help with activesync

Our SBS2003 died and we replaced it with a SBS2008 server. Our pocket PCs worked just fine with syncing with SBS2003, but with SBS2007 we are having a problem.
We can get mail ok if we connect using in house wireless net work, however if we try and connect using other wireless networks or the G3 on the telephone we get:
"The security certifacate on the server is not valid. Contact your Exchange Server Admin or ISP to install a valid certificate on the server.Support code 0x80072F06.

We do not have a static IP address to our server but with SBS2003 we used a redirection service which gave the current IP address and worked perfectly.  But with sbs2008 we cannot connect.
Please can anyone tell me how to fix this.
Thanks
Sam
samcoryAsked:
Who is Participating?
 
samcoryAuthor Commented:
Ok I soved it with sbs2003 the server name on the PPC can be the IP address of the server and the PPC will connect and get email. Because I do not have a static IP i use a service (www.no-ip.net) which puts a small app on the server that sends up to it the current ip address every 15 minutes or so. All I have to do on the PPC is put in the unique name that NO-IP gave me (e.g. sams-server.no-ip.net) in the server box and it gets translated to the current IP address.
Unfortunately "sams-server.no-ip.net" does not match the automatic self issued certifcate given by SBS2008 which is in the name of  "remote.sams-server.com" .
To resolve this I added a CNAME RECORD on my webserver  of "REMOTE.SAMS-SERVER.COM" which pionts to "SAMS-SERVER.NO-IP.NET" (which pionts to my current IP) so now the connection is made with the coreect name to the certificate, and everything works.
I hope I have made myself clear.
Thanks for everyones help

Sam
0
 
Phil_taylor1980Commented:
it sounds like you are trying to connect using ssl?
Exchange 2007 will reate a certificate when the server is installed. This will normally be the name of the exchange system. so if your exchange server is calll mbxserver, it produces a cert called "mbxserver".

if you are connecting by IP or DNS  the address will not match the cert and will fail as it wont look vaild. If the certifcate is produced by your AD then pc/devices that are not on the domain will not have the certificat in the trusted store.

so deivces you can tell them to accpet the cert and ingore the waring, however it largely depends on the deivce you are using.

To remove the cert error, you can connect of HTTP but i really would not recommend it as it open up a big security hole as you usernames and passwords are sent unencryped.

id that of anyuse?
0
 
samcoryAuthor Commented:
We are running HTC Touch HD pcoket PCs runing Windows Mobile Professional 6.1.

If I turn of SSL and just putin the IP address the pocket pc returns the follwing error:
"The server you are synconising with is not an exchange server, or is running incompatible software. Choose Configure #Server on the ActiveSync menu to specify the correct server.
Support code0x85030022
0
 
Phil_taylor1980Commented:
have you allowed http on the default website in IIS?
0
 
Alan HardistyCo-OwnerCommented:
Have you installed a 3rd Party Trusted SSL (SAN / UCC - Multi Name) certificate on your server?
Microsoft advise that if you don't - Activesync will not work properly (see the limitations of the Self-Signed Certificate):
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.