• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

Exchange 2007 Activesynch, with Windows Mobile devices

We have a new Exchange 2007 server which is all set up and running nicely.  Some of our mobile users however cannot connect to the server using the 'Exchange' option built into Windows mobile 6.  I use an IPhone, and set that up in minutes and it works really well but the poor Windows Mobile users cannot get their devices set up.  Once setup, the phone takes an age trying to connect, then just comes back with a syncronisation error (one guy got an error code 0X80072F17).  I'm pretty sure this is down to an SSL certificate on our side, but I need some guidance in how to fault find this, replace the certificate etc...Thanks.
0
-Juddy-
Asked:
-Juddy-
  • 5
  • 5
1 Solution
 
MesthaCommented:
Do you have a commercial SSL certificate on the server?
If not, then you need to change it for one, as the self signed certificate installed during the setup is not supported for use with ActiveSync.

The quickest way to confirm that the certificate is the issue is to simply browse to the site from the device. If you get a certificate prompt then that is the problem.

I have outlined how to get the certificate and install it on my blog here:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Simon.
0
 
-Juddy-Author Commented:
This is the error we get at the moment:

The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

I have just moved us from Exchange 2003 to 2007, so I guess that explains the second error and we always had the first but never worried becasue we didn't / couldn't use Active Synch!  Just to be sure, these are the setting I'm going to use to get a new certificate:

Common Name:     server1.mycompany.com

Subject                  server1
Alternative             server1.mycompany.com
Names:                  autodiscover.mycompany.com

Our 2003 server, and now our 2007 accepts mail for both mycompany-exchange.co.uk and mycomay.com, will I need a certificate for both?
0
 
MesthaCommented:
What domain the server accepts email for doesn't really matter.
However, if you have users with email address (primary) in that second domain then ideally you should have that domain in the autodiscover list.

I also don't recommend using the server's real name as its common name. I prefer to use a generic name that I can move about if required.

Therefore the names I would put on the SAN/UC certificate would be

Common Name: mail.example.com (this is the name the users enter for OWA, ActiveSync etc)
Additional Names: server1 (the server's NETBIOS name)
server1.domain.local (the server's real internal name)
autodiscover.example.com
autodiscover.example.co.uk

The MX records for both domains would point to mail.example.com which would also allow you to use TLS, which is enabled by default.

Simon.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
-Juddy-Author Commented:
Our guys use this address to access webmail:

https://mail.mycompany-exchange.co.uk/owa

So does that mean that the common name I should use is:

mail.mycompany-exchange.co.uk

Thanks, just want to be 100% clear.
0
 
MesthaCommented:
Common name is just the host name, no http or / anything.

So host.example.com is a valid common name, http://host.example.com is not.

Simon.
0
 
-Juddy-Author Commented:
Great, so I've generated my request using the the common name:

mail.mycompany-exchange.co.uk

Thanks Simon.
0
 
-Juddy-Author Commented:
I have installed my certificate, and the nag messages before logon regarding the certificate has disappeared.  I am gettting a security alert message pop up on my client PC's now:

Security alert
myserver.mycompany.com

The security certificate is from a trusted certifying authority (tick)
The security certificate date is valid (tick)
The name on the security certificate is invalid or does not match the name of the site (cross)

Do you want to proceed?
0
 
MesthaCommented:
Did you include that URL in your certificate request?

Simon.
0
 
-Juddy-Author Commented:
This one: mail.mycompany-exchange.co.uk

Yes.
0
 
MesthaCommented:
Above you have said that the alert is coming from

Security alert
myserver.mycompany.com

That is the URL I was asking about - was that in your certificate request?

Simon.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now