Apr 16 2022 04:47 PM
Hello Everyone,
I have a question that has plagued me for quite some time and I cannot figure out the answer.
I have my on prem exchange server working fine but I've always had an issue where connecting the account to the phones doesn't work because in the exchange server settings is always detects
domain.com and not mail.domain.com
I have a valid certificate everything is working fine
The only way I can make this work is if I cancel the connection and change the username to
domain\username and then manually put in mail.domain.com it works right away.
Normally, I live with this but I recently changed server and I rekeyed my certificate, now all my phones are prompting for a password and no matter what the password is always incorrect.
I don't want to have to redo all the phones is there any way for this to work does anyone know?
My IIS bindings all have my certificate as the working certificate (front end and back end)
Is there anything I need to do there?
Thanks
Apr 16 2022 05:24 PM
I should also add that my public DNS both have A records pointing to the correct IPs
Apr 16 2022 05:35 PM
Apr 16 2022 07:41 PM - edited Apr 16 2022 07:55 PM
A little more info (I should have mentioned this earlier)
I have 2 exchange servers (was migrating an older 2013 to a new 2019)
The old exchange server didn't / doesn't have any issues. In my firewall, if I point my mail to go to the old server the phones work properly, the autodiscover populates and everything completes correctly. If I point my firewall to the new server (2019) the mail is still able to flow BUT it never populates the mail.domain.com on the phones. Additionally, since this server has been in place the local Outlook clients keep getting a popup when they open outlook saying the certificate doesn't make the GoDaddy certificate because it is looking for localexchangehostname.domain.com
I am asking myself what the actual issue is. Why does the old server work correctly and when I point the mail to route to the new server I have all these certificate errors?
Both servers have the new re-keyed Godaddy certificate in the IIS bindings in all the same places. The new server only has the new godaddy certificate in it but not the old certificate from the old server. The old server however still has the old certificate present under certificates which still has SMTP / POP / IMAP as services installed but not IIS.
I also tried to export the exchange certificate from the old server and import it to the new server with the same roles installed and still no success
Apr 17 2022 06:33 PM
Solution@audi911 have you tried the active sync default domain setting under IIS?
compare this with existing ex2013, check if that has it
iis-default site-microsoftserver-activesync
features-authentication
basic auth -edit
default domain
realm
if these are blank, copy from ex2013 and reset iis
May 28 2022 10:29 PM
Apr 17 2022 06:33 PM
Solution@audi911 have you tried the active sync default domain setting under IIS?
compare this with existing ex2013, check if that has it
iis-default site-microsoftserver-activesync
features-authentication
basic auth -edit
default domain
realm
if these are blank, copy from ex2013 and reset iis