Solved

palm treo, windows mobile 5, pocket outlook, error synchronizing

Posted on 2008-10-06
7
1,453 Views
Last Modified: 2013-12-05
We previously had a self-signed certificate for owa. It had expired, so we purchased a cert from SSLGenie. We installed the cert and now owa now works fine. However, our mobile users are not having trouble connecting. This one in particular is using a Cingular Palm Treo with Windows Mobile 5.0. It is set up to use POP3, and in the settings for outgoing, it isnt set to use SSL, so not sure why the cert install would be effecting this. We get an "Error Synchronizing" for a split second before it says "Finished".

Is there anywhere i can go to view the details of the error?
0
Comment
Question by:bradl3y
  • 5
  • 2
7 Comments
 
LVL 6

Author Comment

by:bradl3y
Comment Utility
We have a barracuda spam firewall, so our MX record simply points to our main external IP, and our checkpoint firewall has a rule set up to redirect and SMTP traffic to the barracuda spam firewall. It does appear any redirections are in place for POP3, so I am not sure how this was ever working. There is nothing in the NAT settings of the checkpoint that points any incoming traffic directly to our mail server. I can't imagine this was ever working...

Maybe he had the POP3 account set up only for sending (come to think of it, his pop3 inbox was empty). When i go to "Tools > Options", only the POP3 account is listed.

Are exchange accounts set up somewhere else on the device?
0
 
LVL 8

Assisted Solution

by:smeek
smeek earned 500 total points
Comment Utility
If it is Windows mobile 5, why don't you just configure it for Exchange ActiveSync and not worry about POP3 anymore.

http://www.upenn.edu/computing/provider/pda/exchange/wm5exchange.html

Steve
0
 
LVL 6

Author Comment

by:bradl3y
Comment Utility
Ok, thanks for the link. It is already set up to receive by exchange (i didn't know that).

On the device, I am receviing the message "The security certificate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server.

Support Code: 0x80072F0D"

I can browse fine to it using Firefox, IE6, Opera, Safari 3 (Windows), and Google Chrome, without any security warnings.

One thing that just occurred to me, is that i am able to visit the site within our network, while it is resolving to a IP on our local network. Is an IP address part of the certificate? If so, how can I see what IP address it is using? Could the certificate have been requested with the local IP?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 6

Author Comment

by:bradl3y
Comment Utility
Here is the details fo the error message provided by Cingular Support:

This issue occurs because an intermediate certification authority (CA) certificate is not present on the device or on the Exchange Server server with which you are synchronizing.

Windows Mobile-based devices do not generally contain intermediate CA certificates in their certificate store. Internet Information Services (IIS) will send the whole certificate chain to the device. However, IIS will do this only if it can verify the whole chain. By default, the device does not contain these certificates. Therefore, the server must send them. The device must contain only the root certificate in its certificate store.

Frequently, this issue occurs with GoDaddy certificates because either the root CA certificate or the intermediate CA certificate is missing from the certificate store on the server that is running Windows Server 2003.

Frequently, this issue occurs with VeriSign certificates because the intermediate CA certificate in the certificate store on the Windows Server 2003 server is expired.


So it seems the root certificate that would validate a cert from ssl genie is not on the device right? How would I obtain that root cert?
0
 
LVL 6

Author Comment

by:bradl3y
Comment Utility
Ok, I attempted to visit https://owa.myserver.tld/oma in my browser, and was presented with a security warning that the certificate was issued by a ca that i have not chosen to trust., then there were green check marks for the cert has not expired and the cert appears valid.

I have narrowed it down, it appears that the device currently doesnt trust sslgenie.com as a root authority. I am going to post a new question on how to configure it to trust the sslgenie.com certificates as the question is now much more direct, it should get more attention.
0
 
LVL 8

Assisted Solution

by:smeek
smeek earned 500 total points
Comment Utility
You can either install the certificate into the device root store or purchase more well known certificate.

I ran into similar issues when I first used a privately signed certificate.  My WM6 phones imported easily.  My WM5 phones did not want to.  I was able to get a three to install the cert but different ways
http://support.microsoft.com/kb/915840
http://blogs.msdn.com/windowsmobile/archive/2006/02/27/ssl-certificates-201.aspx
http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx

I got so frustrated I ended up purchasing a public Thawte cert which my phones recognized.

Hope it helps.

Steve
0
 
LVL 6

Accepted Solution

by:
bradl3y earned 0 total points
Comment Utility
Alright, here is how I solved this issue, with much thanks to smeek:

1. In firefox I navigated to https://owa.mydomain.tld/
2. I double clicked on the security lock icon in the status bar.
3. Clicked "View Certificate".
4. Clicked "Details" tab.
5. Clicked on the first entry in the Certificate Hierarchy.
6. Clicked "Export"
7. Navigated to where I wanted to save this file
8. Added ".cer" to the end of the file name (the phone will not recognize the default .crt extension)
9. Changed Save as Type to "X.509 Certificate (DER)"
10. Clicked Save.
11. Repeated steps 5-10 for each additional entry in the Certificate Hierarchy.

Then I used ActiveSync to copy the files to the Device, and opened each file from the File Browser to install the certificate.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Outlook Free & Paid Tools
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now