Deploying the IPhone 3G for Business, Part 2
Forms-Based Authentication, SSL and Single-Server Environments
Environments where Exchange is configured using a single server (as opposed to a front-end/back-end server configuration) can present their own challenges. As documented by Microsoft (along with details of the cause and potential resolutions), such environments will not properly support mobile device access if SSL is used to secure the related virtual directories used by Exchange and forms-based authentication is enabled.
Similarly, forms-based authentication can require additional configuration in any Exchange environment in relation to virtual directories, SSL and the use of a default domain. These issues can be resolved by implementing a front-end/back-end environment or by creating a secondary virtual directory for Exchange and adjusting the server's Windows registry to point to it.
Virtual Directory Permissions
Exchange relies on virtual directories in IIS for several pieces of functionality, including the implementation of Outlook Web Access, Outlook Mobile Access (a variation of OWA intended for mobile browsers) and ActiveSync with mobile devices. Altering the permissions or security properties of these virtual directories can result in problems or failures for accessing Exchange services from the iPhone.
Case Sensitivity in E-mail Addresses
Typically, usernames in e-mail addresses are not case sensitive, but they are case sensitive when configuring an Exchange account on the iPhone. As a result, if the e-mail address entered as part of an Exchange account has case differences from the way the address is entered in the Exchange Global Address List, users will receive calendar events as if they were event invitations to which they need to respond. This can be avoided by ensuring that the GAL entry and the e-mail address entered on the iPhone match in their use of upper/lowercase lettering.
The iPhone 2.1 Update and Exchange
Apple's 2.1 firmware update for the iPhone -- released on Sept. 12 -- included a wide range of bug fixes, security updates, and improvements for overall performance and reliability with 3G networks. It has also generated its own series of ActiveSync issues for some users. The problems seem to occur only on iPhones running the earlier iPhone 2.0.x firmware that were configured and able to successfully communicate with Exchange before the update.
Following the update, some users reported being unable to access items on the Exchange server with a "connection to the server failed" error message being displayed when trying to access Exchange items stored on the server. Over-the-air syncing also may be affected. Detailed reports of problems can be found in a thread on Apple's discussion forums.
While the problems appear to affect a number of users, it's not universal and some of the posters to the forum reported no issues after the update. Although the exact cause isn't clear from the information available so far, there do seem to be a couple of consistent points. First, problems seem to occur when an iPhone with an existing Exchange configuration is updated. Restoring rather than upgrading the firmware may be one way to avoid the problem.
Even some of those experiencing a problem have found that performing a restore operation and activating the restored phone as a new iPhone in iTunes -- rather than restoring settings from a backup of the iPhone made prior to the restore -- resolves problems completely. Note that this will require configuring the Exchange account on the iPhone again. Some users have also suggested that a full restore may not always be required and that simply resetting the iPhone can be effective. To reset the iPhone, power it off by holding the sleep button down until the Slide to Power Off display appears, then restart it.
Another tip noted by several users is that adjusting the use of the domain in a username for an Exchange account (adding it if it wasn't there originally or removing it if was) may help resolve the situation. Why the update would have changed the iPhone's behavior in this area compared to previous firmware versions isn't clear, but multiple users have reported this as a workable solution.
The following are additional resources that you should review if you are planning to implement the iPhone in an Exchange environment or if you are trying to resolve problems with iPhone access to Exchange. Many of these resources are mobile device guidelines from Microsoft; also included are resources from Apple and relevant discussion threads from Apple's iPhone in the Enterprise forums.
As I noted earlier, a full understanding of and experience with Exchange will go a long way toward making the integration of the iPhone as seamless as possible, and I strongly suggest reviewing all these resources before beginning such an integration. Smaller organizations or less-experienced Exchange administrators may also want to consider hiring a consultant who specializes in Exchange to ensure optimal configuration.
Microsoft's Exchange 2003 mobile device documentation
Microsoft's step-by-step guide to mobile device deployment with Exchange 2003 SP2 (solid and helpful, although it only specifically references Windows Mobile devices)
Microsoft's Exchange 2007 mobile device documentation
Microsoft's guide to deploying mobile devices using Exchange 2007 (again, very helpful but specifically geared toward working with Windows Mobile devices)
Microsoft Exchange Team Blog: iPhone 2.0, Welcome to Exchange!
The iPhone blog: Walkthrough: Exchange ActiveSync On Your iPhone 2.0
Apple's iPhone and iPod touch Enterprise Deployment Guide (download PDF)
Apple's iPhone enterprise support site
Apple's iPhone in the Enterprise discussion forum
Apple knowledge base articles: Setting up a corporate email server for iPhone and iPod touchiPhone 2.0 software: Exchange ActiveSync email attachments do not downloadiPhone and iPod touch: Very large Exchange attachments can cause Mail to quitiPhone 2.0 software: Troubleshooting iPhone or iPod touch Exchange ActiveSync "Push" issues