If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
COURSE of the MONTH
14 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Exchange Server ActiveSync 80072F0D
Posted on 2006-10-26
I've done this a number of times on SBS 2003, but now I have to setup a Windows Mobile 5 device to sync with Exchange 2003. This is Exchange running on 2003 Server Standard, not SBS.
I have created a self-signed certificate on the Exchange server.
I can login to https://servername/exchange and use OWA.
I can login from the WM5 device and use OWA.
I have exported the certificate (using a variety of methods) and installed it on the WM5 device.
I can go to certificates on the WM5 device, click on the Root tab and see the certificate.
Every time I try to sync with the Exchange server, I receive a 80072F0D error. Everything I find about this error indicates the certificate is invalid on the server, but the certificate works fine for OWA.
I've tried a Cingular 8125 and the MS Pocket PC Emulator. I get the same error on both.
Can anyone out there offer any suggestions on how to troubleshoot this error?
I have created a self-signed certificate on the Exchange server.
I can login to https://servername/exchange and use OWA.
I can login from the WM5 device and use OWA.
I have exported the certificate (using a variety of methods) and installed it on the WM5 device.
I can go to certificates on the WM5 device, click on the Root tab and see the certificate.
Every time I try to sync with the Exchange server, I receive a 80072F0D error. Everything I find about this error indicates the certificate is invalid on the server, but the certificate works fine for OWA.
I've tried a Cingular 8125 and the MS Pocket PC Emulator. I get the same error on both.
Can anyone out there offer any suggestions on how to troubleshoot this error?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
4 Comments
Hi,
As you have mentioned, this is a certificate error. Open up IE on the mobile device and browse the OWA URL. If you get a security warning prompt, then look at the point against which you get an exclamation mark. That will be the cause of your problem.
Ideally, the Issued To value on the cert and the URL that you use should match.
If you have got any intermediate Root CAs, those cert should also be trusted.
So post the message against which you get the exclamation mark when you try to access the OWA URL from the device.
Thanks,
Vasanth.
As you have mentioned, this is a certificate error. Open up IE on the mobile device and browse the OWA URL. If you get a security warning prompt, then look at the point against which you get an exclamation mark. That will be the cause of your problem.
Ideally, the Issued To value on the cert and the URL that you use should match.
If you have got any intermediate Root CAs, those cert should also be trusted.
So post the message against which you get the exclamation mark when you try to access the OWA URL from the device.
Thanks,
Vasanth.
Active 7 days ago
Vasanth,
Thanks for the response.
Let me update before I respond to your suggestions.
I'm not well versed in certificates and thought I might have messed up creating the cert.
Therefore, I went to RapidSSL.com and got a 30-day free trial on a cert. If it worked, I would have been happy to pay for a cert and get this working. However, it did not work.
I get the same results as the cert I created.
So, to respond to your suggestion. I was on the mobile device and browsed to https://FQDN/owa.
I received a warning. The exclamation mark is on the message "the certificate was issued by a company you have not chosen to trust."
I get a green check on "the certificate date is valid."
I get a green check on "the certificate has a valid name matching the name of the page you are trying to view."
If I go to root certificates on the mobile device, I can view the certificate details and verify it is issued to the FQDN that I'm using when browsing.
I'm afraid I don't know enough about certs to know if I have any intermediate root CAs. Based on the creation process when I created the cert and based on the process with RapidSSL.com, I am not aware of any other certs related to this one.
Any suggestions on further diagnosing this?
Thanks,
Rick
Thanks for the response.
Let me update before I respond to your suggestions.
I'm not well versed in certificates and thought I might have messed up creating the cert.
Therefore, I went to RapidSSL.com and got a 30-day free trial on a cert. If it worked, I would have been happy to pay for a cert and get this working. However, it did not work.
I get the same results as the cert I created.
So, to respond to your suggestion. I was on the mobile device and browsed to https://FQDN/owa.
I received a warning. The exclamation mark is on the message "the certificate was issued by a company you have not chosen to trust."
I get a green check on "the certificate date is valid."
I get a green check on "the certificate has a valid name matching the name of the page you are trying to view."
If I go to root certificates on the mobile device, I can view the certificate details and verify it is issued to the FQDN that I'm using when browsing.
I'm afraid I don't know enough about certs to know if I have any intermediate root CAs. Based on the creation process when I created the cert and based on the process with RapidSSL.com, I am not aware of any other certs related to this one.
Any suggestions on further diagnosing this?
Thanks,
Rick
Hi Rick,
It seems like you have a cert with intermediate root certificates. You will have to trust the whole chain of certs in order for AS to work fine. To do so, Open IIS --> Default Web Site --> Properties --> Directory Security --> View Certificate.
In the cert, click on the Certification Path tab. You will have to click on each and every level on the path (typically certs) and click on view certs. Go to details tab and use the copy to a file. Save all the certs and trust them in the device. Test Activesync.
Thanks,
Vasanth.
It seems like you have a cert with intermediate root certificates. You will have to trust the whole chain of certs in order for AS to work fine. To do so, Open IIS --> Default Web Site --> Properties --> Directory Security --> View Certificate.
In the cert, click on the Certification Path tab. You will have to click on each and every level on the path (typically certs) and click on view certs. Go to details tab and use the copy to a file. Save all the certs and trust them in the device. Test Activesync.
Thanks,
Vasanth.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In-place Upgrading Dirsync to Azure AD Connect
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Mail Flow >> Rules tab.: To cr…
Suggested Courses
Course of the Month14 days, 12 hours left to enroll
771 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.