Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 695
  • Last Modified:

Exchange Activesync with Cingular 8125

I just want to start off saying I've done an exhaustive search of this issue on the internet, Microsoft KB and this site as well.  I have a Cingular 8125 upgraded to the newest firmware.  I have an Exchange 2003 server that is also an internal CA and I have self issued certificate for my FQDN for SSL.  When I browse to the OWA website I get the SSL certificate screen telling me it's an untrusted authority and when I click yes it goes through.  When I browse to the OMA page a desktop machine I get the SSL certificate screen and when I click yes I just get a white screen, no errors nor a logon screen.  On the 8125 the SSL screen never comes up.  When configuring Activesync I get the error 0x80072F0D.  I've copied the root certificate over and when you double click it says "Cannot access certificate".  I have tried using AddRootCert.exe and it says "Error 0 Opening File" when I try to choose the cert.  I've tried using SmartPhoneAddCert.exe and put the cert in a Storage folder like described by MS but it errors with "Unable to locate any certificate files".  I finally exported my certficate to a .pfx file and used p12import to import the files.  After this I don't get the SSL certificate window for OWA but still nothing on OMA or Activesync.  I really need to get Activesync working with this self issues certificate. Thanks in advance.
0
IBS_Tech
Asked:
IBS_Tech
  • 4
  • 3
1 Solution
 
MCPJoeCommented:
I had this same issue with my home exchange server and cingular 8125.  You can use this with a self signed cert, but you need to add the cert to your phone.  To do this follow these steps...

From a PC:
1. open IE, go to your https: page for OWA
2. double click on the lock icon in the bottom right corner of IE
3. click on the details tab
4. click copy to file button
5. save the cert with any name you like in DER format (already selected as default).
6. copy the cert you just saved to your 8125 through activesync

From 8125:
1. open file explorer
2. browse to where you copied the cert
3. tap on the cert to open it
4. click yes when prompted to install the cert.  
5. re-try active sync on your phone.  

I ended up getting a godaddy.com ssl cert because I have other people accessing my OWA page and didn't want them getting the nag screen.  I was too lazy to help them setup the self signed cert on their PCs, so I just got one from Godaddy, but the above should work with your setup.  I had this working and it should work for you.  If you can get to the ssl site from a PC, once you install the cert on your phone, you should be able to get active sync working.  

Hope that helps, let me know if you have any other questions, I worked on this for 2 days and am very familiar with the setup now!!!

Thanks
0
 
SembeeCommented:
The handheld devices are really sensitive to certificate issues. If you are getting certificate warnings, then EAS will not work.

The usual way to test is to browse to https://servername.domain.com/oma (where servername.domain.com is the name on the SSL certificate) on the handheld device itself. If you get an SSL warning - then EAS will not work.

You have to be careful about which certificate you are installing. Some people don't install the root certificate, but will install the server's own certificate - but as a root certificate. That doesn't work, as a server certificate and a root certificate are different.

As already said, in most cases, ditching the self signed certificate and putting a commercial certificate in place is the best way to deal with these issues.

Simon.
0
 
MCPJoeCommented:
Oops, Simon caught me, I forgot to mention I exported my root cert and web cert to DER format and imported on my 8125, which allowed active sycn to work for me.  But I also agree that getting a real ssl cert from a trusted CA is best.  
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
SembeeCommented:
MCPJOE - out of interest - who are GoDaddy using for their SSL Certificates? Which Root are they issued by?

Simon.
0
 
MCPJoeCommented:
They are issued by ValiCert, I also see Starfield in their certificate info.  Mine was automatically trusted by IE on Windows XP Pro, but I still had to add it manually to my 8125.
0
 
SembeeCommented:
Sounds like they are still using chained certificates.
The Valicert is trusted by Windows Mobile 5.0 with MSFP, but the intermediate certificate will not be.

Simon.
0
 
MCPJoeCommented:
thats correct, I was successfully able to export my certs in DER format to my 8125, then active sync was able to function normally.  It would only let me import two of them, the root CA and my cert, which are the two I imported.  I don't recall if it let me export/import the intermediate cert or not, I'd have to go through it again and see which ones it let me do.

Thanks
0
 
IBS_TechAuthor Commented:
I'm just going to order a 3rd party certificate.  Thanks guys.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now