VMware Workspace ONE Community
NickEales
Enthusiast
Enthusiast

Exchange Activesync on-prem and IOS 12

We're using Exchange 2013 on-prem with activesync certificate based auth for about 8.000 iPads and are having numerous issues since the update to iOS 12 and 12.01 where the existing activesync policy is just blocking access for no reason.
Labels (1)
9 Replies
jbarzFunk32
Enthusiast
Enthusiast

I'm having similar issues with user authentication. We currently are showing if a user changes their password on a computer, their phone is no longer prompting them in th iOS Mail app to update their password, so essentially users are forced to go deep within Settings to update their password. But since there is no prompt, they are contacting our Help Desk for assistance.

At first I thought our issues were associated to us migrating our domains over to PING, but I just tested an iOS 11 device and am receiving the proper prompt. I confirmed 12.0.1 is also experiences this issue and testing 12.1 beta 3 shortly. Might have to open a case with Apple as it's a huge inconvenience for users and IT staff.
Reply
0 Kudos
NickEales
Enthusiast
Enthusiast

I have found out what the issue is. The IOS 12 native mail client has drastically changed its authentication, fallback and error handling methods. With our example historically the password field in the exchange profile had some characters in it, IOS 11 just ignored these characters and accepted the certificate before looking at other credentials. Now in IOS 12 the password is being used before the certificate was checked resulting in a failed authentication but instead of returning the usual ' enter your password'  dialog like in IOS 11 it now returns a vague ' cannot connect to server'  message.

Reply
0 Kudos
jbarzFunk32
Enthusiast
Enthusiast

I have done some testing and confirmed that 12.1 beta 3 resolves this problem. I'll be reaching out to Apple today to see when they think 12.1 will be released.
Reply
0 Kudos
ElizabethB
Contributor
Contributor

We appear to have this same problem in our environment too.  If you get any answers from Apple can you please post?  Thank you!
Reply
0 Kudos
GeorgeFrancis
Contributor
Contributor

We have the same issue and have logged a ticket to AirWatch. Please let us know if you hear any more. I tested also without AirWatch on a personal device and changed my Office365 Exchange account password. On my 12.01 device there was no prompt for the new password. Our corporate devices have account restrictions enabled in an iOS profile which means the user cannot go into passwords and accounts on the device to change their password.

Reply
0 Kudos
ThomasCheng
Enthusiast
Enthusiast

Nick E., I have similar set up like yours (Exchange 2013 and SEG with certificate based authentication.) However, I'm not experiencing any of this issue. I changed my AD password yesterday and didn't get prompted to update on two of my devices in two different environment.

' Now in IOS 12 the password is being used before the certificate was checked resulting in a failed authentication but instead of returning the usual ' enter your password'  dialog like in IOS 11 it now returns a vague ' cannot connect to server'  message.'
Reply
0 Kudos
MarkVdovydtchen
Contributor
Contributor

We seem to be experiencing a similar issue with off-prem hosted Exchange services without SEG. Users don't get a prompt on iOS 12 and iOS 11 after changing their AD account password. It's been a rough week having to deal with waves of users that need to have restrictions turned off so they can manually update the password under Passwords & Accounts.
Reply
0 Kudos
CharlesTchia
Contributor
Contributor

I think the no prompt for EAS password was implemented since iOS 11 - https://support.workspaceone.com/posts/115006781567
Reply
0 Kudos
TitaKong
Contributor
Contributor

We are experiencing this issue with O365 on iOS 12.1 and 12.1.1.

Reply
0 Kudos