Solved

SSL issues when connecting to Exchange Server Activesync

Posted on 2009-07-02
12
514 Views
Last Modified: 2012-05-07
I have been trying to get an iPhone to work with the Exchange Mail feature.

I am using testexchangeconnectivity.com to test my connection to the exchange activesync. I keep receiving SSL. I had to recreate the (Self Signed) SSL certificate to get the test utility to accept it. It is now getting a little further than before (it is accepting the cert and saying the dates are valid) but it is now saying this;

The certificate chain did not end in a trusted root. Root = CN=ourwebsitenameishere.com

If anyone could help me get this resolved so I can get the iPHone working I would be very grateful.

Thanks!
Dan
0
Comment
Question by:filtrationproducts
  • 7
  • 5
12 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24763053
Install the certificate on the iPhone.   You can use config utility is one way to get it over to the phone:  http://www.apple.com/support/iphone/enterprise/
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24763143
I have not gotten to the iPhone yet. I was told to get the server part working first using the testexchangeconnectivity.com. And until that worked the phone will never work.

Also the certificate I created before was not a good one apparently becuase i used SelfSSL from microsoft to create it and that doesnt work for the web or something. I am in the middle of recreating a new certificate for ourwebsite.com
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24763293
Self-signed will work but they are a pain and take more steps.   If you get a commercial cert as you are its a great deal better.

Yes https://testexchangeconnectivity.com/ is a great way to test to see if Active Sync is functional.

When you run the test from this site if you have not installed the commercial cert just checkbox Ignore Trust for SSL
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:filtrationproducts
ID: 24763419
When I click Ignore SSL I get this error
-----
Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
       
      Attempting to send OPTIONS command to server
       Testing the OPTIONS command failed. See Additional Details for more info
      Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24763846
I checked the event log on the server and this is recorded.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/2/2009
Time:            9:35:52 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SBS2K3
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      test@ourdomain.com
       Domain:            
       Logon Type:      8
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      SBS2K3
       Caller User Name:      SBS2K3$
       Caller Domain:      ourdomain
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      10660
       Transited Services:      -
       Source Network Address:      207.46.225.229
       Source Port:      61070


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24763898
Ok, I got that last issue resolved by changing the way I was typing in the Domain/Username. I was using the email address before, i changed that to DOMAIN\USER and now I recieve this error

      Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
       
      Attempting to send OPTIONS command to server
       OPTIONS response was successfully received and is valid
      Additional Details
       Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 02 Jul 2009 14:39:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
0
 
LVL 20

Accepted Solution

by:
EndureKona earned 200 total points
ID: 24763902
<!--[if gte mso 9]>   Normal  0          false  false  false    EN-US  X-NONE  X-NONE                                       MicrosoftInternetExplorer4                                     <![endif]--><!--[if gte mso 9]>                                                                                                                                                                                                                                                                                    <![endif]--><!--[if gte mso 10]><![endif]-->Check if you have a Firewall and not allowed aRule on the Firewall for 443

<!-- m -->If the issue persists, please refer to the following KB to reset the defaultvirtual directories

How to reset the default virtual directories that are required to provideOutlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services inExchange Server 2003

<!-- m -->http://support.microsoft.com/kb/883380
<!-- m -->
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24763933
Sorry that just came out bad...I attempted to send you this link:

https://www.chicagotech.net/~chicagot/netforums/viewtopic.php?f=1&t=6123

Is 443 open on your firewall to your Exchange server?

Run Exchange BPA to see if you get any errors?  

I would actually wait until your get the commercial cert installed on the exchange server.
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24764595
443 is open to the exchange server. I tested this using the server port scanner utility.

I ran the Exchange BPA and the errors that came back were;
Global Incoming message size not set
Global outgoing message size not set
WMI access not possible
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24764599
I also know 443 works because we have had Outlook Web Access working for about 2 years.
0
 
LVL 1

Author Comment

by:filtrationproducts
ID: 24765193
I got it working.

I had to export settings and created a new IIS virtual directory for Exchange and redirect to it in the registry. I then restarted IIS Admin Service and everything started working fine. I received a SSL error message but I just clicked "Accept" on the iPhone and it started downloading the mailbox content.

The iPhone is all setup and working perfectly!
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24765207
Cool glad its working.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question