This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Secure Email IOS Notifications not working

We are testing Endpoint, Encryption and Mobile solution in hopes of signing a 3 year contract for the product.

We love Endpoint, love Encryption and mostly are good with mobile with one giant issue.

Everything is working except new email notifications when using the Sophos Secure Email client on IOS.

New email Notifications work with Android.

Calendar notifications work with Sophos Secure Email and IOS.

Email notifications work when I allow my test users to connect using the native IOS email application but that isn't containerized. Our preference, especially for BYOD users, would be to force them to use Sophos Secure Email for IOS.

Client version is 8.16.2

Using Sophos Central Admin.

EAS proxy version is 9.6.3.988, which is the version that downloads from the link in cloud.sophos.com. Is version 9.7 out yet?

I have read and implemented the existing documents:

Sophos Mobile: How to enable EWS notifications on the Exchange Server and Sophos Mobile

and

Sophos Secure Email: Known issue with new email notifications being delayed in iOS

and

Sophos Secure Email: How to enable real push notifications

I've read through these forums and it seems like I'm not the first person to have this issue but I don't see a good solution.

I've figured out on my own how to capture client logs. I've also set debug logging on the EAS proxy server, but I don't know how to interpret it.

I've opened a ticket with Sophos Support and been in direct email contact with the engineer who demonstrated the product to us. Both are now non-responsive, which I hope isn't a sign of the type of support the company provides.

Has anyone else run into this issue? Can Sophos provide any assistance? The purchase of all products is hinging on this.

Alternatively does anyone know of a competitor product that works....?



This thread was automatically locked due to age.
  • Hi ,

    Thank you for reaching us, With regards to this, Can you share with us the Case number that you have in order for us to have a quick look at the case and help you follow up with it? Also for your other query allow us to check this and get back to you. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Case number in support email is 00D301GN6a._5003Z1EZaNT

  • I am going to put the solution here in case anyone else runs into the same issue.

    We weren't able to find this on our own but our Sales Engineer contacted Sophos support through back channels.

    The issue is that Exchange 2016 EWS is using TLS 1.0 by default. The fix is to change two registry settings on the server in order to force .Net 4 to use TLS 1.2. The Sophos notifications server requires at least TLS 1.1.

    The registry entries to be added are on the Exchange servers are:

    # set strong cryptography on 64 bit .Net Framework (version 4 and above)
    HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319
    Name 'SchUseStrongCrypto'
    Type DWord
    Value '1'

    # set strong cryptography on 32 bit .Net Framework (version 4 and above)
    HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319
    Name 'SchUseStrongCrypto'
    Type DWord
    Value '1'

    As described in this link: Enabling strong cryptography for all .Net applications | John Louros

    This will require a reboot of the Exchange server.

    Once we added these entries and rebooted we then had to go to Sophos Secure Mail and do an Update of the email account. This wipes it and reloads the account on the phone. Within minutes I saw the EWS registration in the EAS logs, only this time we had no errors in the Exchange application logs. Shortly after Push Notifications started working on IOS devices.

    Note that the push notifications only state "You have a new email". As described in the documents linked above this is an IOS limitation, not an issue with Sophos.

  • Hi Steve 

    Thank you for sharing these findings. We'll mark this as a "verified answer" for this issue. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids