Solved

Wm6 Cert authorization issue 80072f06

Posted on 2009-07-05
56
1,322 Views
Last Modified: 2013-12-05
ok basically i know this has been asked similarlly but mine is slightly different. Ok my father's lawfirm just upgraded their windows server and exchange to 2008 and 2007 respectively. Now before they did not have SSL (which was retarted) but they do now on this new server. THe Cn name of the ssl is dns1.garag.com  but the owa is dns2.blahblah.com . Now on owa acess it works fine but on the windows mobile device ... its a no go. Ive literally tried everything, registry hack, the flip on and off ssl. Ive downloaded the cer to the device but it gives me the 80072f06 error. I know that has to do with the ssl authorization, but people at his office use both bb and wm and it has over 100 attorneys, they are not going to change the SSL. ... Ok here is where my question gets somewhat interesting..

First can obviously this be solved and or what steps do i have to take to disable the certificate checking thing so that it will authorize this ssl and it wil work jolly well..

Interesting part: is there anyway for me to somehow forward.. all his info. I run an exchange 2007 server that is in good working order and im wondering is it possible to setup either from Outlook or owa for his account to forward all the info to my server (contacts, calendar, email) etc.. (with staying on the server as well) and then it pushes out over my connection. But then......... it also syncs back. If he adds a contact on his cell phone it goes back to my server, and then that syncs up with his work server.. (or visa versa with email status, unread, read etc...,) So that is option two but im not really sure how to do that... Thanks!

ps. on my server the ssl works completely fine so i know its sometihng with teh ssl checking tool, would upgrading his device to wm6.5 be worth it? Thanks!
0
Comment
Question by:ambush276
  • 28
  • 28
56 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24783150
Your can test your connectivity by visitng https://testexchangeconnectivity.com/ this should test everything, tell you what goes wrong and then give you some suggestions as to how to resolve it.
As long as your certificate is issued by a root certificate authoriy, it matches the site name you are using to connect to via Activesync then you should be okay.
0
 

Author Comment

by:ambush276
ID: 24787168
update to teh question:

i called their tech support, it seems that they do not USE an ssl cert but its still on an https connection? (wtf).

 They have a BB server which is probably about what 70% of the people use but i would say a good 20-30 people still use WM. Is there a forwarding option i can use, or how to workaround that https or connect via the Https
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24788117
Outlook Mobile Access (Activesync) is only configured to used Port 80 (HTTP) or port 443 (HTTPS).  If they are using port 443 for HTTP, then it is going to work as it will need a certificate to use this port and thus I think you have found the reason why it does not work.
Assuming that you are not using a certificate on the phones, then it will want to use port 80, but as this is redirected, it fails.
If the default website has been reconfigured to use port 443 and not port 80, then this will stop Activesync from working properly as it uses port 80 to make internal calls to the other virtual directories needed.
Sounds like either you have to resign yourself to the fact that Activesync won't work for you, or the server needs to be reconfigured back to the defaults to make it work properly.
0
 

Author Comment

by:ambush276
ID: 24788193
ok i got a little more info... it seems that it is a self signed cert... but more importantly on IE8 im getting the same error as activesync (accept IE8 i can proceed into owa). here is a pic of the error, and it all comes down to i think if certificate checking can be disabled, then it will work? not sure... but this is i think the heart of the matter
problem.jpg
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24788287
Well the screen shot suggests that the certificate being used was not issued correctly and this will also be a problem.
If the FQDN used for Activesync does not match the name on the certificate, then this is another reason for it to fail.
What is the name on the certificate and what FQDN are you using to access Activesync?
www.yourcompany.com or mail.yourcompany.com etc?
 
0
 

Author Comment

by:ambush276
ID: 24788308
well they have a self sign cert and the CN  is not even a ww its just like DNS1 (thats it)

and then the owa website is dns2.website.com/owa
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24788369
0
 

Author Comment

by:ambush276
ID: 24788619
ok its def.. a netbios signed one because its of the DNS not the domain... so i guess there is no way to use activesync>? about about like redirection in a rule setup? would that work and redirecto ym server and then use that (obviously no contacts, he does not use calendar) so basically just export all his contacts and whenever save them on the phone just like once a month show him how to DL new contacts off his phone ETC.... can something like that work?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24788645
Why not replace the certificate?
Makes sense to have it setup properly, or will this mess up everytthing else?
He can always use Activesync locally on the desktop, just not use it over the Internet - it's a shame, but this is the simplest alternative.
0
 

