[Last Call] Learn how to a build a cloud-first strategyRegister Now


Windows SBS 2008  and Mobile 6 certificate issue

Posted on 2010-01-08
Medium Priority
Last Modified: 2013-12-05
I have an issue I need help with on Small Business server 2008 and Windows Mobile. I am trying to sync over the internet.

I am running the following:
SBS 2008 64bit
Exchange 2007 (thebuildt in version)
Self signed certificate
Windows mobile 6.2 on a Samsung I 760
The SBS server is behind a firewall, and I am port forwarding 443 from the firewall to the internal SBS server address.

I have followed the MS document for Over the air sync, and it keeps failing with a certificate error.


I  have added the cert using the package. I have tried manually adding the certificate.

Nothing seems to work.

OWA is working andI can login with the password and user id, from the "mobile id"

Where do I start trouble shooting this problem?
Question by:bdorsey63
  • 3
  • 2
  • 2
LVL 49

Expert Comment

ID: 26266395
Using self-signed certificate is not a good idea, you can very easily get a 3rd party one for v. cheap or even install you own internal CA and issue one for free.

If you get a 3rd party certificate you will need to do nothing on WM, if you install your own CA then you will need to d/l the root CA certificate and install it on WM just by double click on it.

OWA is working but Outlook Anywhere/Active sync won't work

LVL 76

Accepted Solution

Alan Hardisty earned 750 total points
ID: 26273555
Please review the following article for te limitations of using a self-signed SSL certificate with Exchange 2007:
Your best bet (as already mentioned) is to buy a 3rd party SSL certificate and some of the cheapest can be found at http://certificatesforexchange.com/ which are GoDaddy certificates.
You will need to purchase a SAN / UCC (multi name) certificate to get everything up and working properly and here is an excellent article that discusses what names you should have by default:

Author Comment

ID: 26273929
I read the article. In it it states:

mail.example.com (this is the common name, the name that your MX records point to will be used for OWA,IMAP/POP3/SMTP and Exchange ActiveSync - plus it is the reverse DNS record on your static IP address)

I am not using this SBS server on the internet directly. And my MX record points to a different ip address, than where my SBS server is located.

The MX records points to an outsourced IP address at a hosting company. I relay outbound emal thru them. And I use the pop connector to get the email from the remote accounts.

The ip address for my firewall currently does not resolve to my domian name. It is a business level IP address I get from quest, into my business location.  I am forwarding 443 traffic to my internal exchange server. I was hoping to just use an IP address to active sync, and not a resolved domain name.

Is it still possible to Over the air sync with the way I have it setup.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 49

Assisted Solution

Akhater earned 750 total points
ID: 26273949
I am not sure I got what you wrote

first you say that the name your MX records points to will be used for OWA etc...

then you say that the MX is pointing to another IP since you relay outbound email ?

anyway for activesync as long as you can have any FQDN pointing to a real IP and that IP forwards HTTPS requests to your exchange box then you can have ActiveSync working
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26273956
Activesync will work using an IP address but activesync only needs port 443 pen and forwarded to work so you are there nearly.

I would setup an fqdn in dns and setup a certificate using the fqdn.

Author Comment

ID: 26277619

"I read the article. In it it states:

mail.example.com (this is the common name, the name that your MX records point to will be used for OWA,IMAP/POP3/SMTP and Exchange ActiveSync - plus it is the reverse DNS record on your static IP address)"

That was a quote from the document.


Author Closing Comment

ID: 31674893
Thanks for the help.

The last problem was the FQDN , I had to add an A record to DNS and it worked.

I did not use a 3rd party certificate. I used the internal. SBS creates a "packaged certificate." This is not the certificate that worked on the mobile. The mobile certificate must match the OWA cert. In my case, remote.xxxx.com

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question