policies if this service ies into OWA using only thier DOMUser & Password instead of using EAS to get their mail. This would be a huge security risk to us. Thank you!
Not applicable
Will there also be Task-Syncing on iPhones in the near future?
Not applicable
Any comments on how the remote wipe function works from both the server and the phone aspect? There were issues with the iphone doing a wipe not really erasing the data as is, that is supposedly fixed in 2.0, but how does the exchange portion work? How is the data stored on the phone? Is it encrypted? If so what kind of encryption is used? It's possible to pull data from the iphone using ftp if it's jailbroken.

Can you guys expand some more on it?
Not applicable
Couple of answers in one.

Jim:  I can't comment on what Apple will support in the future.  It's best to ask Apple if they will support MDM as it uses a public standard (OWM-DM).

bday:  This would really be a separate conversation but if they are "screen scraping" OWA then there is little Exchange can do there.  From an admin stance you can block those requests at your firewall looking at the IP address they are coming from (as they use an aggregating server) or you could look at the user-agent string.  This is the same thing BlackBerry Internet Service (BIS) does so if this is a concern you might want to look at how your company deals with that kind of access to your Exchange Server.

Roman: Task sync is in the protocol, it is up to Apple to choose what features they implement.

TJ: Remote wipe form the Exchange Admin/OWA side is the same as any other EAS-enabled device.  From the device side you would have to ask Apple if they are using encryption and if they do a secure wipe.  (note: their Enterprise deployment guide says the wipe can take over an hour so that might give you an indication but you should ask Apple for certain.)
Not applicable
The first cmdlet shows *.log, but I have been unable to get that to work.  I noticed in the screenshot that a specific file name is used.  Does the -Filename actually accept wildcards?

Not applicable
How about those of us still living with a FE/BE Exchange 2003 SP2 config?  I'm researching now how to support this but your site is always a time saver.  We currently have a 4.1 BES so I have never used Exchange to natively push/pull messages from PDAs.
Not applicable
Hi KW,

I would like to know that too. How do you get the commandlet to parse all logfiles and not just one. Using wildcards doesn't work. Get the error:

Export-ActiveSyncLog : Cannot bind parameter 'Filename'. Cannot convert value "D:logfilesW3SVC1*.log" to type "
System.IO.FileInfo". Error: "Illegal characters in path."

Franc.
Not applicable
We started production deployment of ActiveSync via ISA and Exchange 2007 SP1 on WM6 phones a couple of months ago.  We have a few iPhones to test with and a bunch of people who want them, but it does not look like the iPhone 2.0 OS supports certificate based authenticaion.  Have I missed something?  Working my way to getting a cake.

Steve
Not applicable
Ok as a new iPhone activesync user I'm having problems with our server failing to sync dozens of calendar items.  I've tried both push and fetch and turned the calendar off then on several times but get the same series of warning emails each time "synchronization with your iPhone failed for 36 items."  Then there are no logs to say why.  Any suggestions?  
Not applicable
Congratulation on getting Exchange ActiveSync working amazingly well for a version 1 release.  Great job.
Not applicable
@lee: yes, there is an app that will let you see the iphone client-side.

it is the (free) iphone sim that apple makes available as part of the sdk.

all u have to do is install it ... on your mac ;-)

enjoy.
Not applicable
How would you go installing the Microsoft Certificate on an iPhone 2.0 since we don't have public certificate installed on our front-end server?  Thanks.
Not applicable
If remotely wipe an iPhone do you also remove any data stored on the device (music, data, etc.)?
Not applicable
The show command will not work.  To get the output of all logs try this

Dir <IISlog dir>*.log |Export-ActiveSyncLog -outputpath:<output path>
Not applicable
If you do a remote wipe of an iPhone/iPod touch it will in fact remove all data stored on the device such as music etc.  I tested it on mine :)

Not applicable
From teh Apple deployment guide;

The following Exchange policies are supported:

*Enforce password on device
*Minimum password length
*Require both numbers and letters
*Inactivity time in minutes

That's it? No encrypt storage? No wipe after # failed password attempts? No disable camera? Yikes.

Can someone update your fancy chart of WinMo 6.0 and WinMo 6.1 and what policies are supported under Exchange 2003, Exchange 2007 RTM, and Exchange 2007 SP1..... and add the iPhone? :)
Not applicable
What about push updates for folders other than Inbox?  Meaning, if you have rules set up to automatically file emails based on sender or other criteria, it seems the iPhone will not notify you about new emails in these other folders unless you manually check each folder.
Not applicable
Ben, that is the same behavior as Windows Mobile 6.0 and 6.1. I kind of like it that way. I filter junk I don't want to be notified about into non-Inbox folders. :)
Not applicable
@bday
Sub-folders of the Inbox aren't being pushed to.
Not applicable
bday-
I do the same, however many of our users do the exact opposite - they set up folders for things that are important and have rules to put things in there.  That way, they can easily glance at their folders to get a breakdown of outstanding issues.  It's important to have the option to select which folders to push to.
Not applicable
@ben, ok I gotcha. So you're just trying to find out if you sync other folders besides Inbox? In Outlook the option to choose what is sync'd or not is called "manage folders", but I don't know if it exists on the iPhone, or what it would be called.
Not applicable
How about blocking the iPhone from Exchange?  Is it possible?
Not applicable
On WM5/6/6.1 you can uncheck "this server requires a encrypted (SSL) connection". but I can't find that on the iPhone.  Is that a option?  If not is there a easy site that explains how to enable this without messing up what you have?  We are using ISA with forms based authentication to a Exchange 2003 FE, OWA uses SSL just fine and I'd hate to ruin that so two iPhone users can get there mail.
Not applicable
I'm having the same issue as Ken Merrit. I set up everything and my calender will sync and everything appears happy at first. Then the dreaded "Password is incorrect" pop up appears and no matter how many times and variations of passwords I've tried it will not sync the mail portion. Any IDEAS pleeassseee...
Not applicable
@ZFlan : If you have multiple email addresses, make sure that you are entering your primary email address. Also, for the username, make sure that you have "domainusername", with the correct slash.
Not applicable
iPhone 2.0 active sync crashes my phone.  I have 5,000+ exchange contacts and it crashes my phone.  When I turn off contacts syncing the problem goes away.
Not applicable
DF: You can use the information in this blog entry and the ones posted earlier here:

