OK here it is. We have a certificate based mail system through Exchange 2003 SP2. Both OMA and OWA work fine using a 2048 bit certificate even on a smartphone.
However, when it comes to trying to Push Mail using Activesync, it all goes horribly wrong.
We enter in the server details into Activesync. Starts Sync process which prompts for a username and password (even though should be certificate based). It then throws a 0x85030028 or a 0x85030027 error saying that the certificate on the phone is either not there or invalid. One message was that the client certificate is malformed or invalid.
Have got a root cert installed together with the personal cert. Both of these are home grown and not from Verisign, etc.
Absolutely no idea what to do now except look at an expensive push solution (which I really don't want to do!). Could the reason be anything to do with the 2048 bit strength?
Enviroment: Windows 2003 (Mixed mode), Exchange 2003 SP2 (Mixed mode), Mobile Access enabled, Orange C600 Smartphone which is unlocked and able to have certificates installed on it, Activesync 4.1.
Certificates installed: Personal certificate from local CA. Root Certificate installed directly from CA server from smartphone. Certificate strength: 2048.
Thanks loads in advance.