Monthly Archives: May 2016

Exchange & UPN Suffixes

I recently ran into a problem where we reactivated ActiveSync after having it disabled for years because we used a solution for mobile email that didn’t rely on ActiveSync (Good for Enterprise). We decided to re-evaluate ActiveSync, it’s improved a lot since Exchange 2003 and early versions of iOS. Re-enabling the proper settings for a couple users to test with and we were good to go (note, Outlook for iOS is awesome….check it out if you haven’t already). After a bit of testing we decided to increase the number of users using it. Enabling ActiveSync for those mailboxes is all we need to do, right?

Not so much.

I ran into a problem where none of them could setup thier Exchange account in either Outlook for iOS or Mail.app. It failed at the authenication setup. To make things more confusing my user account worked just fine, even on the same phones thier user account failed on.

A newly created test account failed in the same way, so off to https://testconnectivity.microsoft.com I went. The test the website performed an Exchange ActiveSync test and said it worked fine. Connected, authenicated, logged in, etc It’s all good, except no one can connect using thier phone, outside of a few people it worked for orginally (and continues to work for). OWA and Outlook on a PC has always worked and continues to work. It seems to be limited just to ActiveSync. At this point I’m completely out of ideas.

Check the firewall, nothing seems wrong there. Trying a more complex password, no difference. Trying a simpler password, no difference. Finally I think to try a Mac OS X based mail app that talks to Exchange via ActiveSync. Boom, it works! What in the world…..? So it isn’t an ActiveSync problem after all, or least not 100% an ActiveSync problem.

Eventually I found an error when trying one of the Autodiscover tests at https://testconnectivity.microsoft.com/ with the test account. In the past this same test had worked fine with my account, but I decided to try it with the test account. And it failed! Finally, something to dig into.

What I found was that the Auto Discover test reported:

An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

Digging into that error this was helpful, I found out the UPN suffix for my test account was set to domain.local instead of domain.com (which is what our email address is). Changed that and the test account was able to be setup on phones and devices as expected!