SSL issues when connecting to Exchange Server Activesync

I have been trying to get an iPhone to work with the Exchange Mail feature.

I am using to test my connection to the exchange activesync. I keep receiving SSL. I had to recreate the (Self Signed) SSL certificate to get the test utility to accept it. It is now getting a little further than before (it is accepting the cert and saying the dates are valid) but it is now saying this;

The certificate chain did not end in a trusted root. Root =

If anyone could help me get this resolved so I can get the iPHone working I would be very grateful.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Install the certificate on the iPhone.   You can use config utility is one way to get it over to the phone:
filtrationproductsAuthor Commented:
I have not gotten to the iPhone yet. I was told to get the server part working first using the And until that worked the phone will never work.

Also the certificate I created before was not a good one apparently becuase i used SelfSSL from microsoft to create it and that doesnt work for the web or something. I am in the middle of recreating a new certificate for
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Self-signed will work but they are a pain and take more steps.   If you get a commercial cert as you are its a great deal better.

Yes is a great way to test to see if Active Sync is functional.

When you run the test from this site if you have not installed the commercial cert just checkbox Ignore Trust for SSL
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

filtrationproductsAuthor Commented:
When I click Ignore SSL I get this error
Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
      Attempting to send OPTIONS command to server
       Testing the OPTIONS command failed. See Additional Details for more info
      Additional Details
A Web Exception occured because an HTTP 401 - Unauthorized response was received from Unknown
filtrationproductsAuthor Commented:
I checked the event log on the server and this is recorded.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/2/2009
Time:            9:35:52 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SBS2K3
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:
       Logon Type:      8
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      SBS2K3
       Caller User Name:      SBS2K3$
       Caller Domain:      ourdomain
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      10660
       Transited Services:      -
       Source Network Address:
       Source Port:      61070

For more information, see Help and Support Center at
filtrationproductsAuthor Commented:
Ok, I got that last issue resolved by changing the way I was typing in the Domain/Username. I was using the email address before, i changed that to DOMAIN\USER and now I recieve this error

      Attempting an Activesync session with server
       Errors were encountered while testing the ActiveSync session
      Test Steps
      Attempting to send OPTIONS command to server
       OPTIONS response was successfully received and is valid
      Additional Details
       Headers received: MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
MS-Server-ActiveSync: 6.5.7638.1
MS-ASProtocolVersions: 1.0,2.0,2.1,2.5
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,ResolveRecipients,ValidateCert,Provision,Search,Notify,Ping
Content-Length: 0
Date: Thu, 02 Jul 2009 14:39:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

      Attempting FolderSync command on ActiveSync session
       FolderSync command test failed
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
<!--[if gte mso 9]>   Normal  0          false  false  false    EN-US  X-NONE  X-NONE                                       MicrosoftInternetExplorer4                                     <![endif]--><!--[if gte mso 9]>                                                                                                                                                                                                                                                                                    <![endif]--><!--[if gte mso 10]><![endif]-->Check if you have a Firewall and not allowed aRule on the Firewall for 443

<!-- m -->If the issue persists, please refer to the following KB to reset the defaultvirtual directories

How to reset the default virtual directories that are required to provideOutlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services inExchange Server 2003

<!-- m -->
<!-- m -->

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Sorry that just came out bad...I attempted to send you this link:

Is 443 open on your firewall to your Exchange server?

Run Exchange BPA to see if you get any errors?  

I would actually wait until your get the commercial cert installed on the exchange server.
filtrationproductsAuthor Commented:
443 is open to the exchange server. I tested this using the server port scanner utility.

I ran the Exchange BPA and the errors that came back were;
Global Incoming message size not set
Global outgoing message size not set
WMI access not possible
filtrationproductsAuthor Commented:
I also know 443 works because we have had Outlook Web Access working for about 2 years.
filtrationproductsAuthor Commented:
I got it working.

I had to export settings and created a new IIS virtual directory for Exchange and redirect to it in the registry. I then restarted IIS Admin Service and everything started working fine. I received a SSL error message but I just clicked "Accept" on the iPhone and it started downloading the mailbox content.

The iPhone is all setup and working perfectly!
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Cool glad its working.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.