Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4098
  • Last Modified:

Active Sync for a T-Mobile Wing

I get this error on the Wing...

The Microsoft exchange server requires a personal certificate to log on.  please obtain a certificate as directed by your corporation or service provider

we have a single server Exchange env.
  • 10
  • 6
1 Solution
Do you have Outlook Web Access enabled, and if so do you have a SSL Certificate for OWA installed?
If you do a self-signed certificate for Outlook Web Access, you will have to install it manually onto the device.  Alternatively, you can buy a "pre-trusted" certificate and install it on the server.  If it is one that is trusted by Windows Mobile, it will work without having to add them manually to the devices.  I personally like to use (and like the price) Godaddy for Windows Mobile SSL certs.
I recently installed a SSL from godaddy on my Exchange 2007 server to stop the annoying certificate error that always pops up on OWA.  Before the SSL install i could not connect with any device using Exchange Active Sync, but immediately after installing the cert I connected a palm phone to the users email with no issues
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Godaddy SSL's are $4.99 per year right now.  That is much much cheaper than Verisign or Thawte.
that is $14.99 per year
burstadminAuthor Commented:
I do have OWA, with a Thawt cert.  Thawt is on the phone already, and I installed the cert just in case.  

It is asking for a personal cert as if the exchange server is looking for a trust between the phone and the server.  Does anyone know how to remove that without removing the SSL for my OWA?  Everything keeps referring to a front end server, but I run a single server env.  
In the Active Sync setup:

Your server address should be (exactly the same as you OWA address)
Check the box next to This server requires an encrypted (SSL) connection
Enter username, password, & domain name

These settings should work

If not try changing the user name to your email address and/or unchecking the server requires an SSL check box.
burstadminAuthor Commented:
alrady tried both of these.
burstadminAuthor Commented:
so, I removed SSH just for giggles on the unit and on the server and it is still not working.
I know this is suposed to be really simple, but it is not.
You said that you installed the thawte cert on the wing already, but try this:

This method should work if the method you used doesn't work. It also works for adding certs to certificate stores other than ROOT - the certinst tool will only add to the ROOT store if I remember correctly.
I've been researching this and it does not seem to be a simple problem at all.  This blog seems to address similar certificate problems with Windows Mobile phones:

You may find your solution here.
burstadminAuthor Commented:
But I do not think it is a root cert problem.  I have unchecked require ssl to ther server and I stioll cannot get to it.
Are you able to open OWA from the phone's internet browser with no cert errors?
burstadminAuthor Commented:
yes.  no problems there...
burstadminAuthor Commented:
I figured it out...

Thanks for your help.  Repost this solution and I will give you the points for your help...
Method 1
Install and configure an Exchange Server 2003 computer as a front-end server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
818476 ( You can configure either Exchange Server 2003 Standard Edition or Exchange Server 2003 Enterprise Edition as a front-end server

Back to the top
Method 2
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Important Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located.

Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory. To create a secondary virtual directory for Exchange that is based on steps 1 to 4 in the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager, and then restart IIS.

Additionally, you must use Internet Information Services (IIS) Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps.

Note These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create.
1.      Start Internet Information Services (IIS) Manager.
2.      Locate the Exchange virtual directory. The default location is as follows:
Web Sites\Default Web Site\Exchange
3.      Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4.      In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5.      Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6.      In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7.      Under Select a configuration to import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."
8.      In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9.      Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10.      Click the Directory Security tab.
11.      Under Authentication and access control, click Edit.
12.      Make sure that only the following authentication methods are enabled, and then click OK:
•      Integrated Windows authentication
•      Basic authentication
13.      Under IP address and domain name restrictions, click Edit.
14.      Click Denied access, click Add, click Single computer, type the IP address of the server that you are configuring, and then click OK.
15.      Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16.      Click OK, and then close the IIS Manager.
17.      Click Start, click Run, type regedit, and then click OK.
18.      Locate the following registry subkey:
19.      Right-click Parameters, click to New, and then click String Value.
20.      Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21.      In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22.      Quit Registry Editor.
23.      Restart the IIS Admin service. To do this, follow these steps:
a.       Click Start, click Run, type services.msc, and then click OK.
b.       In the list of services, right-click IIS Admin service, and then click Restart.
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 10
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now