Solved

Active Sync for a T-Mobile Wing

Posted on 2007-11-15
17
4,080 Views
Last Modified: 2013-12-05
I get this error on the Wing...

The Microsoft exchange server requires a personal certificate to log on.  please obtain a certificate as directed by your corporation or service provider

we have a single server Exchange env.
0
Comment
Question by:burstadmin
  • 10
  • 6
17 Comments
 
LVL 4

Expert Comment

by:victorjones1
ID: 20293664
Do you have Outlook Web Access enabled, and if so do you have a SSL Certificate for OWA installed?
0
 
LVL 4

Expert Comment

by:dempsedm
ID: 20293761
If you do a self-signed certificate for Outlook Web Access, you will have to install it manually onto the device.  Alternatively, you can buy a "pre-trusted" certificate and install it on the server.  If it is one that is trusted by Windows Mobile, it will work without having to add them manually to the devices.  I personally like to use (and like the price) Godaddy for Windows Mobile SSL certs.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20293840
I recently installed a SSL from godaddy on my Exchange 2007 server to stop the annoying certificate error that always pops up on OWA.  Before the SSL install i could not connect with any device using Exchange Active Sync, but immediately after installing the cert I connected a palm phone to the users email with no issues
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:victorjones1
ID: 20293853
Godaddy SSL's are $4.99 per year right now.  That is much much cheaper than Verisign or Thawte.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20293857
that is $14.99 per year
0
 

Author Comment

by:burstadmin
ID: 20298155
I do have OWA, with a Thawt cert.  Thawt is on the phone already, and I installed the cert just in case.  

It is asking for a personal cert as if the exchange server is looking for a trust between the phone and the server.  Does anyone know how to remove that without removing the SSL for my OWA?  Everything keeps referring to a front end server, but I run a single server env.  
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20298908
In the Active Sync setup:

Your server address should be mail.mydomain.com (exactly the same as you OWA address)
Check the box next to This server requires an encrypted (SSL) connection
Enter username, password, & domain name

These settings should work

If not try changing the user name to your email address and/or unchecking the server requires an SSL check box.
0
 

Author Comment

by:burstadmin
ID: 20298923
alrady tried both of these.
0
 

Author Comment

by:burstadmin
ID: 20299294
so, I removed SSH just for giggles on the unit and on the server and it is still not working.
I know this is suposed to be really simple, but it is not.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20299586
You said that you installed the thawte cert on the wing already, but try this:

http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx

This method should work if the method you used doesn't work. It also works for adding certs to certificate stores other than ROOT - the certinst tool will only add to the ROOT store if I remember correctly.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20300095
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20300120
I've been researching this and it does not seem to be a simple problem at all.  This blog seems to address similar certificate problems with Windows Mobile phones:

http://blogs.msdn.com/windowsmobile/archive/2005/11/03/488924.aspx

You may find your solution here.
0
 

Author Comment

by:burstadmin
ID: 20300230
But I do not think it is a root cert problem.  I have unchecked require ssl to ther server and I stioll cannot get to it.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20300587
Are you able to open OWA from the phone's internet browser with no cert errors?
0
 

Author Comment

by:burstadmin
ID: 20300725
yes.  no problems there...
0
 

Author Comment

by:burstadmin
ID: 20301019
I figured it out...

http://support.microsoft.com/?kbid=817379

Thanks for your help.  Repost this solution and I will give you the points for your help...
0
 
LVL 4

Accepted Solution

by:
victorjones1 earned 250 total points
ID: 20301671
Method 1
Install and configure an Exchange Server 2003 computer as a front-end server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
818476 (http://support.microsoft.com/kb/818476/) You can configure either Exchange Server 2003 Standard Edition or Exchange Server 2003 Enterprise Edition as a front-end server

Back to the top
Method 2
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Important Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located.

Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory. To create a secondary virtual directory for Exchange that is based on steps 1 to 4 in the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager, and then restart IIS.

Additionally, you must use Internet Information Services (IIS) Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps.

Note These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create.
1.      Start Internet Information Services (IIS) Manager.
2.      Locate the Exchange virtual directory. The default location is as follows:
Web Sites\Default Web Site\Exchange
3.      Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4.      In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5.      Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6.      In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7.      Under Select a configuration to import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."
8.      In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9.      Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10.      Click the Directory Security tab.
11.      Under Authentication and access control, click Edit.
12.      Make sure that only the following authentication methods are enabled, and then click OK:
•      Integrated Windows authentication
•      Basic authentication
13.      Under IP address and domain name restrictions, click Edit.
14.      Click Denied access, click Add, click Single computer, type the IP address of the server that you are configuring, and then click OK.
15.      Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16.      Click OK, and then close the IIS Manager.
17.      Click Start, click Run, type regedit, and then click OK.
18.      Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
19.      Right-click Parameters, click to New, and then click String Value.
20.      Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21.      In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22.      Quit Registry Editor.
23.      Restart the IIS Admin service. To do this, follow these steps:
a.       Click Start, click Run, type services.msc, and then click OK.
b.       In the list of services, right-click IIS Admin service, and then click Restart.
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Malware infection with local user rights? 6 47
pdf to excel 7 54
Network adapter for Windows 7 9 47
data internet through mobile 14 36
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question