Wm6 Cert authorization issue 80072f06

ok basically i know this has been asked similarlly but mine is slightly different. Ok my father's lawfirm just upgraded their windows server and exchange to 2008 and 2007 respectively. Now before they did not have SSL (which was retarted) but they do now on this new server. THe Cn name of the ssl is dns1.garag.com  but the owa is dns2.blahblah.com . Now on owa acess it works fine but on the windows mobile device ... its a no go. Ive literally tried everything, registry hack, the flip on and off ssl. Ive downloaded the cer to the device but it gives me the 80072f06 error. I know that has to do with the ssl authorization, but people at his office use both bb and wm and it has over 100 attorneys, they are not going to change the SSL. ... Ok here is where my question gets somewhat interesting..

First can obviously this be solved and or what steps do i have to take to disable the certificate checking thing so that it will authorize this ssl and it wil work jolly well..

Interesting part: is there anyway for me to somehow forward.. all his info. I run an exchange 2007 server that is in good working order and im wondering is it possible to setup either from Outlook or owa for his account to forward all the info to my server (contacts, calendar, email) etc.. (with staying on the server as well) and then it pushes out over my connection. But then......... it also syncs back. If he adds a contact on his cell phone it goes back to my server, and then that syncs up with his work server.. (or visa versa with email status, unread, read etc...,) So that is option two but im not really sure how to do that... Thanks!

ps. on my server the ssl works completely fine so i know its sometihng with teh ssl checking tool, would upgrading his device to wm6.5 be worth it? Thanks!
ambush276Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Your can test your connectivity by visitng https://testexchangeconnectivity.com/ this should test everything, tell you what goes wrong and then give you some suggestions as to how to resolve it.
As long as your certificate is issued by a root certificate authoriy, it matches the site name you are using to connect to via Activesync then you should be okay.
0
ambush276Author Commented:
update to teh question:

i called their tech support, it seems that they do not USE an ssl cert but its still on an https connection? (wtf).

 They have a BB server which is probably about what 70% of the people use but i would say a good 20-30 people still use WM. Is there a forwarding option i can use, or how to workaround that https or connect via the Https
0
Alan HardistyCo-OwnerCommented:
Outlook Mobile Access (Activesync) is only configured to used Port 80 (HTTP) or port 443 (HTTPS).  If they are using port 443 for HTTP, then it is going to work as it will need a certificate to use this port and thus I think you have found the reason why it does not work.
Assuming that you are not using a certificate on the phones, then it will want to use port 80, but as this is redirected, it fails.
If the default website has been reconfigured to use port 443 and not port 80, then this will stop Activesync from working properly as it uses port 80 to make internal calls to the other virtual directories needed.
Sounds like either you have to resign yourself to the fact that Activesync won't work for you, or the server needs to be reconfigured back to the defaults to make it work properly.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

ambush276Author Commented:
ok i got a little more info... it seems that it is a self signed cert... but more importantly on IE8 im getting the same error as activesync (accept IE8 i can proceed into owa). here is a pic of the error, and it all comes down to i think if certificate checking can be disabled, then it will work? not sure... but this is i think the heart of the matter
problem.jpg
0
Alan HardistyCo-OwnerCommented:
Well the screen shot suggests that the certificate being used was not issued correctly and this will also be a problem.
If the FQDN used for Activesync does not match the name on the certificate, then this is another reason for it to fail.
What is the name on the certificate and what FQDN are you using to access Activesync?
www.yourcompany.com or mail.yourcompany.com etc?
 
0
ambush276Author Commented:
well they have a self sign cert and the CN  is not even a ww its just like DNS1 (thats it)

