1 Topic by elagil

  • elagil
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 22

Topic: ActiveSync on Android, 401 error

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): ldap
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue: none yet
====

Hello,

I am using the latest iRedMail on my Debian server. Everything is working, except for ActiveSync on the native Android Mail client. Other clients do work.

Error message on the Android device: "Cannot connect to server"

It does work, if I let it accept any certificate. I am using Let's encrypt certificates, which work fine with any other mail client and Exchange sync.

The Microsoft connectivity tool tells me:

A 401 error was received from the server, but no authentication methods are supported.
HTTP Response Headers:
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Date: Mon, 22 Feb 2016 12:29:41 GMT
Server: Apache
WWW-Authenticate: basic realm="SOGo"
Elapsed Time: 760 ms.

What can I do about that?

Kind regards,
Adrian

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,801

Re: ActiveSync on Android, 401 error

Seems your Android client doesn't accept Let's Encrypt cert.

3 Reply by elagil

  • elagil
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 22

Re: ActiveSync on Android, 401 error

Turns out, this was not the problem.

It was like this:
The mail client connects to my mail server. The mail server is mail.domain.tld.

Now, the domain name for a different domain on the same server (other.domain.tld) is supplied to the mail client by apache, while the certificate itself is served by the mail server (dovecot, postfix, ..). Obviously, the name of the domain now does not match the certificate.

What I had to do was to add mail.domain.tld to the apache vhosts and make it the first to be served by appending 000_ at the beginning of the name of the vserver config. Now, name and certificate do match.

I wonder why apache serves the mail client in the first place..