Solved

SSL issues when connecting to Exchange Server Activesync

Posted on 2009-07-02
12
494 Views
Last Modified: 2012-05-07
I have been trying to get an iPhone to work with the Exchange Mail feature.

I am using testexchangeconnectivity.com to test my connection to the exchange activesync. I keep receiving SSL. I had to recreate the (Self Signed) SSL certificate to get the test utility to accept it. It is now getting a little further than before (it is accepting the cert and saying the dates are valid) but it is now saying this;

The certificate chain did not end in a trusted root. Root = CN=ourwebsitenameishere.com

If anyone could help me get this resolved so I can get the iPHone working I would be very grateful.

Thanks!
Dan
0
Comment
Question by:filtrationproducts
  • 7
  • 5
12 Comments
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Install the certificate on the iPhone.   You can use config utility is one way to get it over to the phone:  http://www.apple.com/support/iphone/enterprise/
0
 
LVL 1

Author Comment

by:filtrationproducts
Comment Utility
I have not gotten to the iPhone yet. I was told to get the server part working first using the testexchangeconnectivity.com. And until that worked the phone will never work.

Also the certificate I created before was not a good one apparently becuase i used SelfSSL from microsoft to create it and that doesnt work for the web or something. I am in the middle of recreating a new certificate for ourwebsite.com
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Self-signed will work but they are a pain and take more steps.   If you get a commercial cert as you are its a great deal better.

Yes https://testexchangeconnectivity.com/ is a great way to test to see if Active Sync is functional.

When you run the test from this site if you have not installed the commercial cert just checkbox Ignore Trust for SSL
0
 
LVL 1

Author Comment

by:filtrationproducts
Comment Utility
When I click Ignore SSL I get this error
-----
Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
       
      Attempting to send OPTIONS command to server
       Testing the OPTIONS command failed. See Additional Details for more info
      Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
0
 
LVL 1

Author Comment

by:filtrationproducts
Comment Utility
I checked the event log on the server and this is recorded.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/2/2009
Time:            9:35:52 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SBS2K3
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      test@ourdomain.com
       Domain:            
       Logon Type:      8
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      SBS2K3
       Caller User Name:      SBS2K3$
       Caller Domain:      ourdomain
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      10660
       Transited Services:      -
       Source Network Address:      207.46.225.229
       Source Port:      61070


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 1

Author Comment

by:filtrationproducts
Comment Utility
Ok, I got that last issue resolved by changing the way I was typing in the Domain/Username. I was using the email address before, i changed that to DOMAIN\USER and now I recieve this error

      Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
       
      Attempting to send OPTIONS command to server
       OPTIONS response was successfully received and is valid
      Additional Details
       Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 02 Jul 2009 14:39:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 20

Accepted Solution

by:
EndureKona earned 200 total points
Comment Utility
<!--[if gte mso 9]>   Normal  0          false  false  false    EN-US  X-NONE  X-NONE                                       MicrosoftInternetExplorer4                                     <![endif]--><!--[if gte mso 9]>                                                                                                                                                                                                                                                                                    <![endif]--><!--[if gte mso 10]><![endif]-->Check if you have a Firewall and not allowed aRule on the Firewall for 443

<!-- m -->If the issue persists, please refer to the following KB to reset the defaultvirtual directories

How to reset the default virtual directories that are required to provideOutlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services inExchange Server 2003

<!-- m -->http://support.microsoft.com/kb/883380
<!-- m -->
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Sorry that just came out bad...I attempted to send you this link:

https://www.chicagotech.net/~chicagot/netforums/viewtopic.php?f=1&t=6123

Is 443 open on your firewall to your Exchange server?

Run Exchange BPA to see if you get any errors?  

I would actually wait until your get the commercial cert installed on the exchange server.
0
 
LVL 1

Author Comment

by:filtrationproducts
Comment Utility
443 is open to the exchange server. I tested this using the server port scanner utility.

I ran the Exchange BPA and the errors that came back were;
Global Incoming message size not set
Global outgoing message size not set
WMI access not possible
0
 
LVL 1

Author Comment

by:filtrationproducts
Comment Utility
I also know 443 works because we have had Outlook Web Access working for about 2 years.
0
 
LVL 1

Author Comment

by:filtrationproducts
Comment Utility
I got it working.

I had to export settings and created a new IIS virtual directory for Exchange and redirect to it in the registry. I then restarted IIS Admin Service and everything started working fine. I received a SSL error message but I just clicked "Accept" on the iPhone and it started downloading the mailbox content.

The iPhone is all setup and working perfectly!
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Cool glad its working.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
email bouncing back 10 47
IIS 7.5 to 8.0 6 68
Exchange vm and snapshots 4 32
exchange 6 29
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now