Solved

Help Setting up PDA/Smartphones with SSL to work with Exchange 2003

Posted on 2007-03-24
16
269 Views
Last Modified: 2012-05-05
Hi,
Progress so far - I got the root certificate loaded onto phones (Nokia E61) and stoppped the untrusted certificate error.
I have managed to get as far as 'error 440' returned from exchange server, which seems to suggest I have to add an exchange-oma directory pointing at the normal exchange virtual directory. I think there is a microsoft technet article that explains steps, including registry changes
Does anyone know of any ways to set this up and still use SSL?
0
Comment
Question by:sasdaniels
  • 10
  • 6
16 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18785130
The KB article you are referring to is 817379.
It should be linked to in the event log ID.

I have also written my own variation of that article here: http://www.amset.info/exchange/mobile-85010014.asp
It has some additional steps.

Simon.
0
 

Author Comment

by:sasdaniels
ID: 18785333
Thanks
Thats excellent - I can stop fiddling around with the settings in IIS and get on with this. It helps confirm there is no other way . .
Were the additional steps critical?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18786338
The additional steps that I have introduced I found were key for the change to work.
If you have require SSL, fba etc enabled on the /exchange virtual directory, then when you carry out the export and then import you are bringing over the configuration that is causing the problems.
The additional steps that I have outlined undo that, then write those changes to the IIS metabase. Then you do the export and import and the settings come across correctly.

Simon.
0
 

Author Comment

by:sasdaniels
ID: 18787632
Nice one
I'll give that a try Monday - I guess there's downside/risk to bringing down my whole Exchange setup?
I can't think of any risks, can you?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18788054
I have done it lots of times without causing a problem with the Exchange server.
If you find it doesn't work then I find it is best to reset the virtual folders which causes a short outage while a service is restarted.

You are changing the IIS Configuration, that is all. It is all easily reset.

Simon.
0
 

Author Comment

by:sasdaniels
ID: 18792047
Yep, gonna have to reset the virtual folders . .although I get as far as 'connection established on the smartphone if I turn off SSL on phone - but no actual items sync - eventually drops out with 'lost connection.
I'll have a go this afternnon resetting folders, when I put certificate back on where do I require SSL - on the new directory or the default? And if default do I let it overwrite values for child directory's when prompted?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792213
Don't set require SSL anywhere.
Do not confuse the setting require SSL with your ability to use SSL.

Simon.
0
 

Author Comment

by:sasdaniels
ID: 18793125
Hi Simon
thanks for your help so far - bit stuck now though
After resetting folders following MS KB article OWA is only partially working - can log and and display email folders but actual emails are stuck on 'loading' with 'error on page' displayed at bottom - details of which say something about a remote procedure call error - any ideas?
ps the MS article mentioned deleting only  certain virtual folders so I did not delete iisadmpwrd and aspnet folders as part of reset - should I have deleted all folders . .
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 104

Expert Comment

by:Sembee
ID: 18793144
The only folders that you have to delete are the ones listed in the KB article.
Did you delete the registry key created as part of 817379? If not that can cause problems.

Simon.
0
 

Author Comment

by:sasdaniels
ID: 18793152
I did delete registry key . .
0
 

Author Comment

by:sasdaniels
ID: 18793296
OK
It's back (phew!) - I did steps 1-9 of article and not 10 this time
So back to 817379 and your instructions - let you know
0
 

Author Comment

by:sasdaniels
ID: 18793706
Hi Simon
Thanks for your patience so far . .
done 817379 again
If I try smartphone with use SSL set to no, in log, I get connecting to internet, connecting to Echange server and then connection established - just hangs though and eventually say connection lost will try 'push' again when connection reestablished.
If I try smartphone with SSL required I get:
0x7370D02 (activeSyncErrTransactionFailed)
Any more ideas for me to try tomorrow?
Andy
0
 

Author Comment

by:sasdaniels
ID: 18793807
What should be the settings in Microsoft-active-sync folder (virtual directory) be? I notice it is the only folder with no boxes ticked in local path section eg read, write etc
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 18793821
Does OMA work? That is what I use for most troubleshooting.

Is the device that you are using external to your firewall? Have you tried the emulator so that you can test inside?

Simon.
0
 

Author Comment

by:sasdaniels
ID: 18814848
Hi Simon
I have Microsoft dialled in 4 hrs and 45 mins and counting! I'll let you know . .
ps oma does work
0
 

Author Comment

by:sasdaniels
ID: 18835900
Hi Simon
Problem was with ISA server which won't support both forms based and basic authentication on one IP address - to be fair I didn't mention ISA server to you - your suggestions were all correct
This website explains a way around the issue
http://www.isaserver.org/tutorials/2004pubowamobile.html
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now