Since the release of iOS6 devices there have been a variety of reported issues from people using Apple devices to connect to Exchange Server with ActiveSync. I haven’t covered the issues here yet, but fortunately for all of us several of my fellow Exchange MVPs have.
Looking for the issues with iOS 6.1? Click here
As Tony Redmond summarized in his report:
Online forums have many reports about ActiveSync problems encountered by Exchange 2007 and Exchange 2010 users after upgrading their Apple devices to iOS6. One issue is when a user apparently “hijacks” a meeting by being made its organizer after they open a meeting request, sometimes associated with delegate access to the organizer’s mailbox. A related issue might be when a user edits a meeting on their device only to send a cancellation message to all involved, even when the meeting request isn’t sent by a delegate.
Pretty serious issues, and although I have not been able to reproduce them myself it is clearly impacting many customers and causing some havoc.
Unfortunately this is not a new scenario. Paul Robichaux explains:
EAS is a fairly complex protocol and Apple has displayed a somewhat cavalier attitude towards verifying that their EAS clients behave properly. If you don’t believe me, all you have to do is look at this list of known EAS issues with third-party devices and see how many of them involve iOS.
The usual pattern for these bugs is fairly predictable:
- Apple (or another EAS licensee) releases an update.
- People start complaining in various fora that some EAS-related functionality is broken. However, these reports are only rarely made directly to either Microsoft or the vendor.
- A critical mass of reports accumulates and begins to draw attention. This is often accelerated by the opening of support cases with either Microsoft or the ISV.
- The source of the problem is identified, a resolution is developed, and everything is fixed.
- GOTO 1
Sad but true, and even though the latest “hijack” issues now have their own Microsoft KB article it only provides some information on the symptoms and this note on the cause:
Microsoft is aware of an increase in issues for meeting requests that coincided with the release of Apple iOS 6 devices. When this occurs, users that are attendees of a meeting may inadvertently become the meeting organizer.
Microsoft does provide the following suggested workarounds:
To work around this issue use one or more of the following methods:
- Recommend that users do not take any action on Calendar items, to include Meeting Requests and Responses in the Inbox, using their iOS device.
- Recommend that users not update to iOS 6 at this time.
- Block iOS 6 using the Exchange Server 2010 Allow/Block/Quarantine feature. See the following post on the MS Exchange Team Blog:
http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx(http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx)- Block iOS devices for earlier versions of Exchange Server using the following documentation:
http://blogs.technet.com/b/exchange/archive/2008/09/05/3406212.aspx(http://blogs.technet.com/b/exchange/archive/2008/09/05/3406212.aspx)- Block anyone who has, or is, a delegate from using EAS.
- Recommend a different client, such as Outlook Web Access or a third-party e-mail synchronization solution.
- Recommend the use of POP/IMAP for e-mail synchronization on the device.
Whether these are practical for your organization is a matter for you to decide, though I tend to agree with Steve Goodman on the matter:
Some people have suggested a good solution to this is to block iOS 6, however I’m not so sure. As a consultant I’m on the road a lot, and if my device was blocked then I’d be in deep water – I rely on it to keep in touch with customers and colleagues when I’m out and about. So, I don’t think blocking an update that comes through semi-automatically will win Exchange administrators any friends within their business.
So if you’re stuck in the middle ground between not wanting to block iOS6 devices, but wanting to mitigate the risks as much as possible, then you’ll need a way to communicate the issue to those users who are using iOS6 devices.
Steve Goodman to the rescue with his new Export-iOSDeviceStatistics.ps1 script. A quick and easy solution to export a list of iOS devices, their version numbers, and the usernames of the people who are using them.
Steve also covers the other major issue that iOS6 users are running up against, that Autodiscover doesn’t work. However Steve notes, as have others who have tested the issue as well, that it does work as long as the user’s UPN and email address match.
Jason Sherry writes:
Per several Exchange MVPs it seems that Autodiscover (the feature that will automatically configure you phone to connect to Exchange based on an e-mail address and password) doesn’t work in many cases with Exchange.
This has been verified by multiple people, see Clint Boessen’s blog post here: http://clintboessen.blogspot.com.au/2012/10/apple-iphone-ios6-and-exchange.html for a bit more details.
One person was able to get it to work, but only if the e-mail addresses entered on the iPhone matched the user’s UPN (User Principal Name aka e-mail like login).
All in all a rough time for Exchange administrators and customers.
Are you experiencing issues with iOS6 and ActiveSync?
Pingback: My Blog
Pingback: Apple iOS 7 upgrade - Lucid Support
Pingback: Blocking iOS7 from Exchange Server 2010/2013
Pingback: Powershell script Get all ActiveSync iOS 6.1 Devices plus mass mail
Thanks for the link back Paul! I now have a post on this current iOS 6.1 log issue here:
http://blog.jasonsherry.net/2013/02/10/ios-6-1-causing-very-high-log-generation-on-exchange/
Microsoft is going to have to add more server protection code against bad clients. iOS and Android have both had EAS issues, with iOS being FAR FAR worse, and I don’t think they will get any better. On the Android side there are so many different OS versions I’m surprised we haven’t seen more issue with them.
Hello – is it possible to limit users from enrolling more than one device on ActiveSync? Or x number of devices for that matter? If a user tries to sync more than the allowed number of devices, could the user receive a message indicating so?
Hi All,
I’m having a problem whereby changing the users domain password does not result in any prompt on the iOS device for the new password. The device just continues to sync as if nothing had happened.
This is obviously a security concern and I wondered if none else had experienced this?
David
The Real Person!
The Real Person!
Likely related to this:
http://blogs.technet.com/b/messaging_with_communications/archive/2012/06/26/activesync-disabled-accounts-and-devices-continuing-to-sync.aspx
It seems like a lot of the solutions involve updating Exchange. Does that mean iOS and/or Android weren’t to blame in the first place or has Microsoft simply implemented fixes that accommodate the quirks in the third party products. The latter seems a lot less likely than the former.
The challenges we have with iOS devices is mind boggling. We are only two update rollups back on exchange 2010, but we still constantly have issues with delegates, meetings disappearing, exponential transaction log growth, etc. We finally got to the point where we have told every iOS device user to never manage their calendar on their device, even accepting meetings.
Then you thrown in Mac clients and it makes everything even more challenging.
The frustrating part is the perception that exchagne is less stable then it used to be – back in the days of only BlackBerry devices. Now with 4 main different mobile devices connecting it has created a whole new challenge in messaging.
I can only imagine the development effort requirements on Microsofts side…
No surprise…
Every version of iOS brings new activesync problems.
Especially with meetings and delegation. It’s a foreign concept to Apple devices.
The worst part is when the iPhone users tell you Exchange is broken.
My Droid continues to active-sync just fine.