Solved

Exchange Server 2003 & Mobile Phone access via ActiveSync

Posted on 2006-06-21
15
962 Views
Last Modified: 2012-05-05
Hi, I'm trying to setup access for Pocket PC's and Smartphones to access our Exchange Server directly.  We're running Exchange all on the same server, not in a front-end/back-end environment.  I have opened our firewall to allow 443 and I have created my own certificate for this.  I issue the certificate to the ip address of the Exchange server vice having any resolving going on.  I put the same ip in the phone that is on the cert, a few articles I read said they have to match exactly.  I verified that OWA works both internally and externally via 443, but I don't know how to verify OMA, just by using a browser internally. I tried just like OWA (http://servername/oma vice /exchange) but it gives me a "the user has not been setup for mobile access". I have verified that mobile access is enabled.

On the phone when I try to sync using ActiveSync it says that it's sychronizing folders then errors out with "0x80072F17". When I search the iis logs on the Exchange server and the event viewer I see nothing that would indicate the device is connecting.

Do you have any idea what I'm missing here. I am not running SP2 but will be upgrading to it this weekend.

Thanks for the help.
0
Comment
Question by:Karessa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
15 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 200 total points
ID: 16959379
First - upgrade to service pack 2. The whole mobile process has been changed in that service pack and as such I cannot tell you how to fix it on SP1.

Second - you cannot have an SSL certificate on an IP address. It must be on a host name. The fact that you are using an IP address for an SSL certificate means that you are using a home grown certificate.

SSL certificates work on a basis of trust. Certificates are issued by roots. The root certificate is installed in the web browser or application. A home grown certificate will not be issued by a trusted root, so will fail. EAS cannot cope with certificate warnings.

You would have to import the certificate on to each device individually, and depending on your device supplier you may be blocked from doing that.

Another option would be to purchase a certificate. The problem is that the list of trusted roots in the Windows Mobile devices are very small - and the ones listed are very expensive. You would therefore need to find a way of getting the root certificate in to each device.

Make sure that you have enabled all the mobile options in ESM. They aren't enabled by default.
Global Settings, Mobile Services.

However I would recommend that you don't bother with this any further until you have got SP2 for Exchange installed.

Simon.
0
 

Author Comment

by:Karessa
ID: 16964069
Thanks Simon,  I didn't have the checkbox selected in the ESM. Once that was done, I was able to get further. I have now re-issued my own certificate with the naming scheme of biosname.domainname.com and have installed that certificate on the PPC as a root certificate. But I still get an error that the certificate is invalid error code 0x80072F0D.  After a bit more hunting I'm thinking somehow I need to diable cerficate checking but can't find how to do this on a MS Mobile 5 PPC.

This of course will all be null and void after I upgrade but really needed it working.  Thanks for your help, any other ideas you have would be appreciated.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16964142
If the ssl certificate has been installed on the device, then you shouldn't need to disable certificate checking. I have used home grown certificates on test sites and all I need to do is install the certificate and then off it goes.

What happens if you browse to oma? Do you get a certificate warning?

Simon.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Karessa
ID: 16964288
Yep that's what I thought but I just can't figure out why it doesn't like this cert.

If I browse to oma e.g https://servername.domain.com/oma (never used this so not sure it's right) I do get a cert warning and when I accept it I get this which I would expect.

The device type you are using is not supported.
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

I read this post below which you helped with and I have encountered almost all of those problems but now I'm just down to the warning from the PPC that the certificate is invalid.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21798106.html?query=0x80072f0d&clearTAFilter=true

Thanks
karessa
0
 

Author Comment

by:Karessa
ID: 16964305
Does the name on my top level CA matter.  Not the common name but the Local CA?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16964330
When you browse to OMA - which one is failing on? There are three elements.

Simon.
0
 

Author Comment

by:Karessa
ID: 16964469
The last one "the name on the sec cert is invalid or does not match the name on the site"
0
 

Author Comment

by:Karessa
ID: 16964481
Which is what the PPC is saying too, just don't know what to do to clear it.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16964938
When you issued the certificate, what exactly did you use for the common name?

servername
servername.domain.com
servername.domain.com.
https://servername.domain.com
server name

You can't have spaces, you can't have the https
You can't have the dot on the end of the name either.

Simon.
0
 

Author Comment

by:Karessa
ID: 16969934
i issued it to servername.domain.com  (just like you would access it from externally)i also tried issuing to just the servername, same error.  My top level ca is our company name (don't know if that plays into it or not)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16970424
I will confess that I have never tried it with a certificate issued from a CA.
I only use two types of certificates - commercial certificates and those issues by the selfssl tool. The selfssl tool is used for testing only.

Simon.
0
 

Author Comment

by:Karessa
ID: 16988528
Well now post exch sp2.  From a browser all is well, owa and oma are working and on the device owa and oma are working via a browser.  When I try to sync, I get the error code 85010014.  I still see nothing in the event logs, nothing in any web logs.  Prior to this error I had a 85010004 which I believe was a certificate problem.  Any other suggestions. I'm just about out on this one.

thanks
k
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16995994
The only thing I can suggest is to try it with a commercial certificate. Use one of the free trial certificates.
If you go with the certificate from RapidSSL then you will have to import their root certificate in to the device to get it to accept the certificate during sync.

Simon.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question