asked on

How come some Active Sync clients wiill sync with Exchane 2007 and some wont??

I am getting the following error from 2 WM phones(one with 6 and 6.1) 0x80072F0D. It is saying the cert is invalid. However, two other treos with WM 6.1 are working fine. I am reading about intermediate certs on the server? We have tried all the cert installs on the devices, no go.

Couple other pieces of information: 
1) when browsing OWA from desktop computer everything works fine but from mobile I'm getting: the data area passed to a system call is too small (122) 
2) the detailed message on the mobile after ActiveSync is: 
The security certificate on the server is not valid.  Contact your Exchange Server administrator or ISP to install a valid certificate on the server. 
  
Support code: 0x80072F0D 
  
and again my response to that message is "OWA" is working fine (on desktop PCs) with this certificate, why won't ActiveSync?

Open in new window

Sourabh-Excahnge

You need to import the ROOT certificate for your SSL certificate to the device, not your own certificate. If you go back to the certificate issuer then you should find the root certificate.

The most reliable method to get it in to the device is to use a cabinet file.
http://www.amset.info/pocketpc/certificates.asp

Error message when you try to synchronize a Windows Mobile-based device by using Exchange
ActiveSync for Exchange 2003 or for Exchange 2007: "Synchronization failed"
http://support.microsoft.com/kb/927465

How to install root certificates on a Windows Mobile-based device
http://support.microsoft.com/kb/915840/

Hope this helps, thanks,

AIT

ASKER

tried those, i actually found the solution here
" So here is the next steps I took which resolved the sync issue:
First I removed any certs that anyone imported into the PDA for this OWA issue.

On the PC that the PDA can sync to, open a IE window and browse to the OWA server
Click on the SSL lock icon and view cert path

On the first cert in the path (it was from User Trust for me), click view cert which opens the cert properties, go to the details tab, and then click copy to file, next, export the cert to the PC using DER encoding
Copy the cert over to the PDA
On the PDA click on the cert to import it, this one then showed up in the Root Group
Next do the above steps for the next cert in the path (this was Network Solutions for me) and any more in the path except the OWA one.
This 2nd step cert imported into the intermediate group on the PDAs (certs). I looked over my PC's cert store and could not find this one stored anywhere. I had originally did the root Network Soutions which was not the correct one.

Once these two were on the PDA, I used IE on it to browse again to the OWA website. I was not warned about the SSL being invalid again.

We had seen that once this is done that the PDA will warn that it must sync to exchange and warns that changes will force the info on the pda to be deleted and synced from
Exchange therefore changes on the PDA from the time of last sync will be lost.
My Thoughts
So the issues we had, it seems that simply exporting what we think needs installed from the PC cert store weren't the right ones. They were only a guess that seemed right based on their names and descriptions and that because they came from the PCs cert store, they may not be properly structured for 3 step cert path. When the certs were on the PDA the first time, their names where shown differently (i.e the Network Solutions one was probably the the wrong one ... installed in the root cert store on PDA but should have been the intermediate one).
It is best, it appears, to use IEs cert path pop up to proper exporting of the .cer files rather than doing it directly from the PC cert store

ASKER CERTIFIED SOLUTION

Sourabh-Excahnge

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

AIT

ASKER

I actually figured it out before you posted, but sure