Apple Mail mit Microsoft Exchange Server 2010 verbinden

24. June 2010

ships with out-of-the-box Microsoft Exchange Server support for version 2007 and above since a while now.

Despite this announcement and numerous, partially contradicting posts on various blogs we kept failing to set up exchange profiles on our Macs. Beforehand, it is worth mentioning that we already successfully connected all sorts of clients to our , among them even iPhones. Hence, we didn’t consider a network based or server side configuration issue as a possible cause.

Autodiscovery was also working, the Apple Mail profile wizard presumably successfully configured the exchange profile, but when syncing the account with the server the password dialog appeared again and again pretending that the login information specified was wrong.

Our first suspect was, that the certificate we used for the SSL connection was not accepted. Since the Macs are not part of the Windows domain, the domain controller certainly is not recognized as a root certificate authority, and as such the the Macs won’t trust the used certificate. Nevertheless, registering the root certificate on the Macs didn’t have any effect.

Neither the exchange server nor Apple Mail was particularly verbose in telling the actual reason, hence we were left off with trial & error. Anyways, sooner than expected we ran out of ideas and non of our attempts showed any progress on that issue. We switched from our heuristic approach to a more structured one, and once again Wireshark came to our rescue.

Rather quick we were able to see, that it actually were the authentication attempts that were failing on the server, synchronization hasn’t even begun yet. The cause for this was resolved as quickly as it was found. As per the default settings the exchange server only accepts integrated windows authentication as a valid authentication method, i.e. either NTLM or Kerberos authentication. Apple Mail apparently doesn’t like this much (interesting that iPhones do, on the other hand) and we had to enable basic authentication on the server as well. Since all data is SSL encrypted anyways, this isn’t much of a security issue, and we just went ahead and did that change.

IIS Settings Panel

Another connection attempt from the Mac immediately proofed success, Apple Mail started syncing data!

Tags: ,

Click to send this page to Twitter! Click to share this page on Facebook! 

  1. Harald Vogl
    25. June 2010 at 14:20 | #1
    Reply | Quote

    Super! Jetzt funktioniert alles.

  2. Michael
    30. June 2010 at 10:08 | #2
    Reply | Quote

    Thank you. That setting did the job!

  3. brian
    9. December 2010 at 18:39 | #3
    Reply | Quote

    Once you made this change, did you have to restart IIS?

    • Harald Radi
      9. December 2010 at 19:16 | #4
      Reply | Quote

      Honestly, I don’t remember anymore :)

  4. Phil Brooks
    25. February 2011 at 04:17 | #5
    Reply | Quote

    Many thanks this worked for me Exhchange 2010 – Apple Mail

  5. Vassilios Vescoukis
    19. May 2011 at 15:28 | #6
    Reply | Quote

    Thank you so much.
    It was so simple…

    MS pretend they do not understand, though…

  6. René
    27. October 2011 at 19:39 | #7
    Reply | Quote

    Awesome! Worked like a charm, btw a restart is not needed.

  7. Phil
    7. February 2012 at 00:19 | #8
    Reply | Quote

    We have Basic authentication enabled on the EWS virtual directory and we still cannot connect to Exchange using Apple Mail. Oddly, we CAN connect using an iPhone/iPad. What is the issue?