-Juddy-
asked on
Exchange 2007 Activesynch, with Windows Mobile devices
We have a new Exchange 2007 server which is all set up and running nicely. Some of our mobile users however cannot connect to the server using the 'Exchange' option built into Windows mobile 6. I use an IPhone, and set that up in minutes and it works really well but the poor Windows Mobile users cannot get their devices set up. Once setup, the phone takes an age trying to connect, then just comes back with a syncronisation error (one guy got an error code 0X80072F17). I'm pretty sure this is down to an SSL certificate on our side, but I need some guidance in how to fault find this, replace the certificate etc...Thanks.
ASKER
This is the error we get at the moment:
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.
I have just moved us from Exchange 2003 to 2007, so I guess that explains the second error and we always had the first but never worried becasue we didn't / couldn't use Active Synch! Just to be sure, these are the setting I'm going to use to get a new certificate:
Common Name: server1.mycompany.com
Subject server1
Alternative server1.mycompany.com
Names: autodiscover.mycompany.com
Our 2003 server, and now our 2007 accepts mail for both mycompany-exchange.co.uk and mycomay.com, will I need a certificate for both?
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.
I have just moved us from Exchange 2003 to 2007, so I guess that explains the second error and we always had the first but never worried becasue we didn't / couldn't use Active Synch! Just to be sure, these are the setting I'm going to use to get a new certificate:
Common Name: server1.mycompany.com
Subject server1
Alternative server1.mycompany.com
Names: autodiscover.mycompany.com
Our 2003 server, and now our 2007 accepts mail for both mycompany-exchange.co.uk and mycomay.com, will I need a certificate for both?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Our guys use this address to access webmail:
https://mail.mycompany-exchange.co.uk/owa
So does that mean that the common name I should use is:
mail.mycompany-exchange.co .uk
Thanks, just want to be 100% clear.
https://mail.mycompany-exchange.co.uk/owa
So does that mean that the common name I should use is:
mail.mycompany-exchange.co
Thanks, just want to be 100% clear.
Common name is just the host name, no http or / anything.
So host.example.com is a valid common name, http://host.example.com is not.
Simon.
So host.example.com is a valid common name, http://host.example.com is not.
Simon.
ASKER
Great, so I've generated my request using the the common name:
mail.mycompany-exchange.co .uk
Thanks Simon.
mail.mycompany-exchange.co
Thanks Simon.
ASKER
I have installed my certificate, and the nag messages before logon regarding the certificate has disappeared. I am gettting a security alert message pop up on my client PC's now:
Security alert
myserver.mycompany.com
The security certificate is from a trusted certifying authority (tick)
The security certificate date is valid (tick)
The name on the security certificate is invalid or does not match the name of the site (cross)
Do you want to proceed?
Security alert
myserver.mycompany.com
The security certificate is from a trusted certifying authority (tick)
The security certificate date is valid (tick)
The name on the security certificate is invalid or does not match the name of the site (cross)
Do you want to proceed?
Did you include that URL in your certificate request?
Simon.
Simon.
ASKER
This one: mail.mycompany-exchange.co .uk
Yes.
Yes.
Above you have said that the alert is coming from
Security alert
myserver.mycompany.com
That is the URL I was asking about - was that in your certificate request?
Simon.
Security alert
myserver.mycompany.com
That is the URL I was asking about - was that in your certificate request?
Simon.
If not, then you need to change it for one, as the self signed certificate installed during the setup is not supported for use with ActiveSync.
The quickest way to confirm that the certificate is the issue is to simply browse to the site from the device. If you get a certificate prompt then that is the problem.
I have outlined how to get the certificate and install it on my blog here:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx
Simon.