Solved

Exchange 2003 SP2 Push Email Problem - 0x80072F0D

Posted on 2008-06-26
7
691 Views
Last Modified: 2013-12-05
Hi All,

I've got a problem setting up Push email on a Windows 2003 SP2, Exchange 2003 SP2 server.

I have set a few of these up in the past with no problems.

I have created a dns record called mobile.domainname.com and using IIS6, submitted a ssl certificate request for that domain to www.certificatesforexchange.com The certifcate got processed ok and installed on the server.

I can access the server via https://mobile.domainname.com/exchange and via https://mobile.domainname.com/oma and all appears to be ok from that point of view

When I try to setup the handheld device (ipaq 514 windows mobile 6) to connect to the server, it gives me the error code 0x80072F0D which I understand to be a certificate error.

I'm a bit confused because I have never had a problem with that provider before and from what I can see, the server is configured ok.

The one strange thing with this server is that originally it did not state that it had SP2 applied yet the option of 5 tick boxes was shown in default smtp virtual server, properties, advanced, edit whereas you normally see 3 tick boxes on an unpatched server. I re-applied SP2 and it now shows as sp2 being installed.

Are there any other causes of 0x80072F0D as I am 99.9% sure the certificate is ok and I know the phone is ok as it conencts to another server that has a certificate issued by www.certificatesforexchange.com (starfield).

Thanks in advance
0
Comment
Question by:ghost123
  • 3
  • 3
7 Comments
 
LVL 9

Accepted Solution

by:
dipersp earned 250 total points
Comment Utility
I'm 99% sure that certificatesforexchange.com is GoDaddy, which is in the list of root certs for mobile devices, so you're good there.

To be sure, go to your OWA page on a PC - click the lock icon indicated the page is SSL secured and view the cert.  Does it show GoDaddy info?

If it is GoDaddy, did they give you an intermediate cert to load on the server?  I found on RARE occasion, there was already some GoDaddy stuff in the certificate store, so what I do before loading any GoDaddy stuff is to make sure there are no intermediate certs or revoked intermediate certs listed.  If that's good, go ahead and import the intermediate.  Then check in the root certs list that no GoDaddy certs are listed (You may already have some since you're loaded the cert.)  I would right-click properties and disable the GoDaddy root certs, remove them from IIS and reload them in IIS.

Let us know if any of that works.
0
 
LVL 1

Author Comment

by:ghost123
Comment Utility
Hi

Don't think its GoDaddy

The cert info is starfield - issuer info:-
SERIALNUMBER = xxxxx
CN = Starfield Secure Certification Authority
OU = http://certificates.starfieldtech.com/repository
O = Starfield Technologies, Inc.
L = Scottsdale
S = Arizona
C = US

I did get an intermediate cert from them which I didn't install tbh (never have before either) - I am going to bounce the server tonight and then I'll check the certs as you suggest.

Thanks,


Pete
0
 
LVL 9

Expert Comment

by:dipersp
Comment Utility
Yeh, that's GoDaddy.  Install the intermediate cert.  It'll take you two minutes as opposed to waiting to bounce the box tonight and it will probably work fine.
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 1

Author Comment

by:ghost123
Comment Utility
Installed the intermediate cert succesfully but still get same error code on the handheld

Somewhere I think I have made things worse now :(  

Accessing http or https://domainname/exchange is ok but now when I access http or https://domainname/oma it asks for username and password then says:-

The website declined to show this webpage
 HTTP 403  
   Most likely causes:
This website requires you to log in.
 
   What you can try:
     Go back to the previous page.
 
     More information

This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

For more information about HTTP errors, see Help.

Yet, if I take the tick out of SSL on the handheld it syncs!!

Think I need to bounce it!!
0
 
LVL 9

Expert Comment

by:dipersp
Comment Utility
Does OMA work from a regular desktop browser when SSL is setup?

See link below and check out method #3.

http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm
0
 
LVL 10

Expert Comment

by:Casey Herman
Comment Utility
The bible to these stupid phones... ignore the error 85010014

http://www.amset.info/exchange/mobile-85010014.asp

This guide fixes about 99.999% of phone synch problems
0
 
LVL 1

Author Comment

by:ghost123
Comment Utility
Hi,

Installed the intermediate certifcate and cleaned up the others and all works now :)

Thanks for your help dipersp
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now