Solved

Exchange Activesync with Cingular 8125

Posted on 2006-07-09
8
679 Views
Last Modified: 2012-08-13
I just want to start off saying I've done an exhaustive search of this issue on the internet, Microsoft KB and this site as well.  I have a Cingular 8125 upgraded to the newest firmware.  I have an Exchange 2003 server that is also an internal CA and I have self issued certificate for my FQDN for SSL.  When I browse to the OWA website I get the SSL certificate screen telling me it's an untrusted authority and when I click yes it goes through.  When I browse to the OMA page a desktop machine I get the SSL certificate screen and when I click yes I just get a white screen, no errors nor a logon screen.  On the 8125 the SSL screen never comes up.  When configuring Activesync I get the error 0x80072F0D.  I've copied the root certificate over and when you double click it says "Cannot access certificate".  I have tried using AddRootCert.exe and it says "Error 0 Opening File" when I try to choose the cert.  I've tried using SmartPhoneAddCert.exe and put the cert in a Storage folder like described by MS but it errors with "Unable to locate any certificate files".  I finally exported my certficate to a .pfx file and used p12import to import the files.  After this I don't get the SSL certificate window for OWA but still nothing on OMA or Activesync.  I really need to get Activesync working with this self issues certificate. Thanks in advance.
0
Comment
Question by:IBS_Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073116
I had this same issue with my home exchange server and cingular 8125.  You can use this with a self signed cert, but you need to add the cert to your phone.  To do this follow these steps...

From a PC:
1. open IE, go to your https: page for OWA
2. double click on the lock icon in the bottom right corner of IE
3. click on the details tab
4. click copy to file button
5. save the cert with any name you like in DER format (already selected as default).
6. copy the cert you just saved to your 8125 through activesync

From 8125:
1. open file explorer
2. browse to where you copied the cert
3. tap on the cert to open it
4. click yes when prompted to install the cert.  
5. re-try active sync on your phone.  

I ended up getting a godaddy.com ssl cert because I have other people accessing my OWA page and didn't want them getting the nag screen.  I was too lazy to help them setup the self signed cert on their PCs, so I just got one from Godaddy, but the above should work with your setup.  I had this working and it should work for you.  If you can get to the ssl site from a PC, once you install the cert on your phone, you should be able to get active sync working.  

Hope that helps, let me know if you have any other questions, I worked on this for 2 days and am very familiar with the setup now!!!

Thanks
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17073642
The handheld devices are really sensitive to certificate issues. If you are getting certificate warnings, then EAS will not work.

The usual way to test is to browse to https://servername.domain.com/oma (where servername.domain.com is the name on the SSL certificate) on the handheld device itself. If you get an SSL warning - then EAS will not work.

You have to be careful about which certificate you are installing. Some people don't install the root certificate, but will install the server's own certificate - but as a root certificate. That doesn't work, as a server certificate and a root certificate are different.

As already said, in most cases, ditching the self signed certificate and putting a commercial certificate in place is the best way to deal with these issues.

Simon.
0
 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073656
Oops, Simon caught me, I forgot to mention I exported my root cert and web cert to DER format and imported on my 8125, which allowed active sycn to work for me.  But I also agree that getting a real ssl cert from a trusted CA is best.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 104

Expert Comment

by:Sembee
ID: 17073727
MCPJOE - out of interest - who are GoDaddy using for their SSL Certificates? Which Root are they issued by?

Simon.
0
 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073765
They are issued by ValiCert, I also see Starfield in their certificate info.  Mine was automatically trusted by IE on Windows XP Pro, but I still had to add it manually to my 8125.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17073778
Sounds like they are still using chained certificates.
The Valicert is trusted by Windows Mobile 5.0 with MSFP, but the intermediate certificate will not be.

Simon.
0
 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073815
thats correct, I was successfully able to export my certs in DER format to my 8125, then active sync was able to function normally.  It would only let me import two of them, the root CA and my cert, which are the two I imported.  I don't recall if it let me export/import the intermediate cert or not, I'd have to go through it again and see which ones it let me do.

Thanks
0
 

Author Comment

by:IBS_Tech
ID: 17075003
I'm just going to order a 3rd party certificate.  Thanks guys.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question