Solved

Exchange Activesync with Cingular 8125

Posted on 2006-07-09
8
667 Views
Last Modified: 2012-08-13
I just want to start off saying I've done an exhaustive search of this issue on the internet, Microsoft KB and this site as well.  I have a Cingular 8125 upgraded to the newest firmware.  I have an Exchange 2003 server that is also an internal CA and I have self issued certificate for my FQDN for SSL.  When I browse to the OWA website I get the SSL certificate screen telling me it's an untrusted authority and when I click yes it goes through.  When I browse to the OMA page a desktop machine I get the SSL certificate screen and when I click yes I just get a white screen, no errors nor a logon screen.  On the 8125 the SSL screen never comes up.  When configuring Activesync I get the error 0x80072F0D.  I've copied the root certificate over and when you double click it says "Cannot access certificate".  I have tried using AddRootCert.exe and it says "Error 0 Opening File" when I try to choose the cert.  I've tried using SmartPhoneAddCert.exe and put the cert in a Storage folder like described by MS but it errors with "Unable to locate any certificate files".  I finally exported my certficate to a .pfx file and used p12import to import the files.  After this I don't get the SSL certificate window for OWA but still nothing on OMA or Activesync.  I really need to get Activesync working with this self issues certificate. Thanks in advance.
0
Comment
Question by:IBS_Tech
  • 4
  • 3
8 Comments
 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073116
I had this same issue with my home exchange server and cingular 8125.  You can use this with a self signed cert, but you need to add the cert to your phone.  To do this follow these steps...

From a PC:
1. open IE, go to your https: page for OWA
2. double click on the lock icon in the bottom right corner of IE
3. click on the details tab
4. click copy to file button
5. save the cert with any name you like in DER format (already selected as default).
6. copy the cert you just saved to your 8125 through activesync

From 8125:
1. open file explorer
2. browse to where you copied the cert
3. tap on the cert to open it
4. click yes when prompted to install the cert.  
5. re-try active sync on your phone.  

I ended up getting a godaddy.com ssl cert because I have other people accessing my OWA page and didn't want them getting the nag screen.  I was too lazy to help them setup the self signed cert on their PCs, so I just got one from Godaddy, but the above should work with your setup.  I had this working and it should work for you.  If you can get to the ssl site from a PC, once you install the cert on your phone, you should be able to get active sync working.  

Hope that helps, let me know if you have any other questions, I worked on this for 2 days and am very familiar with the setup now!!!

Thanks
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17073642
The handheld devices are really sensitive to certificate issues. If you are getting certificate warnings, then EAS will not work.

The usual way to test is to browse to https://servername.domain.com/oma (where servername.domain.com is the name on the SSL certificate) on the handheld device itself. If you get an SSL warning - then EAS will not work.

You have to be careful about which certificate you are installing. Some people don't install the root certificate, but will install the server's own certificate - but as a root certificate. That doesn't work, as a server certificate and a root certificate are different.

As already said, in most cases, ditching the self signed certificate and putting a commercial certificate in place is the best way to deal with these issues.

Simon.
0
 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073656
Oops, Simon caught me, I forgot to mention I exported my root cert and web cert to DER format and imported on my 8125, which allowed active sycn to work for me.  But I also agree that getting a real ssl cert from a trusted CA is best.  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17073727
MCPJOE - out of interest - who are GoDaddy using for their SSL Certificates? Which Root are they issued by?

Simon.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073765
They are issued by ValiCert, I also see Starfield in their certificate info.  Mine was automatically trusted by IE on Windows XP Pro, but I still had to add it manually to my 8125.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17073778
Sounds like they are still using chained certificates.
The Valicert is trusted by Windows Mobile 5.0 with MSFP, but the intermediate certificate will not be.

Simon.
0
 
LVL 9

Expert Comment

by:MCPJoe
ID: 17073815
thats correct, I was successfully able to export my certs in DER format to my 8125, then active sync was able to function normally.  It would only let me import two of them, the root CA and my cert, which are the two I imported.  I don't recall if it let me export/import the intermediate cert or not, I'd have to go through it again and see which ones it let me do.

Thanks
0
 

Author Comment

by:IBS_Tech
ID: 17075003
I'm just going to order a 3rd party certificate.  Thanks guys.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now