Configuring ActiveSync in MDaemon and addressing common configuration issues

MDaemon’s ActiveSync options are located at Setup -> Mobile Device Management -> ActiveSync and it’s necessary to enable ActiveSync in this location:

Once enabled MDaemon will generate an ActiveSync 30 day trial key automatically. The ActiveSync server requires a licence fee if you wish to continue using it beyond this point.

ActiveSync devices typically require a connection to ActiveSync servers over HTTPS on TCP port 443 .

As you are typically accessing your mailbox data from remote locations we’d recommend that Webmail and therefore ActiveSync) is configured to run over HTTPS at Setup -> Web + IM Services -> WorldClient -> SSL + HTTPS and that the HTTPS port (TCP 443) is opened to the Internet.

The use of a root trusted SSL certificate is also strongly recommended. MDaemon supports Let’s Encrypt which issues free root trusted SSL certificates. This guide details how this is configured.

Potential Setup or Configuration Issues:

The ActiveSync device indicates it cannot connect to an ActiveSync Server

1. Is there either an active ActiveSync trial key or a purchased ActiveSync key at Help -> Register your Alt-N Products?

2. Have you enabled ActiveSync support on the domain the mailbox resides on at Setup -> Mobile Device Management -> ActiveSync -> Domains?

3. Is ActiveSync support enabled for the account you are configuring at Accounts -> Account Manager -> {username} -> ActiveSync?

4. Does your ActiveSync licence key size at Help -> Register your Alt-N Products already match the number of accounts that are using ActiveSync at Setup -> Mobile Device Management -> ActiveSync -> Accounts?

5. Can the ActiveSync service be accessed remotely?

To test this use a web browser on a network other than the network MDaemon is installed on (for example, your mobile device Internet browser) and visit https://mail.domain.com/Microsoft-Server-ActiveSync (replace mail.domain.com with the IP address or hostname you use to access WorldClient / ActiveSync remotely)?

If ActiveSync is running correctly the web browser output should look similar to this:

If ActiveSync cannot be accessed remotely, check if it can be accessed from a client machine web browser on the local network using https://192.168.0.10/Microsoft-Server-ActiveSync (replace 192.168.0.10 with the internal IP address of the MDaemon machine).

If it doesn’t work internally either, check that Webmail (and therefore the ActiveSync service) is configured to run using HTTPS on port 443.

If it does work internally but cannot be accessed externally, the most likely causes are either that a local Windows firewall (or 3rd party software firewall) is running and enabled on the MDaemon machine and is blocking connections on TCP port 443 and an exception in the firewall is needed; or your hardware router / firewall is not configured to “port-forward” TCP port 443 connections from the Internet to the local MDaemon machine.  http://www.portforward.com/ will help with this process.

6. Confirm that you are using a root trusted SSL certificate in MDaemon and its hostname matches those defined in the certificate. Apple iOS devices no longer let you trust either a self-signed SSL certificate or a SSL certificate that has a hostname that does not match the Server value you’ve defined on the device.

The ActiveSync device indicates that the username or password is incorrect

If the username and password combination you have configured on the ActiveSync device have been verified as correct (for example, try logging into Webmail using the same details) then the most common cause of this problem is that on the ActiveSync device both the “Domain” and “Username” values contain domain.com portion of you email address.

For example on an iPhone or iPad you may have the following..

It’s important that your ‘username’ value is only the bit before the @ sign in your email address as the iPhone or iPad will construct the logon name it sends to MDaemon using both the ‘Username’ and ‘Domain’ values you provide.

If this is the case the ActiveSync-DDMMYYYY.log will show a invalid username and error as follows…


To address this the correct settings on the iPhone or iPad would actually be…