Fix for iPhones not playing nice with ActiveSync

Kudo’s to Avi for the solution, write-up and persistance…


I didn’t think we were ever going to get to the bottom of this issue. Web forums and support sites offered little in assistance to the fix, in fact, many people are still baffled, and have thus not resolved the issue. The symptoms were as follows:

  • iPhone received messages intermittently, if at all
  • Contacts and Calendar items did not sync at all
  • iPhone received messages/contacts/calendar updates successfully when Outlook was online, and logged in as the respective user
  • iPhone received a certificate error when creating an account


Not much to go on for troubleshooting, many people were successful in resolving the issue by applying an Exchange registry fix on the Exchange server that changed the anti virus scanning behaviour (proactive scanning) with the information store and mailboxes, but that fix was unsuccessful in our scenario. We also tried custom settings in the ActiveSync policy, remembering that there was an issue with Exchange 2007 and the iPhone 3G to do with hardware encryption, but alas, no luck. I tried everything under the sun, apart from ordering new iPhones and upgrading to Exchange 2010 🙂 After exhausting all avenues, I was browsing around on the Exchange server contemplating a career change when I noticed that the Exchange server had multiple IP’s, and then remembered that for ‘RPC/HTTPS’ to work successfully on an Exchange server with multiple IP’s, the server had to be configured as a ‘back end’ server in an Exchange Topology. The hamsters in my brain were starting to wake! I then remembered Sean and I had to apply a very custom fix (involving IIS virtual directories and registry hacks) on an Exchange server sometime back that was configured as a ‘back end’ server, but was unsuccessful in getting ‘Outlook Anywhere’ to work with the configuration, something to do with not having a front end server available, and ‘forms authentication’ enabled. EUREKA! I thought I would try the very fix that helped another client out of a bind, I referred to the following article:


“Exchange Server ActiveSync and Exchange Outlook Mobile Access (OMA) use the /Exchange virtual directory to access OWA templates and DAV on Exchange back-end servers on which the user’s mailbox is located. Server ActiveSync and OMA cannot access this virtual directory if either of the following conditions is true:

  • The /Exchange virtual directory on an Exchange back-end server is configured to require SSL.
  • Forms-based authentication is enabled.

This issue does not occur when you enable these settings on the /Exchange virtual directory on a front-end server.”


I performed the fix under ‘Method 2’ in the respective Microsoft article, and voila, the iphones started syncing successfully without having Outlook running!


What baffles me are the following:

  • Why did it stop working all of a sudden?
    • I suspect that the iPhone was the first piece to break. After a server reboot while onsite, ‘Outlook Anywhere’ broke as well. I suspect this had something to do with either a patch or something else that was enabled in the background.
  • Why didn’t it effect ‘Outlook Anywhere’?
    • Well, actually it did. I rebooted the Exchange server and ran into issues where some staff were unable to log back into ‘Outlook Anywhere’, until after I applied the fix above. I suspect the issue sat there dormant, and when I rebooted the server, the issue came to life.