Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange Server 2003 & Mobile Phone access via ActiveSync

Posted on 2006-06-21
15
Medium Priority
?
965 Views
Last Modified: 2012-05-05
Hi, I'm trying to setup access for Pocket PC's and Smartphones to access our Exchange Server directly.  We're running Exchange all on the same server, not in a front-end/back-end environment.  I have opened our firewall to allow 443 and I have created my own certificate for this.  I issue the certificate to the ip address of the Exchange server vice having any resolving going on.  I put the same ip in the phone that is on the cert, a few articles I read said they have to match exactly.  I verified that OWA works both internally and externally via 443, but I don't know how to verify OMA, just by using a browser internally. I tried just like OWA (http://servername/oma vice /exchange) but it gives me a "the user has not been setup for mobile access". I have verified that mobile access is enabled.

On the phone when I try to sync using ActiveSync it says that it's sychronizing folders then errors out with "0x80072F17". When I search the iis logs on the Exchange server and the event viewer I see nothing that would indicate the device is connecting.

Do you have any idea what I'm missing here. I am not running SP2 but will be upgrading to it this weekend.

Thanks for the help.
0
Comment
Question by:Karessa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
15 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 800 total points
ID: 16959379
First - upgrade to service pack 2. The whole mobile process has been changed in that service pack and as such I cannot tell you how to fix it on SP1.

Second - you cannot have an SSL certificate on an IP address. It must be on a host name. The fact that you are using an IP address for an SSL certificate means that you are using a home grown certificate.

SSL certificates work on a basis of trust. Certificates are issued by roots. The root certificate is installed in the web browser or application. A home grown certificate will not be issued by a trusted root, so will fail. EAS cannot cope with certificate warnings.

You would have to import the certificate on to each device individually, and depending on your device supplier you may be blocked from doing that.

Another option would be to purchase a certificate. The problem is that the list of trusted roots in the Windows Mobile devices are very small - and the ones listed are very expensive. You would therefore need to find a way of getting the root certificate in to each device.

Make sure that you have enabled all the mobile options in ESM. They aren't enabled by default.
Global Settings, Mobile Services.

However I would recommend that you don't bother with this any further until you have got SP2 for Exchange installed.

Simon.
0
 

Author Comment

by:Karessa
ID: 16964069
Thanks Simon,  I didn't have the checkbox selected in the ESM. Once that was done, I was able to get further. I have now re-issued my own certificate with the naming scheme of biosname.domainname.com and have installed that certificate on the PPC as a root certificate. But I still get an error that the certificate is invalid error code 0x80072F0D.  After a bit more hunting I'm thinking somehow I need to diable cerficate checking but can't find how to do this on a MS Mobile 5 PPC.

This of course will all be null and void after I upgrade but really needed it working.  Thanks for your help, any other ideas you have would be appreciated.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16964142
If the ssl certificate has been installed on the device, then you shouldn't need to disable certificate checking. I have used home grown certificates on test sites and all I need to do is install the certificate and then off it goes.

What happens if you browse to oma? Do you get a certificate warning?

Simon.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:Karessa
ID: 16964288
Yep that's what I thought but I just can't figure out why it doesn't like this cert.

If I browse to oma e.g https://servername.domain.com/oma (never used this so not sure it's right) I do get a cert warning and when I accept it I get this which I would expect.

The device type you are using is not supported.
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

I read this post below which you helped with and I have encountered almost all of those problems but now I'm just down to the warning from the PPC that the certificate is invalid.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21798106.html?query=0x80072f0d&clearTAFilter=true

Thanks
karessa
0
 

Author Comment

by:Karessa
ID: 16964305
Does the name on my top level CA matter.  Not the common name but the Local CA?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16964330
When you browse to OMA - which one is failing on? There are three elements.

Simon.
0
 

Author Comment

by:Karessa
ID: 16964469
The last one "the name on the sec cert is invalid or does not match the name on the site"
0
 

Author Comment

by:Karessa
ID: 16964481
Which is what the PPC is saying too, just don't know what to do to clear it.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16964938
When you issued the certificate, what exactly did you use for the common name?

servername
servername.domain.com
servername.domain.com.
https://servername.domain.com
server name

You can't have spaces, you can't have the https
You can't have the dot on the end of the name either.

Simon.
0
 

Author Comment

by:Karessa
ID: 16969934
i issued it to servername.domain.com  (just like you would access it from externally)i also tried issuing to just the servername, same error.  My top level ca is our company name (don't know if that plays into it or not)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16970424
I will confess that I have never tried it with a certificate issued from a CA.
I only use two types of certificates - commercial certificates and those issues by the selfssl tool. The selfssl tool is used for testing only.

Simon.
0
 

Author Comment

by:Karessa
ID: 16988528
Well now post exch sp2.  From a browser all is well, owa and oma are working and on the device owa and oma are working via a browser.  When I try to sync, I get the error code 85010014.  I still see nothing in the event logs, nothing in any web logs.  Prior to this error I had a 85010004 which I believe was a certificate problem.  Any other suggestions. I'm just about out on this one.

thanks
k
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16995994
The only thing I can suggest is to try it with a commercial certificate. Use one of the free trial certificates.
If you go with the certificate from RapidSSL then you will have to import their root certificate in to the device to get it to accept the certificate during sync.

Simon.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question