Author Comment

by:ambush276
ID: 24788679
because is it department is a bunch of fags who really honestly are impossible to deal with (if you question what they did they get defensive and start to complain, ive already suggested that trust me.) I just got off the phone with him and he doesnt mind doing the desk sync for contact and calendar... its the email he NEEDS wirelessly. My question is there anyforwarding options now that he can partake in so that all new email forward directly to my address (or the one i have for him on my exchnge server), then he can then connect to from my exchange server (so the mail redirection thing or something like taht, ive read the stuff online but i cannot get it to work in rules. I set it up and when it says person or distro group i just type in my email. But no emails forward. I tried on my email and on his email (just to make sure my server was not malfunctioning?) do you have a good guide or suggestion about what to do on this topic,?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24788810
There is no ideal solution here I'm afraid.  I don't think forwarding from his server to yours will work as his default email account will be your domain name unless you start getting clever with Exchange 07 and I can't tell you how to on there, but can on 03.  Probably similar, but not a simple task.
The best alternative I can think of and not one I would personally want it to swap his WM phone for a BB!
The other option is to get shitty with the IT department and remind them who pays their wages and get them to sort it out properly.  After all, it is the existing configuration that is causing the problems and won't go away.
Personally, I'd go WM over BB everytime - but then the world is full of people with different tastes.
0
 

Author Comment

by:ambush276
ID: 24788841
Well I run 03 I know how to send out as his email... It's forwarding from his ezchng to.  Mine..... Also he's on vzw company on tmobl
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24788934
Okay - here is what to do:
  1. Setup a contact on his email server with an email address that is hosted on your server
  2. Configure his account to additionally forward to the contact setup in step 1
  3. Configure his domain on your server to be a non-authoratitive domain (that way he can send message to his own domain and they will leave your server and get sent to his server)
  4. Configure on your server an email account with an email address to match the one setup in step 1.
  5. Set the reply address on your server for his account to be his email address on his server
  6. Configure his phone to sync to your server
  7. Import his mail / contacts, etc onto your server.
  8. Optionally - fire his IT guys and get some new ones who know what they are doing!
Hope that makes sense.
0
 

Author Comment

by:ambush276
ID: 24789362
ok most of it i get the gist but stuck at a few parts. I get the Setup Contact... that is easy enough, but part 2, there are so many options, do i leave all the checks blank in email redirection or what do i do?

also step 3, non authoratitve domain (not quite sure, kind of but still not quite sure)?

also there is no way to sync contacts like this right..(like wehn he adds on phone it will go obviously to my server, then back to his server..

i mean honestly as long as the emails work... its golden. (because he can just dock his phone to have contacts and calendar syn up that way.
0
 

Author Comment

by:ambush276
ID: 24789370
also what if i just have basically lets say his email is ex1@blah.com

what if i have tit forward to ex1@mydomain.com but then have the primary domain be ex1@blah.com on my domain (so basically it recieves as ex1@mydomain, but then it sends out as ex1@blah.com?) not quite sure about this authoritative domain buisness.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789421
In AD Users and Computers, open up the prperties of the account, click on the Exchange General tab and then click on the Delivery Options button.
Now look at the graphic below.
Select Forward to and pick the recently created contact.
Check the Deliver messages to both forwarding address and mailbox.
Click OK twice.
Step 3 - You need to tell your exchange server about your new domain but not that it is the server that handles email for the domain.  If you say that it is, you will get problems when trying to send messages to the domain as your server will think it needs to send the messaegs to itself and you will only have one address setup, so you will get NDR's.
Have a read of this document for Exchange 2007.
http://technet.microsoft.com/en-us/library/bb124423.aspx
There is no automatic way to sync your server mailbox contents with his server that I am aware of.
You can just sync emails via your server and locally for contacts, tasks and diary.
Alternatively, you could set up his phone to use IMAP or POP3, but this would require manual checking.

