L_P_Loudan
asked on
How to get Active Synch to work for a child Domain.
WE ahve one domain that most users are in and everythig is working fine. But we do have a child domain that has its own exchange system. The exchange in the master domain is 2007 while the system in the child domain is 2003. We now have requests from users in the child domain that want to start using active synch. OWA works fine for them but I can not seem to get active synch to work. Any ideas or tricks that I need to know about to get this working.
dfxdeimos
Do you have the certificate installed on the devices that are trying to access ActiveSync?
I jumped the gun a little bit there...
So you have OWA working just fine, I assume by navigating to mail.child.domain.com ? Are you trying to use SSL or Non-SSL for the ActiveSync setup? If you are using SSL, do you have the appropriate certificates installed on the mobile device? Do you have the proper ports (80 or 443) forwarded through the firewall?
So you have OWA working just fine, I assume by navigating to mail.child.domain.com ? Are you trying to use SSL or Non-SSL for the ActiveSync setup? If you are using SSL, do you have the appropriate certificates installed on the mobile device? Do you have the proper ports (80 or 443) forwarded through the firewall?
ASKER
I have not installe dthe certs on the device, I will try that tomorrow and let you know.
Ok, if it is a self signed certificate then you will also have to install the root certificate of the issuing CA on the device.
ASKER
we have the cert on the CA server in the master domain and for users in that domain we do not need to install the cert on the device. When we were on 2003 on both domains we had to install the cert on the device. do you think I need to install the cert on the device that connects to the child domain or do i need another cert for the child domain.
Your comment is worded in a confusing matter to me.
If you are using a self signed certificate to secure Exchange then you are going to have to add THAT certificates issuing CA to the Trusted Root Certification Authorities on the mobile device.
So if you visit https://mail.child.domain.com/exchange and take a look at the certificate that is used to secure OWA, whatever CA issued THAT certificate is the one that you want to install on the device.
If you are using a self signed certificate to secure Exchange then you are going to have to add THAT certificates issuing CA to the Trusted Root Certification Authorities on the mobile device.
So if you visit https://mail.child.domain.com/exchange and take a look at the certificate that is used to secure OWA, whatever CA issued THAT certificate is the one that you want to install on the device.
ASKER
No we purchased a cert for the new CA server for OWA and active synch. this way the cert seem sot be pushed to the device. on the old way we had to install the cert on each device that wanted to conenct to active synch.
Are you trying to say that you purchased a certificate from GoDaddy or VeriSign (or other) and used THAT to secure OWA?
ASKER
yes, that is what I am saying.
What address (you can change the domain name for security reasons) do you use to access OWA on the child domain? When you access OWA via HTTPS, what is the exact name of the server that the certificate is "Issued To" and "Issued By"? Do you receive any certificate errors?
ASKER
the web address is OWA.domain.com. We use that same address for active synch. The user in the child domain use the same address for OWA and it works but it does not work for Active Synch.
Are their any errors that appear either in the mobile device or on Exchange server's event logs?
ASKER
no erros, it jsut does not connect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.