iOS devices will not connect to mobility server

  • 7018670
  • 27-Feb-2017
  • 02-Aug-2017

Environment


Novell GroupWise Mobility Service

Situation

Most iphones, ipads, iOS devices will not connect to the mobility server
Since upgrading devices to iOS 10.x, unable to connect to retrieve mail
Using default self-signed certificate on the gms server

Resolution

This issue is likely occurring because of changes Apple made in iOS 10.x.  In iOS 10.x, it is no longer possible to install/trust an untrusted or self-signed certificate when connecting to an active-sync mail server
  • The best solution is to obtain a certificate from a trusted CA and implement it on the mobility server.  Steps to assist with this can be found here
Alternatively, some have had success with the steps below, but must be done with each 10.x iOS device connecting.
Please Note:  The method below will not work unless using a DNS name to connect to the mobility server.  This DNS name must match the common name in the certificate configured on the mobility server
  1. Download the mobility certificate to save on iOS device
    • Login to the GMS webadmin console
    • Navigate to the Users tab and select any user
    • Click Edit device settings (looks like mobile device with a pencil by it)
    • Select the gear cog for Download certificate file
  2. Transfer the mobility.cer to the iOS device
    • Email the downloaded mobility.cer to an account that is accessible on the iOS device
    • Open the attachment in the email, when tapping on the mobility.cer, there should be an Install button
  3. Delete the gms account and restart the device, re-add the account when the reboot completes

Cause

Changes to Apple's App Transport Security (ATS) guidelines which requires more strict security polices

Additional Information

When using self-signed or trusted CA certificates, it is suggested to regularly check the validity/expiration on a site like https://digicert.com/help.  Here, the server DNS name is entered in to scan the the service and warn of any type of errors mobile devices may complain about