• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

Windows SBS 2008 and Mobile 6 certificate issue

I have an issue I need help with on Small Business server 2008 and Windows Mobile. I am trying to sync over the internet.

I am running the following:
SBS 2008 64bit
Exchange 2007 (thebuildt in version)
Self signed certificate
Windows mobile 6.2 on a Samsung I 760
The SBS server is behind a firewall, and I am port forwarding 443 from the firewall to the internal SBS server address.

I have followed the MS document for Over the air sync, and it keeps failing with a certificate error.


I  have added the cert using the package. I have tried manually adding the certificate.

Nothing seems to work.

OWA is working andI can login with the password and user id, from the "mobile id"

Where do I start trouble shooting this problem?
  • 3
  • 2
  • 2
2 Solutions
Using self-signed certificate is not a good idea, you can very easily get a 3rd party one for v. cheap or even install you own internal CA and issue one for free.

If you get a 3rd party certificate you will need to do nothing on WM, if you install your own CA then you will need to d/l the root CA certificate and install it on WM just by double click on it.

OWA is working but Outlook Anywhere/Active sync won't work

Alan HardistyCo-OwnerCommented:
Please review the following article for te limitations of using a self-signed SSL certificate with Exchange 2007:
Your best bet (as already mentioned) is to buy a 3rd party SSL certificate and some of the cheapest can be found at http://certificatesforexchange.com/ which are GoDaddy certificates.
You will need to purchase a SAN / UCC (multi name) certificate to get everything up and working properly and here is an excellent article that discusses what names you should have by default:
bdorsey63Author Commented:
I read the article. In it it states:

mail.example.com (this is the common name, the name that your MX records point to will be used for OWA,IMAP/POP3/SMTP and Exchange ActiveSync - plus it is the reverse DNS record on your static IP address)

I am not using this SBS server on the internet directly. And my MX record points to a different ip address, than where my SBS server is located.

The MX records points to an outsourced IP address at a hosting company. I relay outbound emal thru them. And I use the pop connector to get the email from the remote accounts.

The ip address for my firewall currently does not resolve to my domian name. It is a business level IP address I get from quest, into my business location.  I am forwarding 443 traffic to my internal exchange server. I was hoping to just use an IP address to active sync, and not a resolved domain name.

Is it still possible to Over the air sync with the way I have it setup.
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

I am not sure I got what you wrote

first you say that the name your MX records points to will be used for OWA etc...

then you say that the MX is pointing to another IP since you relay outbound email ?

anyway for activesync as long as you can have any FQDN pointing to a real IP and that IP forwards HTTPS requests to your exchange box then you can have ActiveSync working
Alan HardistyCo-OwnerCommented:
Activesync will work using an IP address but activesync only needs port 443 pen and forwarded to work so you are there nearly.

I would setup an fqdn in dns and setup a certificate using the fqdn.
bdorsey63Author Commented:

"I read the article. In it it states:

mail.example.com (this is the common name, the name that your MX records point to will be used for OWA,IMAP/POP3/SMTP and Exchange ActiveSync - plus it is the reverse DNS record on your static IP address)"

That was a quote from the document.

bdorsey63Author Commented:
Thanks for the help.

The last problem was the FQDN , I had to add an A record to DNS and it worked.

I did not use a 3rd party certificate. I used the internal. SBS creates a "packaged certificate." This is not the certificate that worked on the mobile. The mobile certificate must match the OWA cert. In my case, remote.xxxx.com
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now