and then the owa website is dns2.website.com/owa
0
Alan HardistyCo-OwnerCommented:
0
ambush276Author Commented:
ok its def.. a netbios signed one because its of the DNS not the domain... so i guess there is no way to use activesync>? about about like redirection in a rule setup? would that work and redirecto ym server and then use that (obviously no contacts, he does not use calendar) so basically just export all his contacts and whenever save them on the phone just like once a month show him how to DL new contacts off his phone ETC.... can something like that work?
0
Alan HardistyCo-OwnerCommented:
Why not replace the certificate?
Makes sense to have it setup properly, or will this mess up everytthing else?
He can always use Activesync locally on the desktop, just not use it over the Internet - it's a shame, but this is the simplest alternative.
0
ambush276Author Commented:
because is it department is a bunch of fags who really honestly are impossible to deal with (if you question what they did they get defensive and start to complain, ive already suggested that trust me.) I just got off the phone with him and he doesnt mind doing the desk sync for contact and calendar... its the email he NEEDS wirelessly. My question is there anyforwarding options now that he can partake in so that all new email forward directly to my address (or the one i have for him on my exchnge server), then he can then connect to from my exchange server (so the mail redirection thing or something like taht, ive read the stuff online but i cannot get it to work in rules. I set it up and when it says person or distro group i just type in my email. But no emails forward. I tried on my email and on his email (just to make sure my server was not malfunctioning?) do you have a good guide or suggestion about what to do on this topic,?
0
Alan HardistyCo-OwnerCommented:
There is no ideal solution here I'm afraid.  I don't think forwarding from his server to yours will work as his default email account will be your domain name unless you start getting clever with Exchange 07 and I can't tell you how to on there, but can on 03.  Probably similar, but not a simple task.
The best alternative I can think of and not one I would personally want it to swap his WM phone for a BB!
The other option is to get shitty with the IT department and remind them who pays their wages and get them to sort it out properly.  After all, it is the existing configuration that is causing the problems and won't go away.
Personally, I'd go WM over BB everytime - but then the world is full of people with different tastes.
0
ambush276Author Commented:
Well I run 03 I know how to send out as his email... It's forwarding from his ezchng to.  Mine..... Also he's on vzw company on tmobl
0
Alan HardistyCo-OwnerCommented:
Okay - here is what to do:
  1. Setup a contact on his email server with an email address that is hosted on your server
  2. Configure his account to additionally forward to the contact setup in step 1
  3. Configure his domain on your server to be a non-authoratitive domain (that way he can send message to his own domain and they will leave your server and get sent to his server)
  4. Configure on your server an email account with an email address to match the one setup in step 1.
  5. Set the reply address on your server for his account to be his email address on his server
  6. Configure his phone to sync to your server
  7. Import his mail / contacts, etc onto your server.
  8. Optionally - fire his IT guys and get some new ones who know what they are doing!
Hope that makes sense.
0
ambush276Author Commented:
ok most of it i get the gist but stuck at a few parts. I get the Setup Contact... that is easy enough, but part 2, there are so many options, do i leave all the checks blank in email redirection or what do i do?

also step 3, non authoratitve domain (not quite sure, kind of but still not quite sure)?

also there is no way to sync contacts like this right..(like wehn he adds on phone it will go obviously to my server, then back to his server..

i mean honestly as long as the emails work... its golden. (because he can just dock his phone to have contacts and calendar syn up that way.
0
ambush276Author Commented:
also what if i just have basically lets say his email is ex1@blah.com

what if i have tit forward to ex1@mydomain.com but then have the primary domain be ex1@blah.com on my domain (so basically it recieves as ex1@mydomain, but then it sends out as ex1@blah.com?) not quite sure about this authoritative domain buisness.
0
Alan HardistyCo-OwnerCommented:
In AD Users and Computers, open up the prperties of the account, click on the Exchange General tab and then click on the Delivery Options button.
Now look at the graphic below.
Select Forward to and pick the recently created contact.
Check the Deliver messages to both forwarding address and mailbox.
Click OK twice.
Step 3 - You need to tell your exchange server about your new domain but not that it is the server that handles email for the domain.  If you say that it is, you will get problems when trying to send messages to the domain as your server will think it needs to send the messaegs to itself and you will only have one address setup, so you will get NDR's.
Have a read of this document for Exchange 2007.
http://technet.microsoft.com/en-us/library/bb124423.aspx
There is no automatic way to sync your server mailbox contents with his server that I am aware of.
You can just sync emails via your server and locally for contacts, tasks and diary.
Alternatively, you could set up his phone to use IMAP or POP3, but this would require manual checking.

