Using an iPhone for e-mail with Exchange Server
Written by: Mark Wilson
Whilst I’m not trying to suggest that the Apple iPhone is intended for business users (I’d suggest that it’s more of a consumer device and that businesses are wedded to their Blackberries or, more sensibly in my opinion, Windows Mobile devices) it does seem to me that there’s been a lot of talk about how it can’t work with Microsoft Exchange Server – either blaming Apple for not supporting the defacto standard server for corporate e-mail or Microsoft for not being open enough. Well, I’d like to set the record straight – the iPhone does work with Exchange Server (and doesn’t even need the latest version).
My mail server is running Microsoft Exchange Server 2003 SP2 and has nothing unusual about it’s configuration. I have a relatively small number of users on the server, so have a single server for secure Outlook Web Access (OWA, via HTTPS) and Outlook Mobile Access (OMA, via HTTP) and mailbox access (MAPI-RPC for Outlook, IMAP for Apple Mail, WebDAV via OWA for Entourage). I have also enabled HTTP-RPC access (as described by Daniel Petri and Justin Fielding) so that I can use a full Outlook client from outside the firewall.
It’s the IMAP access that’s the critical component of the connection as, whichever configuration is employed, the iPhone uses IMAP for communication with Exchange Server and so two configuration items must be in place:
- The server must have the IMAP service started.
- The user’s mailbox must be enabled for IMAP access.
Many organisations will not allow IMAP access to servers, either due to the load that POP/IMAP access places on the server or for reasons of security (IMAP can be secured using SSL, as I have done – Eriq Neale has written a step by step guide on how to do this for Windows Small Business Server 2003 and the process is identical for Exchange Server 2003).
In addition, firewalls must allow access to the Exchange server on the appropriate TCP ports – IMAP defaults to port 143; however secure IMAP uses TCP port 993. SMTP access will also be required (typically on TCP port 25 or 587). 
You can confirm that the ports are open using telnet <em>servername</em> <em>portnumber</em>.
Note that even if the connection between the iPhone and Exchange Server is secure, there are no real device access controls (or remote wipe capabilities) for an iPhone. Eriq Neale also makes the point that e-mail is generally transmitted across the Internet in the clear and so is not a secure method of communication; however it is worth protecting login credentials (if nothing else) by securing the IMAP connection with SSL.
Interestingly, the iPhone has two mail account setup options that could work with Exchange Server and experiences on the ‘net seem to be varied. IMAP should work for any IMAP server; however there is also an Exchange option, which didn’t seem to work for me until I had HTTP-RPC access properly configured on the server. That fits with the iPhone Topic article on connecting the iPhone to Exchange, which indicates that both OWA (WebDAV) and HTTP-RPC are required (these would not be necessary for pure IMAP access).
The final settings on my iPhone are:
| Settings – Mail – Accounts – accountname | ||
|---|---|---|
| Exchange Account Information | Name | displayname |
| Address | username@domainname.tld | |
| Description | e.g. Work e-mail | |
| Incoming Mail Server | Host Name | servername.domainname.tld |
| User Name | username | |
| Password | password | |
| Outgoing Mail Server | Host Name | servername.domainname.tld |
| User Name | username | |
| Password | password | |
| Advanced – Mailbox Behaviors | Drafts Mailbox | Drafts |
| Sent Mailbox | Sent Items | |
| Deleted Mailbox | Deleted Items | |
| Advanced – Deleted Messages | Remove | Never |
| Advanced – Incoming Settings | Use SSL | On |
| Authentication | NTLM | |
| IMAP Path Prefix | ||
| Server Port | 993 | |
| Advanced – Outgoing Settings | Use SSL | On |
| Authentication | NTLM | |
| Server Port | 25 |
(Advanced settings were auto-configured.)
A few more points worth noting:
- I initially got everything working using a Wi-Fi connection (after making sure that the mail server could be reached using the same name for both internal and external DNS) and then walked down the street (until I lost Wi-Fi connectivity) to test the connection over EDGE.
- Although I’m using Exchange Server 2003, the process is similar for Exchange Server 2007 and has been documented by Chris Dearie at Azaleos.
