Active Sync for a T-Mobile Wing

Posted on 2007-11-15
Last Modified: 2013-12-05
I get this error on the Wing...

The Microsoft exchange server requires a personal certificate to log on.  please obtain a certificate as directed by your corporation or service provider

we have a single server Exchange env.
Question by:burstadmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6

Expert Comment

ID: 20293664
Do you have Outlook Web Access enabled, and if so do you have a SSL Certificate for OWA installed?

Expert Comment

ID: 20293761
If you do a self-signed certificate for Outlook Web Access, you will have to install it manually onto the device.  Alternatively, you can buy a "pre-trusted" certificate and install it on the server.  If it is one that is trusted by Windows Mobile, it will work without having to add them manually to the devices.  I personally like to use (and like the price) Godaddy for Windows Mobile SSL certs.

Expert Comment

ID: 20293840
I recently installed a SSL from godaddy on my Exchange 2007 server to stop the annoying certificate error that always pops up on OWA.  Before the SSL install i could not connect with any device using Exchange Active Sync, but immediately after installing the cert I connected a palm phone to the users email with no issues
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Expert Comment

ID: 20293853
Godaddy SSL's are $4.99 per year right now.  That is much much cheaper than Verisign or Thawte.

Expert Comment

ID: 20293857
that is $14.99 per year

Author Comment

ID: 20298155
I do have OWA, with a Thawt cert.  Thawt is on the phone already, and I installed the cert just in case.  

It is asking for a personal cert as if the exchange server is looking for a trust between the phone and the server.  Does anyone know how to remove that without removing the SSL for my OWA?  Everything keeps referring to a front end server, but I run a single server env.  

Expert Comment

ID: 20298908
In the Active Sync setup:

Your server address should be (exactly the same as you OWA address)
Check the box next to This server requires an encrypted (SSL) connection
Enter username, password, & domain name

These settings should work

If not try changing the user name to your email address and/or unchecking the server requires an SSL check box.

Author Comment

ID: 20298923
alrady tried both of these.

Author Comment

ID: 20299294
so, I removed SSH just for giggles on the unit and on the server and it is still not working.
I know this is suposed to be really simple, but it is not.

Expert Comment

ID: 20299586
You said that you installed the thawte cert on the wing already, but try this:

This method should work if the method you used doesn't work. It also works for adding certs to certificate stores other than ROOT - the certinst tool will only add to the ROOT store if I remember correctly.

Expert Comment

ID: 20300120
I've been researching this and it does not seem to be a simple problem at all.  This blog seems to address similar certificate problems with Windows Mobile phones:

You may find your solution here.

Author Comment

ID: 20300230
But I do not think it is a root cert problem.  I have unchecked require ssl to ther server and I stioll cannot get to it.

Expert Comment

ID: 20300587
Are you able to open OWA from the phone's internet browser with no cert errors?

Author Comment

ID: 20300725
yes.  no problems there...

Author Comment

ID: 20301019
I figured it out...

Thanks for your help.  Repost this solution and I will give you the points for your help...

Accepted Solution

victorjones1 earned 250 total points
ID: 20301671
Method 1
Install and configure an Exchange Server 2003 computer as a front-end server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
818476 ( You can configure either Exchange Server 2003 Standard Edition or Exchange Server 2003 Enterprise Edition as a front-end server

Back to the top
Method 2
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Important Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located.

Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory. To create a secondary virtual directory for Exchange that is based on steps 1 to 4 in the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager, and then restart IIS.

Additionally, you must use Internet Information Services (IIS) Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps.

Note These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create.
1.      Start Internet Information Services (IIS) Manager.
2.      Locate the Exchange virtual directory. The default location is as follows:
Web Sites\Default Web Site\Exchange
3.      Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4.      In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5.      Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6.      In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7.      Under Select a configuration to import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."
8.      In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9.      Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10.      Click the Directory Security tab.
11.      Under Authentication and access control, click Edit.
12.      Make sure that only the following authentication methods are enabled, and then click OK:
•      Integrated Windows authentication
•      Basic authentication
13.      Under IP address and domain name restrictions, click Edit.
14.      Click Denied access, click Add, click Single computer, type the IP address of the server that you are configuring, and then click OK.
15.      Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16.      Click OK, and then close the IIS Manager.
17.      Click Start, click Run, type regedit, and then click OK.
18.      Locate the following registry subkey:
19.      Right-click Parameters, click to New, and then click String Value.
20.      Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21.      In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22.      Quit Registry Editor.
23.      Restart the IIS Admin service. To do this, follow these steps:
a.       Click Start, click Run, type services.msc, and then click OK.
b.       In the list of services, right-click IIS Admin service, and then click Restart.
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question