Snow Leopard with Exchange support not working

Well, my admin applied rollup 5 to the Exchange server and Mail was able to set up the connection and Mail, iCal and Address Book work just fine.

10.6.1 update does not fix it.

Is it some thing to do with encryption or security settings from Excahnge server? (similar to iphone 3g problem widely reported?

Ridiculous!

nextdoor wrote:
Hi jhrichmond

I haven't tried any of these but it looks like you can do it.
http://lifehacker.com/5284904/google-apps-sync-syncs-outlook-with-gmail-google-c ontacts-and-calendars
http://lifehacker.com/5193636/go-contact-sync-keeps-google-and-outlook-contacts- matched
http://oggsync.com/
http://www.daveswebsite.com/software/gsync/

Hi Nextdoor
I have tried out and now bought gsync from daveswebsite.com (cost about £10)
It is not perfect and I had to deal with a number of conflicts the first few times it tried to sync backwards 5 years of calandar appointments - but maybe that is to expected with older data like that. Now it is up and running it seems pretty stable - and most imprtantly - it syncs my contacts to google too. So now I can get contacts and calandar from google down to my imac address book and iCal applications.... All seems to be working

So a very BIG thankyou for your very helpful suggestions. This workaround will keep me happy until google come up with simple sync for contacts, to match their one for calandars. Or maybe Apple will put something out that lets Address Book and iCal sync with Exhnage 2003 - 'though I guess this is less likely as it is going backwards in their eyes...

Thanks again

HI jhrichmond

Thanks for posting back. Glad it worked out. I love this Apple community - never seen anything in the PC world where people share their knowledge like this. Much as it's frustrating when the world is relatively Mac unfriendly, as seen in this thread on Exchange, I think being a minority group has a positive effect on the helping culture. All the best!

Sorry I am not the one with any help here. I am a network admin with my own exchange server, we use Microsoft Business Essential server. For those of you that are talking about exchange 2003 it will not work, but I do have exchange 2007. I bought this mac because some of my customers were starting to buy them and I figured I better buy myself one so I could learn how to support some of my clients. Most of my clients are all using windows servers and workstations but they bought macs mostly for home use but they still want some access to their email, etc. entourage was a disaster with exchange 2007, I spent hours and could not ever get it to work. Any other Network admins out there that can chime in would be appreciated. I can view my logs on the ISA server and it does not seem to be blocking anything. To use my mac for work I have to have windows in boot camp or vmware. It seems Apple would have some guidelines somewhere for network admins. there must be some settings on the server side? I have tried all kinds of different credentials and authentications using domain\username https:// owa address or using my iphone settings as well.. NOTHING WORKS!!!! Anyone know where those forums might be? I'm not buying this "It just works" Nothing is easy

Okay, so I said I would report back when I had something to report. ahem...I have something to report. 😉 It's fairly technical, so keep that in mind.

Here at the university, we run our Exchange server behind an ISA firewall and have different firewall rules for Outlook Web Access, ActiveSync, Outlook Anywhere, etc., with some rules configured for Basic authentication, some for NTLM authentication, and some for SPNEGO (Kerberos) authentication. (This is a normal, "best practice".) Which authentication mechanism is used depends on the service; for example, Outlook Web Access and ActiveSync both use forms-based authentication, but ActiveSync can only handle Basic auth whereas OWA can handle both Basic and NTLM auth. Outlook Anywhere / Exchange Web Services should be set up to use HTTP authentication and SPNEGO (or "Kerberos-constrained delegation") so that applications like Outlook don't have to ask for your password every time they start; it just passes your logon Kerberos ticket to the ISA box, and ISA authenticates you to the Client Access Server with that ticket. Anyway, both OA and EWS sit behind an ISA rule that requires SPNEGO and HTTP auth.

It seems that this was just too much for Snow Leopard's built-in Exchange support to handle. To test this, I decided to modify one of the rules using Forms-Based, NTLM auth to include the /EWS/* path. Once this was applied, I started Mail.app and gave it a bogus email address to "break" autodiscover. (I needed to specify a completely different FQDN, since in ISA a Forms-Based web listener and an SPNEGO web listener cannot use the same IP address and thus have two different FQDNs.) Mail.app then let me type in the "correct" server, etc., and everything verified correctly. I now have Mail.app, iCal.app, and Address Book.app running, and seeing all my Exchange data in each one.

