SBS 2011 Standard – iPhone & iPad Exchange Email

EDIT – 28/10/2011 If you just want to know the settings required to connect your iPhone to your SBS Server, look at this post.

I use an iPhone, and i have blogged before on how to use the iPhone configuration utility in order to make deployment of the phones easier for clients.

I didn’t cover the iPhone’s ability to use ‘Autodiscover’ in that post, it didn’t occur to me at the time.

It didn’t occur to me until the other day, and then i set about confirming how it works, and in what scenarios you can use it to auto-configure a clients phone.

To follow me through this post you will need:

A Small Business Server 2011 Standard (you should have run the ‘Connect to internet’ ‘Set up your address’ ‘add a trusted certificate’ wizard)

An iPhone or iPad

Internet connectivity!

Note: When i say External IP of either SBS Server or Exchange Server, i mean the address you would type if you were going to Remote Web App / Remote Web Workplace, eg. = – this applies even if you are using a third party to provide anti spam or filtering services to your email.

So, from the ‘home’ screen find ‘settings’


Find ‘mail contacts and calendars’..


Choosing Add Account.. we can then choose a Microsoft Exchange Account.


You are then faced with 5 configurable settings.


  1. Email Address (your email address)
  2. Domain (your internal domain name, i.e.. sbs.local)
  3. Username (the username you use on your office computer)
  4. Password (the password for your office computer)
  5. Description (a description of this account – i.e. Company Email)

If you fill out these details with the settings relevant to you, you can then click Next. (if you click return it will automatically attempt the next stage)


You will see at the top of the screen ‘verifying..’


This is the part that has interested me, and i went to some lengths to find out what the iPhone is actually doing here.

However if i had used my brain at all i could have guessed it actually just follows the same behaviour you can see if you run the ‘Autodiscover’ tests here (at

The iPhone will use DNS to query for your domains ‘default’ record – this is usually represented as an @ in your dns zone file.. but not something you are likely see if you are using a third party to host your DNS. Your default record like any other record translates ‘’ to an IP Address.

So for example, if you type in in to your browser, you MAY end up at your website, but you may end up elsewhere. It depends on the configuration of that record.

Suffice to say, it most likely does NOT point to your Exchange server. That is a problem.

If this query does return an IP address, then the iPhone will attempt the next stage of verification.

If you do not have an @ default record, for your domain, which is a valid configuration, then of course that query will fail and failover to query for ‘’.

At next stage of verification the iPhone will attempt an HTTPS connection to either – or

This XML file is located on your exchange server, you can see it within Windows Explorer.


You can open the file in notepad if you are interested to see the content



You may be presented with a certificate warning if you are using a self signed – or single name certificate that is not for ‘’


It will attempt to login to the server with the username and password provided. If successful – your iPhone will be auto configured for your Exchange servers address.


You can then continue to finish the setup of your account.



If an HTTPS connection fails, then the process is repeated on HTTP.

If any of the above steps fail, or cannot complete – then you will be presented with a new box on your screen, and that will be for ‘Server Address’


Of course that’s fine to just enter at that stage – but it may be useful for some to know how to get this bit to work.

So to recap – to get the autodiscover feature to work:

  • You must either point your domains @ record to the your Exchange Servers public IP address.


  • Delete the @ record from DNS and then setup a new A Host record, for ‘’ and point that to your Exchange Servers public IP address.

I am making no recommendation on which option to choose, however i personally chose to delete my ‘default’ record and nothing bad has happened.

What other things will prevent a smooth auto configure? A self issued, or incorrectly named certificate.

Now most people will know with an iPhone you can simply ignore invalid certificates, BUT this is an extra prompt, and in the spirit of removing those obstacles to your users you should consider getting a UCC certificate for your SBS Server.

SBS Server will run perfectly well with a single name certificate – in fact it is designed with this in mind.

However the price difference between a single name certificate and a UCC certificate has come down considerably so now there is a good case for using a UCC instead. If the iPhone could use the DNS SRV record method for attempting autodiscovery – like Outlook clients can, then we could stick with a single name certificate.

%d bloggers like this: