MMS-tech
asked on
Windows ActiveSync to Exchange 2003 now working - support code 0x80072EE2
We have a single Exchange 2003 server and are allowing OWA access via HTTPS. We want our Windows mobile users to be able to sync their devices using ActiveSync. As per the Microsoft instructions, I have created a new virtual directory that not use SSL. Synchronization is still not working and I am getting a support code of 0x80072EE2 when it fails. Any suggestions?
ASKER
Interesting. The 0x80072EE2 code is listed as ERROR_INTERNET_TIMEOUT. I am able to browse from the device to other websites, so I don't trust that message too much.
It can still be a timeout, but the timeout is occurring internally.
I presume that you followed MSKB 817379?
I find that doesn't always work as the article states, particularly if you were already using forms based authentication.
I wrote some alternative instructions which ensure that the configuration error is not transferred across.
http://www.amset.info/exchange/mobile-85010014.asp
-M
I presume that you followed MSKB 817379?
I find that doesn't always work as the article states, particularly if you were already using forms based authentication.
I wrote some alternative instructions which ensure that the configuration error is not transferred across.
http://www.amset.info/exchange/mobile-85010014.asp
-M
ASKER
Thanks, I followed the instructions, but the sync still does not work. Still getting the same error. When I browse to OWA, I am still getting a certificate error but I think I have the cert removed. How can I check ?
ASKER
Pls ignore the last post. I had put the cert back in after the activesync had failed without it. I just took the cert out again and the sync still does not work. Suggestions ?
ASKER
Is there a way to log the communications between the mobile device and the Exchange server ?
The article for the additional folder in IIS does not actually remove the need to use SSL, simply the fact that REQUIRE SSL (ie that you MUST use SSL) is not compatible with a part of Exchange that ActiveSync uses.
For a secure connection you must still use an SSL connection.
If you want to get some more diagnosis, use the Test Exchange Connectivity site from Microsoft with a test account: https://www.testexchangeconnectivity.com
-M
For a secure connection you must still use an SSL connection.
If you want to get some more diagnosis, use the Test Exchange Connectivity site from Microsoft with a test account: https://www.testexchangeconnectivity.com
-M
ASKER
OK, got TCPView running. Should I be looking for an external address as the remote connection or which process should I be looking for to see the ActiveSync communication ?
ASKER
I have now gone here: https://www.testexchangeconnectivity.com/ and tested ActiveSync connectivity and it tells me there is a problem with the certificate. I have no cert associated with the site, is that the reason for the error? And based on the comments above, I thought I should be testing with no cert for ActiveSync....
here is a link that you can follow to troubleshoot:
http://www.microsoft.com/windowsmobile/en-us/help/synchronize/activesync-usb.mspx#connection
http://www.microsoft.com/windowsmobile/en-us/help/synchronize/activesync-usb.mspx#connection
I think the test site is expecting you to have an SSL certificate in place. If you don't then you are sending everything across in the clear. There is an option to ignore the trust status of the certificate, but to bypass certificate use altogether.
I always use this feature with SSL because without it you have no security.
-M
I always use this feature with SSL because without it you have no security.
-M
ASKER
Oh I agree, I only have it turned off for this testing of ActiveSync.
Have you removed the certificate completely from the site?
You cannot turn off SSL. There is no option to turn it on or off - certainly not a directory level. The only way to stop using SSL is to remove the SSL certificate from the site, then run iisreset for the change to take effect and ensure the site is no longer listening on port 443. Of course if you have anything else using SSL, such as OWA or RPC over HTTPS then that will stop working.
-M
You cannot turn off SSL. There is no option to turn it on or off - certainly not a directory level. The only way to stop using SSL is to remove the SSL certificate from the site, then run iisreset for the change to take effect and ensure the site is no longer listening on port 443. Of course if you have anything else using SSL, such as OWA or RPC over HTTPS then that will stop working.
-M
ASKER
I have removed the cert and ran iisreset and still ActiveSync fails AND the testing site above fails with a cert problem, even though I have checked to ignore trust for SSL. I am still stumped...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have gone ahead done the 3rd party cert. The cert error when starting OWA is gone and the MS connection Analyzer can now connect successfully. BUT Activesync now complains that the server cert is invalid. Is there something I need to do on the Mobile to get it to recognize the 3rd party cert ?
ASKER
Once I put a 3rd party cert on the OWA server, communications started working, but I was getting invalid cert on the MotoQ mobile. I had to eventually put the root cert for the CA onto the MotoQ and it now works.
Thanks for the help everyone.
Thanks for the help everyone.
One other thing, you must use a Premium SSL certificate. Most basic certs are not compatible with ActiveSync. For example, a GeoTrust Quick SSL cert will NOT work with ActiveSync, but the Premium SSL will (about double the price). Be sure to look at the compatibility/specs for your certificate before you purchase it and make sure it is compatible with ActiveSync.
Here is what I have on the subject:
"The request has timed out. It is generally a temporary or recoverable situation."
In our company we have internal a document with these errors.
Please also see this article:
http://support.microsoft.com/?kbid=836941