Another scenario is that perhaps Snow Leopard needs Forms-Based authentication instead of HTTP authentication, which also applies to this set-up: OWA uses FBA auth, whereas OA and EWS use HTTP auth.

Summary (aka tl;dr): Somehow Snow Leopard's Exchange support breaks horribly if EWS is only configured for Kerberos authentication, as in my scenario, or perhaps because 10.6 needs to use forms-based authentication instead of HTTP authentication. Neither of these should cause this problem though, since Entourage handles SPNEGO/HTTP Auth properly, and Firefox can view the EWS WSDL file ( https://your_server/EWS/Services.wsdl) but Safari.app (on OSX) crashes hard, just like Mail.app.

One of our help desk analysts has been talking with an Apple support person, so the next time they communicate this issue will be raised.

Hope this helps someone else out there.

--seth

How it can works? When you have this expirience, pls send m=it to me. I tired everithing: IMAP on SBS 2003 incl. EXCH 2003 enabled, SMPT enabled and when i go to mail.app it says every time that my password is not correct. But I am accessing the OWA with the same password without any problem.

Thank you in advance!
Stefan

ok ... so I have SL running fine now, and I can use Mail.app internally with no issues using Exchange 07. I am unable to connect outside of the network though. Our company is using OWA from Exch 07 and I can connect to that with no problems. What settings do I need to reconfigure, and what should I be asking our Email admin (who is helping on this issue) what we should look for?

Quick contribution.... I just installed windows 2008 sbs with exchange 2007 SP2..... my two mac´s are using SL and almost everything´s running ok..... Mac Mail can connect and can sync perfectly, address book works like a charm, iCal at the beggining didn´t worked but I found out that "time zones" where making me crazy.... the only thing missing that I do not know if that´s an exchange or a apple problem.... everytime I open one of my notes, it starts to duplicate every minute, so at the end I finish up with 10 notes.... my "to do" syncs fine, but Mail Mac displays at the top of the "to do" that I have double imcomplete taks of the ones I have... also... when composing a new mail, in the "To:" if I type the name and middle name of one of my contacts, i will not get a result...... are all this apple bugs?,, or exchange configuration???

I was able to work around the problem where Mail would crash immediately when you try to configure an Exchange account. Details over here...

http://discussions.apple.com/messageview.jspa?messageID=10372572

Interested in how you got Cisco VPN to run after 10.6 upgrade, can't get it to run, error 51. Every time I enter NHS.net account details into mail it crashes probably as the VPN client is not running. At least I hope that is the cause.

Using autodiscovery, I got Mail working with Exchange 2007 within our LAN with ease.

To access from outside the LAN, it's a different story. Our company uses a MS ISA 2006 Server for OWA (Outlook Anywhere).

I've taken a look at its configuration and a "Publish Outlook Anywhere" rule is active, wich contains the ews path, pointing to our internal Exchang server, being the CAS server as well.

Unfortunately, I can't get this working within mail from outside our LAN. I also entered our external mail server in the Mail account settings, but no luck.

I've also read that Mail doesn't support RPC over HTTPS, can someone confirm/deny this?

That would probaly the reason why an iPhone works without a hitch. MS Entourage 2008 works also fine, but still have some certificate importing problems.

Of course, our employees can use VPN as well, but they want to access their mail/calendar/contacts a little easier. 😉

Also refer to TomG26's comment. I, to got all 3 applications working relatively easily from within the office, but cannot get remote access to work. OWA works via a browser, so I know it's on. I've tried MANY configurations of the name including the specified webmail.[domain].com/owa, and SSL (required) is on. I'd appreciate any suggestions because I'd hate to go back to Entourage. 😟
Peter

Ok, follow-up on my previous post: I found the solution.

On the Exchange 2007 CAS server of your organization, you have to enable "basic authentication" on the EWS application pool in IIS.
Apparently that's required for the ISA 2006 server to communicatie properly to IIS.

When enabling, IIS warns about transmitting of cleartext passwords.
But since all communication goes over HTTPS (SSL), it shouldn't be something to worry about, I think...

In the meantime, I've received dozens of compliments from employees and students for this solution. 🙂

TomG26 - what address did you use in the external address field?