[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

exchange activesync error 0x80072efd

Posted on 2006-05-20
9
Medium Priority
?
6,378 Views
Last Modified: 2008-01-09
i want to connect my hp ipaq 6915 with gprs and autd.
Everything works fine when i do not use SSL.
When i connect with SSL i get the error : 80072efd.
i look at the http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php but don't manage to resolve the problem

I set up a certificate server on a terminal server in my network (connects with SSL too and works fine).
i exported the certificate on the terminal server and imported it in the default web site.
then i exported the certificate too my pda too with certutil and installed the certificate.

i see that through the firewall my device connects too the server on port 443 but no bubble message arrives.

i guess there is a problem with the certificate but i don't see what i'm doing wrong.

i tried an oma connection on the server itself to see if ssl works fine but again i get an unresolvable error : msexchangeoma event 1503.

Any help would be appreciated ....

0
Comment
Question by:McRight
  • 5
  • 4
9 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 1500 total points
ID: 16724895
If OMA doesn't work, then you may have a more serious error.
Ensure that you don't have require SSL configured on either /exchange, /Microsoft-Server-Activesync or /oma virtual directories in IIS Manager.
Does the common name on the certificate match the name you are entering in to the device?
Did you export the certificate in the right format? Does the certificate show in the list of certificates on the device?

Ideally you should be using a commercial certificate for SSL activities, it makes the deployment much easier.

Simon.
0
 
LVL 1

Author Comment

by:McRight
ID: 16724960
sure you don't have to require SSL on /exchange /microsoft activesync or /oma ?
what with the other directories ?
on the default web site i have to put the check box require secure channel is guess ?

i exported the certificate :
To export the CA certificate

1.
 Log on to the CA server and open a command shell.
 
2.
 Run the following command to export the CA certificate to a file:

certutil –ca.cert rootca.cer

You can specify a path to the Rootca.cer file if you want to save it in a different folder. (You need to enclose the path and file name in quotes if it contains embedded spaces.)
 
3.
 Copy the certificate file to a file share or Web server directory so that users can easily download it when required for the Pocket PC installation.
 
i doubleclicked the .cer file on the ipaq to do the installation.

testing with a veritest cert doesn't work as i can't open the testcertificate on my ipaq.

is there a step-by-step procedure i can use to create a simple web certificate for authentication ?

thanks
0
 
LVL 1

Author Comment

by:McRight
ID: 16724999
if i view the certificate on the mail server i see that there is a certificate but i guess that is the root certificate

i did a cert request on the mailserver and installed it via the cert form.
when i want to add a cert on the mailserver i have only the choice of a root cert and not the issued web cert (mobile).

can you give an example of what the certification details have to be on the ipaq
issued to : mobile
issued by : self-issued / cert-auth
intended purposes :

thanks !!!
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 104

Expert Comment

by:Sembee
ID: 16725074
Don't require SSL on the web site. That causes problems. If you want to restrict access to just SSL, then block port 80 access, so that 443 is the only port that is open.

There is a correct format for the certificate to be in, so that the mobile handset will support it. I have that documented on my web site at http://www.amset.info/pocketpc/certificates.asp

Simon.
0
 
LVL 1

Author Comment

by:McRight
ID: 16725496
i downloaded the rapidssl cert and installed it on my mailserver and my ipaq; but the same error appears ...
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16725706
Are you using a RapidSSL certificate on the server?
I used RapidSSL on my web site as an example. If you are using your own certificate then you need to repeat the process from your own certificate.

Simon.
0
 
LVL 1

Author Comment

by:McRight
ID: 16725744
i used both, i had a soft reset now and cleared the activesync settings and all installed certificates.
i created a new ca and exported the root ca to the mailserver and to the ipaq, SSL is still not working.
0
 
LVL 1

Author Comment

by:McRight
ID: 16746958
common name of certificate has to be external dns name of the server. Since the external and internal domains were different, that's why i had the problem.


0
 
LVL 104

Expert Comment

by:Sembee
ID: 16746990
You beat me to it, I have been on site and haven't caught up with my questions.
I was going to suggest that you look at the certificate, as a reset of the device didn't fix the problem it has to be something server side.

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month18 days, 16 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question