randyintejas
asked on
Exchange 2007 WM 6 0x85030027 error
Have Exchange Server 2007 with all roles on 1 server. Installed Go Daddy Cert and OWA is working with out error screen poping up. Have spent hours searching this site and the internet for a solution. Even followed video at http://www.netometer.com/video/tutorials/install-single-name-godaddy-ssl-certificate-exchange-2007-windows-2008/ for install of cert. Check to make sure ignore Cert is marked everywhere i can find and unchecked require password. Downloaded Root Cert to Win Moblie 6 device and it will not work! on the phone it have the FQDN in the server field. Requires a peron cet to log on 0x85030027 Please help if you have seen this before
Thank you
Thank you
ASKER
Default site - ssl settings - is set to ignore already
Client certificates is enabled somewhere. That is what the error code means.
Unless you haven't setup your SSL certificates correctly somewhere else.
The GoDaddy SSL certificates are supported natively by most Windows Mobile 6 devices, you don't have to import anything in to the device.
What certificate did you buy from them? Was it a standard SSL certificate or a SAN/UC certificate? It should have been the latter.
-M
Unless you haven't setup your SSL certificates correctly somewhere else.
The GoDaddy SSL certificates are supported natively by most Windows Mobile 6 devices, you don't have to import anything in to the device.
What certificate did you buy from them? Was it a standard SSL certificate or a SAN/UC certificate? It should have been the latter.
-M
ASKER
standard Turbo ssl.. Thaks for answering so fast! OWA is working fine so I figured it was ok
ASKER
so are you saying that i must use a UC Cert?
ASKER
Org Config - Client Access - Default - Require password unchecked - General- Checked Allow non provisonable
Server Config - Client Access - activesync- Basic auth - ignore client cert
All sites under Default Web including default web - SSL settings are set to ignore
Server Config - Client Access - activesync- Basic auth - ignore client cert
All sites under Default Web including default web - SSL settings are set to ignore
A UC certificate is preferable because that allows you to have the additional names in the certificate that make deployment easier - autodiscover.domain.com, your OWA address, the server's real name and FQDN. While it can be done with a single name SSL certificate you have to make lots of changes to the system.
Is Exchange going straight to the internet, or are you going through ISA?
Use a test account with the Test Exchange Connectivity Site:
https://www.testexchangeconnectivity.com
See if that flags anything.
-M
Is Exchange going straight to the internet, or are you going through ISA?
Use a test account with the Test Exchange Connectivity Site:
https://www.testexchangeconnectivity.com
See if that flags anything.
-M
ASKER
No ISA Server
Ran the test and got
Testing Http Authentication Methods for URL https://exchgserver.cascoindustries.com/Microsoft-Server-Activesync/ Http Authentication Test failed
Ran the test and got
Testing Http Authentication Methods for URL https://exchgserver.cascoindustries.com/Microsoft-Server-Activesync/ Http Authentication Test failed
Did you check the virtual directory in IIS manager for a client certificate requirement?
The virtual directory you need to check is the one mentioned - Microsoft-Server-ActiveSyn
-M
The virtual directory you need to check is the one mentioned - Microsoft-Server-ActiveSyn
-M
ASKER
yes it is set to ignore / microsoft-server-activesyn
What authentication settings are enabled for that virtual directory?
It should be integrated without anonymous enabled.
-M
It should be integrated without anonymous enabled.
-M
ASKER
anonymous enabled
asp disabled
basic disabled
digest disabled
forms disabled
windows auth enabled
asp disabled
basic disabled
digest disabled
forms disabled
windows auth enabled
There is one problem.
You shouldn't have anonymous enabled on the virtual directory.
Disable it and then run iisreset to make the change take effect.
Then test again.
-M
You shouldn't have anonymous enabled on the virtual directory.
Disable it and then run iisreset to make the change take effect.
Then test again.
-M
ASKER
Testing Http Authentication Methods for URL https://exchgserver.XXXXXX.com/Microsoft-Server-Activesync/
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Authentication method Negotiate is enabled but is not an allowed Authentication method for this service.
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Authentication method Negotiate is enabled but is not an allowed Authentication method for this service.
Just as a test, disable windows authentication and enable basic. What happens then?
Remember to run IISRESET otherwise the change doesn't take effect.
-M
Remember to run IISRESET otherwise the change doesn't take effect.
-M
ASKER
The test passed! Will check the phone now
ASKER
same error on the phone. is this because of the UC Cert you think?
If the test passed on the web site, then it should work on the device.
However if you have been playing around with certificates on the device then you may have caused a problem with the certificate acceptance.
On the device, browse to https://host.domain.com/ (where host.domain.com is the name on your SSL certificate). Do you get a certificate prompt?
-M
However if you have been playing around with certificates on the device then you may have caused a problem with the certificate acceptance.
On the device, browse to https://host.domain.com/ (where host.domain.com is the name on your SSL certificate). Do you get a certificate prompt?
-M
ASKER
No the phone browser goes right to the owa login
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Deleted the server on the phone and set it up again and it working great! Thank you for all your help.. great job
ASKER
Cant thank you enough.
-M