ForwardEmail.jpg
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789445
You need to add his domain to your server as a non-authoratitive domain - which tells the server that you can have users on this domain internally, but to deliver mail for this domain to an external server.
When you setup his account on your server, it will pick up the ex1@yourdomain.com as the default address.  You need to add exi@blah.com and set it to be the default address, then uncheck the update this email address based on recipient policy (Exchange 2003 - not sure about 2007).  This will force the repy to address to be ex1@blah.com not ex1@yourdomain.com.
When he sends a message to user@blah.com, your server will know that it has to be delivered externally, will lokup the mail server for this domain and deliver the message, which is what you want.
0
 

Author Comment

by:ambush276
ID: 24789479
do in need acess to HIS exchange server.. im doing this from his side all through OWA or outlook, his company does not know about any of this and WOULD not be ok with it lol. My point is im doing this through rules on outlook or exchange. On my server of course i have acess to all of this but i just want to clarify what i have to do on HIS side of the equation.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789502
Yes - you will need to access his server directly as it cannot be done unless you setup a rule on his PC to autoforward all inbound emails, but this means his PC has to be on to make the forwarding work.
If the PC is off, then no emails will be forwarded.
0
 

Author Comment

by:ambush276
ID: 24789539
but what about.. like setting up a Rule in OWA, if you login OWA in IE (not FX for some reason), go to options and you can setup a rule...why can it not be done from there?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789556
You can setup a rule in OWA but I don't think it will work for auto-forwarding to an external address as I believe this is a client-only rule.  Try it and see.
0
 

Author Comment

by:ambush276
ID: 24789584
hmm yea i set it up but nothing is working...
0
 

Author Comment

by:ambush276
ID: 24789611
so the only way i can setup auto forwarding is if i have acess to his exchange server or if i have his outlook on all the time..


ok how about this (sorry for taking so much time)

ok this seems kind of ghetto, but what if i have his OWA on on my server (like pulled up in IE), is there a thrid party app that can take OWA and then forward like that, kind of like a rule for owa style forwarding thing. Because the main problem here is that, they dont want people to mess with this stuff, and there is no IMAP or pop3. Its either Exchange or OWA: thats it. iT used to work fine until they upgraded to 2007 and made the SSL on activesync mandatory, becasue of that now nothing works as previously stated. At this point he is like down to the wire, he does not want to carry 2 devices around because that is just ridiculous (one being a huge Xv6800 from VZW and the curve from Tmobile, especially when the 6800 does not even get email (he would disable data and it become a giant crappy battery life phone.) What is the final options here of email forwarding for his device i guess. (third party apps.. literallly anything!) C: thanks for ur time btw!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789658
I don't know of anything that can do what you need and if you cannot access his server then I think you are left with changing his phone to a BlackBerry.
Sorry - but that's about it I'm afraid.
No worries about the time / questions - I know where you are coming from.  Brick walls are not much fun to face :-)
0
 

Author Comment

by:ambush276
ID: 24789677
ok well the last think i guess.. and this is about as desparate as it gets.. go out and get like one of the micro ATX computer things (aka build one for like $100) literally bare minimum to run XP, then put it on his office lan, and install outlook there, and have it run 24/7 (so basically outlook is always running? is that the final and only solution i guess? (if that will even work)./?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789709
If you can do then it should work.  They may find it and get upset about it, but that's your call.  You would legally need a copy of Outlook which would be an additional expense.
What about setting up his office computer to auto-forward in a rule and leave that on?  Cheaper option.
0
 

Author Comment

by:ambush276
ID: 24789712
ok so ive done a bit of reading. it will work if the contacts are added to the ADUC (not the personal folder). Now i can add contacts on the OWA to a public folder for the entire firm... will that be another personal folder or will that go to the ADUC?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789737
If you are talking Active Directory Users & Computers, then you will need server access.  That's the only way I know if.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789741
See my comment at 10:36pm - this is what I was suggesting, but you said it was not possible.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789744
Do I take it your father's Law Firm is not owned by him?
0
 

Author Comment

by:ambush276
ID: 24789763
hes one of 20 partners of a 100 person or so lawfirm but still it does not matter, they wouldnt change it unless threat of fired
0
 

Author Comment

by:ambush276
ID: 24789773
there is no comment at 10:36?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789799
The fact that there is a certificat mismatch as indicated in your image of 8:04pm should be sufficient enough for him to use as ammunition to get it sorted properly.
Mind you - even if they do sort it, Activesync may not be enabled, so you could still be banging your head against a brick wall then!
Sorry - but as much as you are finding it frustrating, and I am with you totally on that score, I don't think there is much you can do about it apart from go down the Blackberry route.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24789811
Maybe your time is different to mine due to geography.
The comment I am referring to is the one with my graphic in.
0
 

Author Comment

by:ambush276
ID: 24792364
ok so its either admins invovled or leave outlook running on comp at all times..any other comments from anyone with suggestions (will leave open for a few days...)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24792478
I sure hope for your sake that someone does come up with an alternative, but I am not overly optimistic.
0
 

