Solved

ActiveSync Problems with Exchange 2003 and ISA 2004

Posted on 2006-11-29
8
437 Views
Last Modified: 2007-12-19
I have the following setup:
Exchange 2003 Server on Windows 2000 Server (Internal Netowrk)
ISA 2004 on Windows 2003 Server (External Network)
I have SSL and Form Based Authenication running and OWA works perfect.

I am trying to setup ActiveSync my Treo 700 W. I have checked the require SSL box and have mail.company.com in the server adress. When I try to Sync I receive a message saying that Certificate is expired. The message also says that the problem maybe with the clock on my device. The clock on my device is right and the certificate isn't expired.

I have read a ton of articles which all pretty much contradict each other. Some say that ActiveSync can't use SSL others say it can. Does anyone have any clue how to resolve this issue? On a side note what is the difference between OMA and ActiceSync?

Thanks
JP
0
Comment
Question by:vtjp1
  • 4
  • 4
8 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18038915
ActiveSync can use SSL.
However if you are getting an SSL certificate warning then the feature will not work.

Try browsing to OMA on the device - https://host.domain.com/oma

If you get a certificate prompt the feature will fail to work.

Simon.
0
 

Author Comment

by:vtjp1
ID: 18038941
I did get the certificate prompt. What should I do?
0
 

Author Comment

by:vtjp1
ID: 18038964
By the way when I went to https:\\host.domain.com/oma it took me to the Outlook Web Access page is that what should happen?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18039002
If you are getting the certificate prompt then you need to deal with whatever the certificate is prompting about.

There will be three elements that could be causing the issue...

- name. The certificate is in mail.domain.com but you are entering mail.domain.net in the web browser

- date. It is has expired

- trust. If the certificate is not a commercial certificate then it will not be trusted by the device. Even some commercial certificates are not trusted by Windows mobile.

As for the OMA issue - ensure that OMA is being published separately through ISA. Try it internally on http://servername/oma. You should get a username and password prompt. Enter the username in the format of domain\username and then the password. The result should be a plain text version of your mailbox.

Simon.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:vtjp1
ID: 18039028
How can you tell if it is a commercial certificate? I just got it from Verisign.  I know it hasn't expired and I know the name is right.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18039168
If you purchased the certificate then it is a commercial certificate. If you generated the certificate yourself, then it is a home grown certificate.

Check the ISA server as well. I have seen a number of times where the ISA server has its own certificate and is using that, not the certificate on your Exchange server.

Simon.
0
 

Author Comment

by:vtjp1
ID: 18039222
I know ISA is working because I can get to OWA and that is published through ISA. Is it possible that a redirect can be causing a problem?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 18040570
If you have some kind of redirect in place then there is a chance that is causing a problem. It depends on what the redirect does.

I don't use redirects myself. I open 443 only for OWA access. The users soon get used to putting the https in. I do not want any port 80 traffic coming in to the network.

Simon.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now