- This post relates purely to e-mail access (no calendaring, contacts, tasks, etc.) – The Microsoft Exchange Server team have written an informative post about the differences between Exchange ActiveSync (as implemented by many smartphones), IMAP 4 (some desktop mail clients) and IMAP (as implemented on the iPhone).
Posted: 23:52 on Wednesday 14 November 2007 under E-mail, Exchange Server, Windows Small Business Server 2003, iPhone.
Comments: 14
RSS (for comments on this post only)Share This
Comments
Comment from Scott McKenzie
Time: Wednesday 23 January 2008, 11:19
Hi, I’ve just finished putting together an article that shows the steps to get an iPhone running with Small Business Server 2003 including how to create the SSL certificate for the Small Business Server (non self-signed) and configure Entourage and iTunes on the user’s Mac – all of which are necessary to get the iphone syncing email, calendar and contacts securely. I’ve also added steps to activate to the iPhone itself so hopefully the article is fully comprehensive. The article can be found here http://www.o2iphone.com Hope it helps someone
Comment from dj
Time: Tuesday 25 March 2008, 17:23
Confirmed that this works well with Exchange 2003 and the iPhone.
Thank you very much for this helpful information!
-dj
Comment from Larry
Time: Thursday 5 June 2008, 22:00
There are a number of things you are not considering. For one, it is far easier to use native Windows VPN connections that allow remote users to do anything from Remote Desktop to “full Outlook client from outside the firewall.” I have scripted the VPN creation on an autoplay CD so anyone can take it home and have it installed in seconds. If you set it up with split tunnel then you can check email while browsing the web. Also, many smaller organizations use Certificate Server to created there own SSL certificates. I can import those into a Windows mobile device. How do I get it on an iPhone? If I walk thru the many articles to find all of your details I’m basically being told to reconfigure my network so someone can use an iPhone. If Apple has so little understanding of how people use Microsoft products maybe they should hire some folks who do.
Comment from Bill
Time: Tuesday 19 August 2008, 18:35
Hi Mark,
I stumbled across this article while looking for a way to connect my iPhone 3G to our company’s LAN. We have two access points; one that requires a key and offers internet access only, and one that you don’t enter a key for, but allows access based on a certificate server. I’m not a network guy, so I’m not sure how the latter works, but that’s the one I’d like to connect to so I can see webpages on our intranet website.
Is there a way for the iPhone to connect to the wireless access point that uses a certificate server?
Thanks in advance,
Bill
Comment from Ron Jones
Time: Friday 17 April 2009, 7:32
I have had customers asking for this sort of functionality with exchange. It is great to have this additional information handy.
I will be able to put this to good use.
Awesome info!
Comment from Larry
Time: Friday 17 April 2009, 13:28
Mark, yes this advice is outdated now. But, at the time I made a post last June I was getting upset at management level people buying iPhones because their teenage children told them how great they were. I eventually simply told them I wasn’t going to support them until the v2 release.
Just want to apologize to you for my remarks back then. Thanks for all of the helpful information.
Larry
Comment from RIch Pierson
Time: Monday 6 July 2009, 21:15
I’ve had no problems with iPhones connecting through our cisco asa500’s over vpn and wifi, everything works, email. calender, contacts and synchs no problem even from Honduras and the Dominican Republic where our buyers go. Our or rather my problem started as it’s my stuff, started when some higher ups bought 3.0 phones, at that point they could no longer connect using vpn over 3g, my 2.2.1 phones that I got on friday all dropped right in.
One user upgraded from 2.x to 3.x and the 3g vpn exchange part broke off the bat. I’m still puzzled why palm did not put a cisco vpn client on their new one right off the bat, thats why we have iPhones now.
Comment from Michael Clark
Time: Friday 18 December 2009, 14:29
It works fine with exchange……Thanks for sharing this helpful information with us…….!
Thanks
Write a comment
Please note the rules for comments and the privacy policy and data protection notice. I'm sorry but, because not everyone sticks to the rules, I've had to implement some spam prevention measures - if you're experiencing difficulties leaving a comment, please let me know.