Solved

Exchange Server 2003 & Mobile Phone access via ActiveSync

Posted on 2006-06-21
15
949 Views
Last Modified: 2012-05-05
Hi, I'm trying to setup access for Pocket PC's and Smartphones to access our Exchange Server directly.  We're running Exchange all on the same server, not in a front-end/back-end environment.  I have opened our firewall to allow 443 and I have created my own certificate for this.  I issue the certificate to the ip address of the Exchange server vice having any resolving going on.  I put the same ip in the phone that is on the cert, a few articles I read said they have to match exactly.  I verified that OWA works both internally and externally via 443, but I don't know how to verify OMA, just by using a browser internally. I tried just like OWA (http://servername/oma vice /exchange) but it gives me a "the user has not been setup for mobile access". I have verified that mobile access is enabled.

On the phone when I try to sync using ActiveSync it says that it's sychronizing folders then errors out with "0x80072F17". When I search the iis logs on the Exchange server and the event viewer I see nothing that would indicate the device is connecting.

Do you have any idea what I'm missing here. I am not running SP2 but will be upgrading to it this weekend.

Thanks for the help.
0
Comment
Question by:Karessa
  • 7
  • 6
15 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 200 total points
Comment Utility
First - upgrade to service pack 2. The whole mobile process has been changed in that service pack and as such I cannot tell you how to fix it on SP1.

Second - you cannot have an SSL certificate on an IP address. It must be on a host name. The fact that you are using an IP address for an SSL certificate means that you are using a home grown certificate.

SSL certificates work on a basis of trust. Certificates are issued by roots. The root certificate is installed in the web browser or application. A home grown certificate will not be issued by a trusted root, so will fail. EAS cannot cope with certificate warnings.

You would have to import the certificate on to each device individually, and depending on your device supplier you may be blocked from doing that.

Another option would be to purchase a certificate. The problem is that the list of trusted roots in the Windows Mobile devices are very small - and the ones listed are very expensive. You would therefore need to find a way of getting the root certificate in to each device.

Make sure that you have enabled all the mobile options in ESM. They aren't enabled by default.
Global Settings, Mobile Services.

However I would recommend that you don't bother with this any further until you have got SP2 for Exchange installed.

Simon.
0
 

Author Comment

by:Karessa
Comment Utility
Thanks Simon,  I didn't have the checkbox selected in the ESM. Once that was done, I was able to get further. I have now re-issued my own certificate with the naming scheme of biosname.domainname.com and have installed that certificate on the PPC as a root certificate. But I still get an error that the certificate is invalid error code 0x80072F0D.  After a bit more hunting I'm thinking somehow I need to diable cerficate checking but can't find how to do this on a MS Mobile 5 PPC.

This of course will all be null and void after I upgrade but really needed it working.  Thanks for your help, any other ideas you have would be appreciated.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
If the ssl certificate has been installed on the device, then you shouldn't need to disable certificate checking. I have used home grown certificates on test sites and all I need to do is install the certificate and then off it goes.

What happens if you browse to oma? Do you get a certificate warning?

Simon.
0
 

Author Comment

by:Karessa
Comment Utility
Yep that's what I thought but I just can't figure out why it doesn't like this cert.

If I browse to oma e.g https://servername.domain.com/oma (never used this so not sure it's right) I do get a cert warning and when I accept it I get this which I would expect.

The device type you are using is not supported.
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

I read this post below which you helped with and I have encountered almost all of those problems but now I'm just down to the warning from the PPC that the certificate is invalid.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21798106.html?query=0x80072f0d&clearTAFilter=true

Thanks
karessa
0
 

Author Comment

by:Karessa
Comment Utility
Does the name on my top level CA matter.  Not the common name but the Local CA?
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
When you browse to OMA - which one is failing on? There are three elements.

Simon.
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:Karessa
Comment Utility
The last one "the name on the sec cert is invalid or does not match the name on the site"
0
 

Author Comment

by:Karessa
Comment Utility
Which is what the PPC is saying too, just don't know what to do to clear it.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
When you issued the certificate, what exactly did you use for the common name?

servername
servername.domain.com
servername.domain.com.
https://servername.domain.com
server name

You can't have spaces, you can't have the https
You can't have the dot on the end of the name either.

Simon.
0
 

Author Comment

by:Karessa
Comment Utility
i issued it to servername.domain.com  (just like you would access it from externally)i also tried issuing to just the servername, same error.  My top level ca is our company name (don't know if that plays into it or not)
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
I will confess that I have never tried it with a certificate issued from a CA.
I only use two types of certificates - commercial certificates and those issues by the selfssl tool. The selfssl tool is used for testing only.

Simon.
0
 

Author Comment

by:Karessa
Comment Utility
Well now post exch sp2.  From a browser all is well, owa and oma are working and on the device owa and oma are working via a browser.  When I try to sync, I get the error code 85010014.  I still see nothing in the event logs, nothing in any web logs.  Prior to this error I had a 85010004 which I believe was a certificate problem.  Any other suggestions. I'm just about out on this one.

thanks
k
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
The only thing I can suggest is to try it with a commercial certificate. Use one of the free trial certificates.
If you go with the certificate from RapidSSL then you will have to import their root certificate in to the device to get it to accept the certificate during sync.

Simon.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now