http://msexchangeteam.com/archive/2005/03/28/403047.aspx


and here:

http://msexchangeteam.com/archive/2006/03/03/421149.aspx

to parse the IIS log files on an E2K3 server.


Steve: Regarding configuration of Certificate Base Authentication, that would best be answered by Apple.  Have you reviewed their iPhone Enterprise Deployment Guide?  Here is the link:

http://support.apple.com/manuals/#iphone



Doug: Regarding the calendar sync issue.  Perhaps you could open a case with Microsoft on this?  There are logging features in Exchange 2007 SP1.  You can send these ActiveSync logs from the server, by logging into the mailbox in OWA, going to Options > Mobile

Devices > and there should be an option here to send logs to your account.  These may be helpful.



Daniel: You need to use the iPhone Configuration Utility.  For more information review the link I gave Steve above for the iPhone Enterprise Deployment Guide.



BDay: we can't update that spreadsheet with non-Microsoft devices due to the fact that Exchange Licensees may add/remove/change the way they support sync policies.  You need to contact each individual licensee to confirm what they support.  Apple explains the

policies they support in their iPhone Enterprise documentation linked here:

http://images.apple.com/iphone/enterprise/integration.html


Allan: Your users should be able to use SSL to connect to their Exchange server in the configuration you mention.  If not then there is a misconfiguration in your environment.  That said, I'm unsure how to configure the iPhone to connect without SSL.  Is it

failing?  You may need to contact Apple for that information.


Tad: You'll have to contact Apple with that issue.  It's the first I've heard of that.

Not applicable
Thanks for the post Chad. Unfortunately I only have one email address. This is my company email. I also used the correct domain and username. It almost has to be a bug because the phone verfication works fine and my calender syncs just fine. It's only the mail portion that's giving me problems. Everytime it tries to sync it tells me that the password was incorrect and lets me type it again, but no matter how many times I enter it (correctly) it fails to sync. What's worse is it ends up locking up my account on the server after a certain number of failed attempts. I'm going nuts!!!
Not applicable
I would like to know if you can stop the iphone data roaming automatically like you can in WM6? This is to prevent users accidently data roaming while travelling abroad or more likely near a border and accumulating huge data fees? This is an important function I can find no information about. It will basically stop me issuing the iphone for my company if this is not available. It has caused issues in the past with Road Sync's Activesync.
Not applicable
Same exact issues as SFlan. Ugh.
Not applicable
everyone knows where I can find some iphone emulator?
Not applicable
I have the same issues as Mac, SFlan and Ken Merritt.  I have a ticket open with Apple but no response.  I also tried adding a co-worker's account and got the same thing.  Others in my company have not had this issue.  In fact, I am the ONLY one!  I would love to know what the issue is.
Not applicable
For the folks having issues with "password incorrect" popping up. . . I just got off the phone with Apple and for some reason changing the "Mail days to sync" from the default of 3 days to 1 week got everything working.
Not applicable
Some people still running Exchange 2003 will be interested to know that iPhone supports HTML through ActiveSync while connected to Exchange 2003.  This is something Windows Mobile 6.X only supports connected to Exchange 2007.
Not applicable
Also having this password issue. Changed mail sync to 1 week. didnt help. Any more ideas?
Not applicable
Regarding the "password incorrect" issue, I also changed the mail sync to 1 week and it still did not work.
Not applicable
Add one more password incorrect victim here.

Tried

(1) IP for exchange Active sync server and the name itself

(2) with and with out SSL

(3) 1 week and 3 days for the sync.

Whats happening?
Not applicable
On the password incorrect issue:

Looks like the account has to be set up for mobile access on the corp's activesync server.
Not applicable
We had password issues also.
If the iPhone was connected to a WAN it didn't authenticate with the Exchange server although I could see the connections in the log. when we turned off WAN, it connected ok through AT&T.
Also, on a few occasions disableenable Mobile Services (Exchange  2003) fixed it.
Not applicable
having password problems too.  emailuser do you mean that I can't connect to exchange through wireless?  And how do you disable mobile services?  Other password people - do these fixes work?
Not applicable
I am also having the password issue. Downloads the calendar on initial connection then password issues and shortly after my domain account is locked out. Would this be possibly due to not installing SP1 for Exchange yet or a certificate issue? Our IT has not dealt with mac before so are not sure how it would work at all.
Not applicable
I am having a similar issue as the password problem, only it doesn't give me any message. It comes up with an empty mailbox as if there arent any emails. If I try and send something from there then I get the invalid Password message. Exchange 2003/OWA/ISA server.
Not applicable
PRA Admin

We are having the same issue. It seems to connect to exchange but it doesn't download anything. When you manually push it it says "Connecting" then it says "Updated:" with the date.

We have logged about 16 hours trying to figure this out. I've been on the phone with Apple Enterprise support and MS Exchange support, neither have been able to help me.
Version history
Last update:
‎Jul 01 2019 03:39 PM
Updated by: