Windows SBS 2008  and Mobile 6 certificate issue

Posted on 2010-01-08
Last Modified: 2013-12-05
I have an issue I need help with on Small Business server 2008 and Windows Mobile. I am trying to sync over the internet.

I am running the following:
SBS 2008 64bit
Exchange 2007 (thebuildt in version)
Self signed certificate
Windows mobile 6.2 on a Samsung I 760
The SBS server is behind a firewall, and I am port forwarding 443 from the firewall to the internal SBS server address.

I have followed the MS document for Over the air sync, and it keeps failing with a certificate error.

I  have added the cert using the package. I have tried manually adding the certificate.

Nothing seems to work.

OWA is working andI can login with the password and user id, from the "mobile id"

Where do I start trouble shooting this problem?
Question by:bdorsey63
    LVL 49

    Expert Comment

    Using self-signed certificate is not a good idea, you can very easily get a 3rd party one for v. cheap or even install you own internal CA and issue one for free.

    If you get a 3rd party certificate you will need to do nothing on WM, if you install your own CA then you will need to d/l the root CA certificate and install it on WM just by double click on it.

    OWA is working but Outlook Anywhere/Active sync won't work

    LVL 76

    Accepted Solution

    Please review the following article for te limitations of using a self-signed SSL certificate with Exchange 2007:
    Your best bet (as already mentioned) is to buy a 3rd party SSL certificate and some of the cheapest can be found at which are GoDaddy certificates.
    You will need to purchase a SAN / UCC (multi name) certificate to get everything up and working properly and here is an excellent article that discusses what names you should have by default:

    Author Comment

    I read the article. In it it states: (this is the common name, the name that your MX records point to will be used for OWA,IMAP/POP3/SMTP and Exchange ActiveSync - plus it is the reverse DNS record on your static IP address)

    I am not using this SBS server on the internet directly. And my MX record points to a different ip address, than where my SBS server is located.

    The MX records points to an outsourced IP address at a hosting company. I relay outbound emal thru them. And I use the pop connector to get the email from the remote accounts.

    The ip address for my firewall currently does not resolve to my domian name. It is a business level IP address I get from quest, into my business location.  I am forwarding 443 traffic to my internal exchange server. I was hoping to just use an IP address to active sync, and not a resolved domain name.

    Is it still possible to Over the air sync with the way I have it setup.
    LVL 49

    Assisted Solution

    I am not sure I got what you wrote

    first you say that the name your MX records points to will be used for OWA etc...

    then you say that the MX is pointing to another IP since you relay outbound email ?

    anyway for activesync as long as you can have any FQDN pointing to a real IP and that IP forwards HTTPS requests to your exchange box then you can have ActiveSync working
    LVL 76

    Expert Comment

    by:Alan Hardisty
    Activesync will work using an IP address but activesync only needs port 443 pen and forwarded to work so you are there nearly.

    I would setup an fqdn in dns and setup a certificate using the fqdn.

    Author Comment


    "I read the article. In it it states: (this is the common name, the name that your MX records point to will be used for OWA,IMAP/POP3/SMTP and Exchange ActiveSync - plus it is the reverse DNS record on your static IP address)"

    That was a quote from the document.


    Author Closing Comment

    Thanks for the help.

    The last problem was the FQDN , I had to add an A record to DNS and it worked.

    I did not use a 3rd party certificate. I used the internal. SBS creates a "packaged certificate." This is not the certificate that worked on the mobile. The mobile certificate must match the OWA cert. In my case,

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now