captaindewy
asked on
PPC active sync with exchange error over 3g
I am having trouble using Active sync back to our SBS 2003 premium edition R2 SP2.
Handsets are JasJam PPC running windows mobile 5.0.
Active sync on my laptop is version 4.5
Previously on our old server running SBS 2003 PE we had active sync working fine but since we migrated to the new server we can't get it working.
Have created and installed a certificate as we had done previously but without success.
getting error codes 0x80072F17 and 0x85010004.
Connection to 3G can be started ok, seems to us that it is server related.
appreciate your expertise on this one.
carl
Handsets are JasJam PPC running windows mobile 5.0.
Active sync on my laptop is version 4.5
Previously on our old server running SBS 2003 PE we had active sync working fine but since we migrated to the new server we can't get it working.
Have created and installed a certificate as we had done previously but without success.
getting error codes 0x80072F17 and 0x85010004.
Connection to 3G can be started ok, seems to us that it is server related.
appreciate your expertise on this one.
carl
Hi
When you export choose DER format.
RPC over HTTPS is enabled by default on a SBS server.
Robert Lundqvist
Small Business Specialist
Sweden
When you export choose DER format.
RPC over HTTPS is enabled by default on a SBS server.
Robert Lundqvist
Small Business Specialist
Sweden
The simple test is to browse to https://host.domain.com/oma (where host.domain.com is the name that you need to use to access the server externally) on your Windows Mobile device.
If you get any certificate prompts then Exchange ActiveSync will not work.
Are you using a home grown or a commercial certificate? If you are using a home grown certificate then this will not be trusted by the device and needs to be installed in to the device.
Simon.
If you get any certificate prompts then Exchange ActiveSync will not work.
Are you using a home grown or a commercial certificate? If you are using a home grown certificate then this will not be trusted by the device and needs to be installed in to the device.
Simon.
Depending on the provider (Verizon, Cingular, etc.) and device, there will be a different way to add the new server certificate to your trusted root storage on the device. Example: in order to achieve this on the Motorola Q using Verizon service you need to download an application from Verizon called: vzw_sp_addcert. This application (along with any certificates you want to add) has to be located on the root of your device in a folder called "storage". Once all the pieces are in place simply activate the application in this folder and follow the prompts to add the certificate. If the cert is not valid it will tell you in which case you'll either have to re-export it or generate a new one.
The provider doesn't matter if you use the cabinet file method. I have never had that fail on me yet.
Simon.
Simon.
the provider DOES matter on locked devices. i.e., you won't be able to use the utility from Verizon to add certs to the trusted root of a Q on the ATT service, etc.
What utility?
The cabinet file isn't a utility. It is a small file that installs in to Windows Mobile devices, even on locked devices.
Simon.
The cabinet file isn't a utility. It is a small file that installs in to Windows Mobile devices, even on locked devices.
Simon.
yes, I know this. However, installing a root certificate on a device such as a Motorola Q demands either a registry hack on the device (not recommended) or a download of a manufacturer utility to get the certificate on the device in the correct area. At no time are *.cab files used. Check this link:
http://support.microsoft.com/?kbid=841060
I understand your point in making a *.cab but you provided no details on how to accomplish this nor why it would be necessary, especially if the provider includes a way to accomplish it without a "hack" or if the shellexecute extension is not working.
http://support.microsoft.com/?kbid=841060
I understand your point in making a *.cab but you provided no details on how to accomplish this nor why it would be necessary, especially if the provider includes a way to accomplish it without a "hack" or if the shellexecute extension is not working.
That article you have posted is for Windows Mobile 2002/2003, so is either one or two versions out of date - the world has moved on considerable since those versions of Windows Mobile.
The cabinet creation method I have posted about before if you used the search box,
I have full instructions on my web site here: http://www.amset.info/pocketpc/certificates.asp
I also believe it has been posted on some of the Microsoft blogs as well.
The cabinet file method is totally provider independent. You create a single small file (usually less than 3kb) which can be put on a web page somewhere with the root certificate. Any Windows Mobile device can use the cabinet file, above version 5.
Simon.
The cabinet creation method I have posted about before if you used the search box,
I have full instructions on my web site here: http://www.amset.info/pocketpc/certificates.asp
I also believe it has been posted on some of the Microsoft blogs as well.
The cabinet file method is totally provider independent. You create a single small file (usually less than 3kb) which can be put on a web page somewhere with the root certificate. Any Windows Mobile device can use the cabinet file, above version 5.
Simon.
Hardly out of date considering that the article is still quite applicable on Windows Mobile 5.0 devices and possibly 6. BTW...I never disagreed with you regarding the cabinet creation. I'm in the trenches everyday and see the issues that admins and users face. <content removed, -red>
ASKER
thanks all, we will be having a close look at this in 2 days, as we have been sidetracked with a few other similar sever issues which could be contributing, like can't access OWA at all. any suggestions appreciated.
carl
carl
ASKER
Now getting error:
ActiveSync encountered a problem on the server.
Support code: 0x85010014
Any ideas...?
ActiveSync encountered a problem on the server.
Support code: 0x85010014
Any ideas...?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
1. Imported all certificates from the SBS server (we used self-signed certificates)
a. Export the certificate from the server using internet explorer
b. .ZIP the certificate and send it to the PPC
c. Import the certificate on the PPC (if this is not done then you have to edit the registry on your PPC as we were supposed to, I could give you some guidelines for QTek and Siemens).
d. Configured the Active Sync to synchronize with the SBS server (using fqdn, user, password and domain)
If this cannot be done please see if you have enabled RPC over HTTPS on your exchange server. Please check if it is WME 5.0 or later. The version before this one are not supporting Direct Push technologies.