ForwardEmail.jpg
0
Alan HardistyCo-OwnerCommented:
You need to add his domain to your server as a non-authoratitive domain - which tells the server that you can have users on this domain internally, but to deliver mail for this domain to an external server.
When you setup his account on your server, it will pick up the ex1@yourdomain.com as the default address.  You need to add exi@blah.com and set it to be the default address, then uncheck the update this email address based on recipient policy (Exchange 2003 - not sure about 2007).  This will force the repy to address to be ex1@blah.com not ex1@yourdomain.com.
When he sends a message to user@blah.com, your server will know that it has to be delivered externally, will lokup the mail server for this domain and deliver the message, which is what you want.
0
ambush276Author Commented:
do in need acess to HIS exchange server.. im doing this from his side all through OWA or outlook, his company does not know about any of this and WOULD not be ok with it lol. My point is im doing this through rules on outlook or exchange. On my server of course i have acess to all of this but i just want to clarify what i have to do on HIS side of the equation.
0
Alan HardistyCo-OwnerCommented:
Yes - you will need to access his server directly as it cannot be done unless you setup a rule on his PC to autoforward all inbound emails, but this means his PC has to be on to make the forwarding work.
If the PC is off, then no emails will be forwarded.
0
ambush276Author Commented:
but what about.. like setting up a Rule in OWA, if you login OWA in IE (not FX for some reason), go to options and you can setup a rule...why can it not be done from there?
0
Alan HardistyCo-OwnerCommented:
You can setup a rule in OWA but I don't think it will work for auto-forwarding to an external address as I believe this is a client-only rule.  Try it and see.
0
ambush276Author Commented:
hmm yea i set it up but nothing is working...
0
ambush276Author Commented:
so the only way i can setup auto forwarding is if i have acess to his exchange server or if i have his outlook on all the time..


ok how about this (sorry for taking so much time)

ok this seems kind of ghetto, but what if i have his OWA on on my server (like pulled up in IE), is there a thrid party app that can take OWA and then forward like that, kind of like a rule for owa style forwarding thing. Because the main problem here is that, they dont want people to mess with this stuff, and there is no IMAP or pop3. Its either Exchange or OWA: thats it. iT used to work fine until they upgraded to 2007 and made the SSL on activesync mandatory, becasue of that now nothing works as previously stated. At this point he is like down to the wire, he does not want to carry 2 devices around because that is just ridiculous (one being a huge Xv6800 from VZW and the curve from Tmobile, especially when the 6800 does not even get email (he would disable data and it become a giant crappy battery life phone.) What is the final options here of email forwarding for his device i guess. (third party apps.. literallly anything!) C: thanks for ur time btw!
0
Alan HardistyCo-OwnerCommented:
I don't know of anything that can do what you need and if you cannot access his server then I think you are left with changing his phone to a BlackBerry.
Sorry - but that's about it I'm afraid.
No worries about the time / questions - I know where you are coming from.  Brick walls are not much fun to face :-)
0
ambush276Author Commented:
ok well the last think i guess.. and this is about as desparate as it gets.. go out and get like one of the micro ATX computer things (aka build one for like $100) literally bare minimum to run XP, then put it on his office lan, and install outlook there, and have it run 24/7 (so basically outlook is always running? is that the final and only solution i guess? (if that will even work)./?
0
Alan HardistyCo-OwnerCommented:
If you can do then it should work.  They may find it and get upset about it, but that's your call.  You would legally need a copy of Outlook which would be an additional expense.
What about setting up his office computer to auto-forward in a rule and leave that on?  Cheaper option.
0
ambush276Author Commented:
ok so ive done a bit of reading. it will work if the contacts are added to the ADUC (not the personal folder). Now i can add contacts on the OWA to a public folder for the entire firm... will that be another personal folder or will that go to the ADUC?
0
Alan HardistyCo-OwnerCommented:
If you are talking Active Directory Users & Computers, then you will need server access.  That's the only way I know if.
0
Alan HardistyCo-OwnerCommented:
See my comment at 10:36pm - this is what I was suggesting, but you said it was not possible.
0
Alan HardistyCo-OwnerCommented:
Do I take it your father's Law Firm is not owned by him?
0
ambush276Author Commented:
hes one of 20 partners of a 100 person or so lawfirm but still it does not matter, they wouldnt change it unless threat of fired
0
ambush276Author Commented:
there is no comment at 10:36?
0
Alan HardistyCo-OwnerCommented:
The fact that there is a certificat mismatch as indicated in your image of 8:04pm should be sufficient enough for him to use as ammunition to get it sorted properly.
Mind you - even if they do sort it, Activesync may not be enabled, so you could still be banging your head against a brick wall then!
Sorry - but as much as you are finding it frustrating, and I am with you totally on that score, I don't think there is much you can do about it apart from go down the Blackberry route.
0
Alan HardistyCo-OwnerCommented:
Maybe your time is different to mine due to geography.
The comment I am referring to is the one with my graphic in.
0
ambush276Author Commented:
ok so its either admins invovled or leave outlook running on comp at all times..any other comments from anyone with suggestions (will leave open for a few days...)
0
Alan HardistyCo-OwnerCommented:
I sure hope for your sake that someone does come up with an alternative, but I am not overly optimistic.
0
ambush276Author Commented:
0
Alan HardistyCo-OwnerCommented:
Did you try it?
0
ambush276Author Commented:
well yea.. nothing happens? i created a contact in his contacts and setup the rule.. stil nothing (and nothing on my server either?)
0
Alan HardistyCo-OwnerCommented:
The only ways that forwarding works that I am aware of is to do it on the server or have Outlook open 24x7.
I'll test some things on my server and come back in a moment.
0
Alan HardistyCo-OwnerCommented:
This is why you cannot do this on the client - another administrator setting:
http://support.microsoft.com/kb/266166 
0
ambush276Author Commented:
i see but this would still work on outlook clientside?
0
ambush276Author Commented:
like in outlook can i still set this up, this is what is auto blocking in OWA?
0
Alan HardistyCo-OwnerCommented:
No.  The administrator needs to turn on this feature or set up forwarding to a contact created on the server, on the server.
That's the only way it will work.
0
ambush276Author Commented:
so i cant even do the outlook on the desktop thing as stated earlier... ouch... so really there is 0 options?
0
Alan HardistyCo-OwnerCommented:
You are in a corner with no where to turn but a Blackberry or the IT department - that's it I'm afraid.
0
ambush276Author Commented:
as computer people giving up is never the options as you know, i mean i stumbled upon this.. i mean idk ... ?

