Imported renewed Exchange 2007 UCC cert broke Active Sync
I bought an Entrust UCC cert a year ago for my exchange 2007 server which has worked nicely. A year has gone by and it came time to renew it, which I did. I then imported the new exchange certificate, which seemed to go off without a hitch, but in the process, my windows mobile phone now gives me a sync error stating that the certificate is invalid on the server.
So my question is kind of two - fold. Does anything need to happen on the mobile phone after importing a new certificate (This is a trusted certificate so nothing is installed on the phone)... and secondly, do I need to restart any exchange services? I did restart IIS, but that didnt help.
Also, the certificate did appear fine after enabling it. I was able to get on my owa site no problem.
Here were the commands I ran:
Import-exchangecertificate
Enable-exchangecertificate
So my question is kind of two - fold. Does anything need to happen on the mobile phone after importing a new certificate (This is a trusted certificate so nothing is installed on the phone)... and secondly, do I need to restart any exchange services? I did restart IIS, but that didnt help.
Also, the certificate did appear fine after enabling it. I was able to get on my owa site no problem.
Here were the commands I ran:
Import-exchangecertificate
Enable-exchangecertificate
ASKER
Thanks for the response, but Im not sure what you are giving me that link for. My question was not about how to enable the certificate, but rather what needs to be done to allow the active sync to work on the windows mobile phones after the new certificate is installed.
Thanks.
Thanks.
I included it in case there might have been other services you might have wanted to enable, in case you got the instructions from an example that only included what you had down. In particular I was wondering about if you might have needed to include UC in the list (services "IIS, SMTP, POP, UC") Thought its a little different to see SMTP included without POP - not that it isn't valid, just usually either see both or only POP.
ASKER
Thanks.
No, Im not using UC nor POP.
No, Im not using UC nor POP.
On your exchange box, make sure things come up as expected with viewing it:
Get-ExchangeCertificate -DomainName your.domain.name
You shouldn't need to do anything else normally for the rest. You shouldn't have to restart any services on exchange, etc. or do anythign special with ActiveSync. The exception to this that I can think of offhand is if you are using an ISA server you will need to bounce the server.
Also, you can check to make sure that Entrust is using the same root & issuing CA certificates as your prior one did. Pay attention to not only the name but the date in case they may have renewed their CA certificate or something - I haven't heard that they did but entrust isn't quite as heavily used as they used to be to hear as much about.
Get-ExchangeCertificate -DomainName your.domain.name
You shouldn't need to do anything else normally for the rest. You shouldn't have to restart any services on exchange, etc. or do anythign special with ActiveSync. The exception to this that I can think of offhand is if you are using an ISA server you will need to bounce the server.
Also, you can check to make sure that Entrust is using the same root & issuing CA certificates as your prior one did. Pay attention to not only the name but the date in case they may have renewed their CA certificate or something - I haven't heard that they did but entrust isn't quite as heavily used as they used to be to hear as much about.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://technet.microsoft.com/en-us/library/aa997231.aspx
Are you using Unified Messaging (UM)? You might need to add that tag if you are, which could explain the phone issue.