Author Comment

by:ambush276
ID: 24794660
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24794691
Did you try it?
0
 

Author Comment

by:ambush276
ID: 24795876
well yea.. nothing happens? i created a contact in his contacts and setup the rule.. stil nothing (and nothing on my server either?)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24795937
The only ways that forwarding works that I am aware of is to do it on the server or have Outlook open 24x7.
I'll test some things on my server and come back in a moment.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24796063
This is why you cannot do this on the client - another administrator setting:
http://support.microsoft.com/kb/266166
0
 

Author Comment

by:ambush276
ID: 24796742
i see but this would still work on outlook clientside?
0
 

Author Comment

by:ambush276
ID: 24796747
like in outlook can i still set this up, this is what is auto blocking in OWA?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24796882
No.  The administrator needs to turn on this feature or set up forwarding to a contact created on the server, on the server.
That's the only way it will work.
0
 

Author Comment

by:ambush276
ID: 24796909
so i cant even do the outlook on the desktop thing as stated earlier... ouch... so really there is 0 options?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24797113
You are in a corner with no where to turn but a Blackberry or the IT department - that's it I'm afraid.
0
 

Author Comment

by:ambush276
ID: 24797200
as computer people giving up is never the options as you know, i mean i stumbled upon this.. i mean idk ... ?

http://www.blackberryfaq.com/index.php/BlackBerry_Connect
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24797250
I believe this will work, but the PC needs to be on with the Blackberry software running 24x7 for this to work properly from recollection.
Not sure if this is a possibility, but I admire your determination.
0
 

Author Comment

by:ambush276
ID: 24797615
hmm? i thought that it accessed via the bes server directly? i might be mistaken.. but i was under the impression once the s/w was put in and the pin... it would be good to go??
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24797958
From the link you gave:
What are the limitations of a Blackberry Connect Device on a BES?
As we mentioned above Blackberry Connect is a slimmed down feature set (similar to a 3.6 device)and the key limitations are: -
  • No Enterprise Activation - that's why you need to cable activate as above
  • Only Supports Email and Calendar Syncs - no tasks, contacts or notes
  • Restricted set of IT policies - which vary from device to device - kill handheld won't remove data sync'd locally to device (outside the BB client stack - e.g. Notes)
  • No wireless backup No support for MDS browsing - this is a major issue if you want to web-browse/IM and BB Connect Email
  • Lookups against the Corporate Directory only returns the email address not all the contact info including phone numbers like the BB lookup. (This was introduced in BB Connect v2.1.2.31)
  • PIN to PIN messaging doesn't work
  • Maximum attachment size of 32k (as of v2.1.2.31 on wm5)
This means that the IT dept don't get involved, unless you cannot install the software on the PC due to restrictions etc.
0
 

Author Comment

by:ambush276
ID: 24805686
right but in version 4.0 u can do PIM backup on the phone? also does the comptuer need to be on? that is kind of the next question.. ive been rea dying and it doesnt seem to have to be (im using bb connect 4)? so yea...?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 24805714
Short answer is I don't know for sure.  Don't have any BB users within my customers who use this method.
Trial it and see how you get on.
0
 

Author Comment

by:ambush276
ID: 24819617
im trying tomorrow and will let u know/ questions
0
 

Author Comment

by:ambush276
ID: 24836374
ok well bbconnect is not supported on my device. but i figured it out.. kind of ....

im using a free service from seven.com basically its a PIM app that connects to exchange and runs on his computer but forwards email, contacts, calendar etc... The computer has to be on (but at night they have some energystar thing and special motherboard, that keeps the computer running while only using ... like with 50 computers on at night it uses less power than a lightbulb type thing idk.., but the computer is never fully turned off so the seven.com program works. If he didnt have server 2007 then the seven.com will work even with the computer turned off (connects to exchange 2003 and 2000 situations) through an online client so no need for actualyl computer on, but with 2007 his computer stays on so its fine and it runs in the phone in the background and seemlessly integreates into his outlook program on the phone. It works for now (and is actually faster than Direct Push). Its working great and hopefully it will continue to do so!
0
 

Author Closing Comment

by:ambush276
ID: 31599996
awesome support, i will contact you with any problems in the future thanks for your time!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24836385
Glad you got a solution working in the end - bit of an uphill struggle, but full credit to you for your determination.
Fingers crossed it keeps working for you.
Alan
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now