http://www.blackberryfaq.com/index.php/BlackBerry_Connect
0
Alan HardistyCo-OwnerCommented:
I believe this will work, but the PC needs to be on with the Blackberry software running 24x7 for this to work properly from recollection.
Not sure if this is a possibility, but I admire your determination.
0
ambush276Author Commented:
hmm? i thought that it accessed via the bes server directly? i might be mistaken.. but i was under the impression once the s/w was put in and the pin... it would be good to go??
0
Alan HardistyCo-OwnerCommented:
From the link you gave:
What are the limitations of a Blackberry Connect Device on a BES?
As we mentioned above Blackberry Connect is a slimmed down feature set (similar to a 3.6 device)and the key limitations are: -
  • No Enterprise Activation - that's why you need to cable activate as above
  • Only Supports Email and Calendar Syncs - no tasks, contacts or notes
  • Restricted set of IT policies - which vary from device to device - kill handheld won't remove data sync'd locally to device (outside the BB client stack - e.g. Notes)
  • No wireless backup No support for MDS browsing - this is a major issue if you want to web-browse/IM and BB Connect Email
  • Lookups against the Corporate Directory only returns the email address not all the contact info including phone numbers like the BB lookup. (This was introduced in BB Connect v2.1.2.31)
  • PIN to PIN messaging doesn't work
  • Maximum attachment size of 32k (as of v2.1.2.31 on wm5)
This means that the IT dept don't get involved, unless you cannot install the software on the PC due to restrictions etc.
0
ambush276Author Commented:
right but in version 4.0 u can do PIM backup on the phone? also does the comptuer need to be on? that is kind of the next question.. ive been rea dying and it doesnt seem to have to be (im using bb connect 4)? so yea...?
0
Alan HardistyCo-OwnerCommented:
Short answer is I don't know for sure.  Don't have any BB users within my customers who use this method.
Trial it and see how you get on.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ambush276Author Commented:
im trying tomorrow and will let u know/ questions
0
ambush276Author Commented:
ok well bbconnect is not supported on my device. but i figured it out.. kind of ....

im using a free service from seven.com basically its a PIM app that connects to exchange and runs on his computer but forwards email, contacts, calendar etc... The computer has to be on (but at night they have some energystar thing and special motherboard, that keeps the computer running while only using ... like with 50 computers on at night it uses less power than a lightbulb type thing idk.., but the computer is never fully turned off so the seven.com program works. If he didnt have server 2007 then the seven.com will work even with the computer turned off (connects to exchange 2003 and 2000 situations) through an online client so no need for actualyl computer on, but with 2007 his computer stays on so its fine and it runs in the phone in the background and seemlessly integreates into his outlook program on the phone. It works for now (and is actually faster than Direct Push). Its working great and hopefully it will continue to do so!
0
ambush276Author Commented:
awesome support, i will contact you with any problems in the future thanks for your time!
0
Alan HardistyCo-OwnerCommented:
Glad you got a solution working in the end - bit of an uphill struggle, but full credit to you for your determination.
Fingers crossed it keeps working for you.
Alan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.