Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 968
  • Last Modified:

Exchange Server 2003 & Mobile Phone access via ActiveSync

Hi, I'm trying to setup access for Pocket PC's and Smartphones to access our Exchange Server directly.  We're running Exchange all on the same server, not in a front-end/back-end environment.  I have opened our firewall to allow 443 and I have created my own certificate for this.  I issue the certificate to the ip address of the Exchange server vice having any resolving going on.  I put the same ip in the phone that is on the cert, a few articles I read said they have to match exactly.  I verified that OWA works both internally and externally via 443, but I don't know how to verify OMA, just by using a browser internally. I tried just like OWA (http://servername/oma vice /exchange) but it gives me a "the user has not been setup for mobile access". I have verified that mobile access is enabled.

On the phone when I try to sync using ActiveSync it says that it's sychronizing folders then errors out with "0x80072F17". When I search the iis logs on the Exchange server and the event viewer I see nothing that would indicate the device is connecting.

Do you have any idea what I'm missing here. I am not running SP2 but will be upgrading to it this weekend.

Thanks for the help.
0
Karessa
Asked:
Karessa
  • 7
  • 6
1 Solution
 
SembeeCommented:
First - upgrade to service pack 2. The whole mobile process has been changed in that service pack and as such I cannot tell you how to fix it on SP1.

Second - you cannot have an SSL certificate on an IP address. It must be on a host name. The fact that you are using an IP address for an SSL certificate means that you are using a home grown certificate.

SSL certificates work on a basis of trust. Certificates are issued by roots. The root certificate is installed in the web browser or application. A home grown certificate will not be issued by a trusted root, so will fail. EAS cannot cope with certificate warnings.

You would have to import the certificate on to each device individually, and depending on your device supplier you may be blocked from doing that.

Another option would be to purchase a certificate. The problem is that the list of trusted roots in the Windows Mobile devices are very small - and the ones listed are very expensive. You would therefore need to find a way of getting the root certificate in to each device.

Make sure that you have enabled all the mobile options in ESM. They aren't enabled by default.
Global Settings, Mobile Services.

However I would recommend that you don't bother with this any further until you have got SP2 for Exchange installed.

Simon.
0
 
KaressaAuthor Commented:
Thanks Simon,  I didn't have the checkbox selected in the ESM. Once that was done, I was able to get further. I have now re-issued my own certificate with the naming scheme of biosname.domainname.com and have installed that certificate on the PPC as a root certificate. But I still get an error that the certificate is invalid error code 0x80072F0D.  After a bit more hunting I'm thinking somehow I need to diable cerficate checking but can't find how to do this on a MS Mobile 5 PPC.

This of course will all be null and void after I upgrade but really needed it working.  Thanks for your help, any other ideas you have would be appreciated.
0
 
SembeeCommented:
If the ssl certificate has been installed on the device, then you shouldn't need to disable certificate checking. I have used home grown certificates on test sites and all I need to do is install the certificate and then off it goes.

What happens if you browse to oma? Do you get a certificate warning?

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
KaressaAuthor Commented:
Yep that's what I thought but I just can't figure out why it doesn't like this cert.

If I browse to oma e.g https://servername.domain.com/oma (never used this so not sure it's right) I do get a cert warning and when I accept it I get this which I would expect.

The device type you are using is not supported.
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

I read this post below which you helped with and I have encountered almost all of those problems but now I'm just down to the warning from the PPC that the certificate is invalid.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21798106.html?query=0x80072f0d&clearTAFilter=true

Thanks
karessa
0
 
KaressaAuthor Commented:
Does the name on my top level CA matter.  Not the common name but the Local CA?
0
 
SembeeCommented:
When you browse to OMA - which one is failing on? There are three elements.

Simon.
0
 
KaressaAuthor Commented:
The last one "the name on the sec cert is invalid or does not match the name on the site"
0
 
KaressaAuthor Commented:
Which is what the PPC is saying too, just don't know what to do to clear it.
0
 
SembeeCommented:
When you issued the certificate, what exactly did you use for the common name?

servername
servername.domain.com
servername.domain.com.
https://servername.domain.com
server name

You can't have spaces, you can't have the https
You can't have the dot on the end of the name either.

Simon.
0
 
KaressaAuthor Commented:
i issued it to servername.domain.com  (just like you would access it from externally)i also tried issuing to just the servername, same error.  My top level ca is our company name (don't know if that plays into it or not)
0
 
SembeeCommented:
I will confess that I have never tried it with a certificate issued from a CA.
I only use two types of certificates - commercial certificates and those issues by the selfssl tool. The selfssl tool is used for testing only.

Simon.
0
 
KaressaAuthor Commented:
Well now post exch sp2.  From a browser all is well, owa and oma are working and on the device owa and oma are working via a browser.  When I try to sync, I get the error code 85010014.  I still see nothing in the event logs, nothing in any web logs.  Prior to this error I had a 85010004 which I believe was a certificate problem.  Any other suggestions. I'm just about out on this one.

thanks
k
0
 
SembeeCommented:
The only thing I can suggest is to try it with a commercial certificate. Use one of the free trial certificates.
If you go with the certificate from RapidSSL then you will have to import their root certificate in to the device to get it to accept the certificate during sync.

Simon.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now