I manage an SBS 2003 Premium system that has Exchange 2003 and ISA 2004. The problem relates to iPhones that used to be able to get email from the Exchange mailbox but now cannot. The problem arose when I replaced the self-signed certificate with an SSL (standard) certificate from GoDaddy. I believe the GoDaddy SSL certificate is installed correctly because now Outlook Web Access and Remote Web Workplace no longer complains about the site's security when the server is accessed from outside.
The certificate that I had was for secure.mydomain.org and the certificate I requested was for secure.mydomain.org.
The iPhone Exchange-connecting account previously had been working through my yearly (on the server) renewal of certificate secure.mydomain.org through http://
<server>/certsrv and then moving it to the iPhone where clicking on it installed it on the iPhone.
I followed the directions in the article http://www.smallbizserver.net/Default.aspx?tabid=266&Id=283
, i.e. using IIS 6 Manager to create a dummy new web site (at the same level as Default Web Site) called secure.mydomain.org and using that website to create the request for new certificate secure.mydomain.org. This may be significant: At the time I requested the certificate for the dummy web site the iPhone access stopped working.
On the next day I finished the process, i.e. actually requesting and receiving and then installing the GoDaddy-provided certificate into that dummy site and then updating the Web Listener in ISA 2004 with that new certificate.
Now, nothing that I try on the iPhone will make it actually get the email. What happens is that the iPhone apparently validates to the server OK but when you try to sync the email using that Exchange account, it briefly says "Updating" and then stops, with no error message but no content actually downloaded.
We have tried removing the previously installed secure.mydomain.org "profile" from the Networks on the iPhone, and resetting the Network properties, redefining the Exchange email account on the iPhone, with no success. We have installed a copy of the new secure.mydomain.org certificate exported from the Personal store in the Certificates mmc on the server -- no luck.
Question: I now have several secure.mydomain.org certificates in my Personal store on the server, the last self-signed one will expire on 4/23/10, and the most recent of course being the one issued by GoDaddy. Do these conflict at all?
Question: Is it necessary to export any GoDaddy intermediate certificates from the Certificates mmc on the server, and install them? It is really not clear to me. The article http://www.smallbizserver.net/Default.aspx?tabid=266&Id=283
discusses the need with some phones to have intermediate certificates and says how to export them but never says where you need to import them.
I have not yet deleted the dummy website secure.mydomain.com. I know I need to do that but since not all is OK, I have not done it yet. I cannot see how the existence of that site can be affecting this.
I am hopeful that you can give some guidance to how to get my iPhone users happy again.