Solved

Active Sync for a T-Mobile Wing

Posted on 2007-11-15
17
4,068 Views
Last Modified: 2013-12-05
I get this error on the Wing...

The Microsoft exchange server requires a personal certificate to log on.  please obtain a certificate as directed by your corporation or service provider

we have a single server Exchange env.
0
Comment
Question by:burstadmin
  • 10
  • 6
17 Comments
 
LVL 4

Expert Comment

by:victorjones1
ID: 20293664
Do you have Outlook Web Access enabled, and if so do you have a SSL Certificate for OWA installed?
0
 
LVL 4

Expert Comment

by:dempsedm
ID: 20293761
If you do a self-signed certificate for Outlook Web Access, you will have to install it manually onto the device.  Alternatively, you can buy a "pre-trusted" certificate and install it on the server.  If it is one that is trusted by Windows Mobile, it will work without having to add them manually to the devices.  I personally like to use (and like the price) Godaddy for Windows Mobile SSL certs.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20293840
I recently installed a SSL from godaddy on my Exchange 2007 server to stop the annoying certificate error that always pops up on OWA.  Before the SSL install i could not connect with any device using Exchange Active Sync, but immediately after installing the cert I connected a palm phone to the users email with no issues
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20293853
Godaddy SSL's are $4.99 per year right now.  That is much much cheaper than Verisign or Thawte.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20293857
that is $14.99 per year
0
 

Author Comment

by:burstadmin
ID: 20298155
I do have OWA, with a Thawt cert.  Thawt is on the phone already, and I installed the cert just in case.  

It is asking for a personal cert as if the exchange server is looking for a trust between the phone and the server.  Does anyone know how to remove that without removing the SSL for my OWA?  Everything keeps referring to a front end server, but I run a single server env.  
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20298908
In the Active Sync setup:

Your server address should be mail.mydomain.com (exactly the same as you OWA address)
Check the box next to This server requires an encrypted (SSL) connection
Enter username, password, & domain name

These settings should work

If not try changing the user name to your email address and/or unchecking the server requires an SSL check box.
0
 

Author Comment

by:burstadmin
ID: 20298923
alrady tried both of these.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:burstadmin
ID: 20299294
so, I removed SSH just for giggles on the unit and on the server and it is still not working.
I know this is suposed to be really simple, but it is not.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20299586
You said that you installed the thawte cert on the wing already, but try this:

http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx

This method should work if the method you used doesn't work. It also works for adding certs to certificate stores other than ROOT - the certinst tool will only add to the ROOT store if I remember correctly.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20300095
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20300120
I've been researching this and it does not seem to be a simple problem at all.  This blog seems to address similar certificate problems with Windows Mobile phones:

http://blogs.msdn.com/windowsmobile/archive/2005/11/03/488924.aspx

You may find your solution here.
0
 

Author Comment

by:burstadmin
ID: 20300230
But I do not think it is a root cert problem.  I have unchecked require ssl to ther server and I stioll cannot get to it.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20300587
Are you able to open OWA from the phone's internet browser with no cert errors?
0
 

Author Comment

by:burstadmin
ID: 20300725
yes.  no problems there...
0
 

Author Comment

by:burstadmin
ID: 20301019
I figured it out...

http://support.microsoft.com/?kbid=817379

Thanks for your help.  Repost this solution and I will give you the points for your help...
0
 
LVL 4

Accepted Solution

by:
victorjones1 earned 250 total points
ID: 20301671
Method 1
Install and configure an Exchange Server 2003 computer as a front-end server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
818476 (http://support.microsoft.com/kb/818476/) You can configure either Exchange Server 2003 Standard Edition or Exchange Server 2003 Enterprise Edition as a front-end server

Back to the top
Method 2
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Important Method 2 should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located.

Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory. To create a secondary virtual directory for Exchange that is based on steps 1 to 4 in the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager, and then restart IIS.

Additionally, you must use Internet Information Services (IIS) Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps.

Note These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create.
1.      Start Internet Information Services (IIS) Manager.
2.      Locate the Exchange virtual directory. The default location is as follows:
Web Sites\Default Web Site\Exchange
3.      Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4.      In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5.      Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6.      In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7.      Under Select a configuration to import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."
8.      In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9.      Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10.      Click the Directory Security tab.
11.      Under Authentication and access control, click Edit.
12.      Make sure that only the following authentication methods are enabled, and then click OK:
•      Integrated Windows authentication
•      Basic authentication
13.      Under IP address and domain name restrictions, click Edit.
14.      Click Denied access, click Add, click Single computer, type the IP address of the server that you are configuring, and then click OK.
15.      Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16.      Click OK, and then close the IIS Manager.
17.      Click Start, click Run, type regedit, and then click OK.
18.      Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
19.      Right-click Parameters, click to New, and then click String Value.
20.      Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21.      In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22.      Quit Registry Editor.
23.      Restart the IIS Admin service. To do this, follow these steps:
a.       Click Start, click Run, type services.msc, and then click OK.
b.       In the list of services, right-click IIS Admin service, and then click Restart.
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If your app took Google’s lash recently, here are the 5 most likely reasons.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now