asked on
Cannot Connect to Exchange 2010 Servr using Active Sync
I have a new Exchange 2010 server that I am trying to connect to via active sync. Presently I am still using my old Exchange 2003 server for this with out any trouble. When I go into my firewall and point port 80 to the new Exchange IP Address I get a cannot connect to server error. As soon as I switch back to the old server I can with out any issues. Outlook Web access does work when I make the IP switch for port 80 on the new server.
Thoughts? The error says cannot connect to server.
Thoughts? The error says cannot connect to server.
Exchange
Last Comment
stacystyles
Alanhardisty is correct, by default Exchange 2010 will use HTTPS(443) for OWA. You can manually change it in the Client Access portion of Exchange Management Console.
ASKER
Right now I am testing it this way as we do not have a ssl enabled on our old server and just want to get connectivity working.
ASKER
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.acuotech.com in DNS.
Host successfully resolved
Additional Details
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name mail.acuotech.com does not match any name found on the server certificate CN=WMSvc-EXCHANGE
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.acuotech.com in DNS.
Host successfully resolved
Additional Details
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name mail.acuotech.com does not match any name found on the server certificate CN=WMSvc-EXCHANGE
You would be best advised to purchase a 3rd party SSL certificate from somewhere like GoDaddy.com (about the cheapest) and install that on your server to make life easier.
You will need a Multi-Name cert (SAN / UCC) to work properly and will need the following names included:
mail.yourdomain.com
Autodiscover.yourdomain.co
Internalservername.interna
Internalservername
An SSL certificate will make life much easier and will mean no certificate errors for any Exchange functions.
The default Exchange 2010 SSL certificate is not ideal.
You will need a Multi-Name cert (SAN / UCC) to work properly and will need the following names included:
mail.yourdomain.com
Autodiscover.yourdomain.co
Internalservername.interna
Internalservername
An SSL certificate will make life much easier and will mean no certificate errors for any Exchange functions.
The default Exchange 2010 SSL certificate is not ideal.
that looks like certificate problem. try to ignore certificate trust and check again if that works.
And alanhardisty is correct on rest of the part.
And alanhardisty is correct on rest of the part.
ASKER
I did check ignore certs and it still did that. I have ordered a cert from Go Daddy and will let you know tomorrow when I get it how it looks
ASKER
Ok I purchased a Cert from Go Daddy and this is what I get now.
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.acuotech.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 173.11.47.241
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.acuotech.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 173.11.47.241
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Your certificate is issued to acuotech.com and you are trying to access mail.acuotech.com - they need to match and they need to resolve to the IP of your Exchange server.
Did you buy a SAN / UCC certificate (Multi-Name) certificate - minimum 5 names, or a single name certificate as per my previous comment?
Your certificate should be named mail.acuotech.com for things to work properly. You can either re-key the certificate if it is a SAN / UCC certificate or if only a single name certificate, you bought the wrong certificate.
Did you buy a SAN / UCC certificate (Multi-Name) certificate - minimum 5 names, or a single name certificate as per my previous comment?
Your certificate should be named mail.acuotech.com for things to work properly. You can either re-key the certificate if it is a SAN / UCC certificate or if only a single name certificate, you bought the wrong certificate.
ASKER
I bought the Multi Name min 5 names cert. Where do I rekey the cert at?
you got subject alternative names as
DNS Name=acuotech.com
DNS Name=www.acuotech.com
you need to correct subject alternative name
you will need to add
DNS Name=mail.acuotech.com
DNS Name=autodiscover.acuotech
DNS Name=<internalserverrname>
DNS Name=<internalserver FQDN>
DNS Name=acuotech.com
DNS Name=www.acuotech.com
you need to correct subject alternative name
you will need to add
DNS Name=mail.acuotech.com
DNS Name=autodiscover.acuotech
DNS Name=<internalserverrname>
DNS Name=<internalserver FQDN>
Thanks SangramGohil - I covered that here http:#a33630476
Visit https://www.digicert.com/easy-csr/exchange2007.htm
Follow the prompts to put in the correct details. Copy the output to a file, copy the file to the server, run the output in the Exchange Management Shell and this will generate a new Certifcate Signing Request.
Copy the contents of the Certificate Signing Request into GoDaddy's website where you can re-key the certificate, wait for the certificate, import the certificate, repair the private key (it won't have one and won't allow you to enable it), then enable the certificate and then test again.
Take it step by step and I'll offer relevant instructions at each stage.
Follow the prompts to put in the correct details. Copy the output to a file, copy the file to the server, run the output in the Exchange Management Shell and this will generate a new Certifcate Signing Request.
Copy the contents of the Certificate Signing Request into GoDaddy's website where you can re-key the certificate, wait for the certificate, import the certificate, repair the private key (it won't have one and won't allow you to enable it), then enable the certificate and then test again.
Take it step by step and I'll offer relevant instructions at each stage.
ASKER
I called Go Daddy and the problem was that none of the names took. I am awaiting approval for the new one to be downloaded.
ASKER
Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:00
Read file
Completed
Exchange Management Shell command completed:
Read binary stream from the file 'C:\Users\administrator.GA
Elapsed Time: 00:00:00
acuotech.com.crt
Failed
Error:
Cannot import certificate. A certificate with the thumbprint A0FFF5041BCB4E5012C74AF93F
Exchange Management Shell command attempted:
Import-ExchangeCertificate
Elapsed Time: 00:00:00
Elapsed time: 00:00:00
Read file
Completed
Exchange Management Shell command completed:
Read binary stream from the file 'C:\Users\administrator.GA
Elapsed Time: 00:00:00
acuotech.com.crt
Failed
Error:
Cannot import certificate. A certificate with the thumbprint A0FFF5041BCB4E5012C74AF93F
Exchange Management Shell command attempted:
Import-ExchangeCertificate
Elapsed Time: 00:00:00
ASKER
Talked with GD and now the cert is installed and going to test the connection
ASKER
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.acuotech.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 173.11.47.241
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The certificate name is being validated.
Successfully validated the certificate name
Additional Details
Found hostname mail.acuotech.com in Certificate Subject Alternative Name entry
Validating certificate trust for Windows Mobile Devices
The test passed with some warnings encountered. Please expand the additional details.
Additional Details
Certificate is only trusted on Windows Mobile 5.0 AKU2 (MSFP) and later. Windows Mobile 5.0 devices will not be able to sync. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
The certificate date is being confirmed to ensure the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Certificate is valid: NotBefore = 9/9/2010 7:31:06 PM, NotAfter = 9/9/2013 2:08:54 PM"
The IIS configuration is being checked for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates not configured.
Testing Http Authentication Methods for URL https://mail.acuotech.com/Microsoft-Server-Activesync/
The HTTP authentication methods are correct.
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the ActiveSync session
Test Steps
ExRCA is attempting to send the OPTIONS command to the server.
OPTIONS response was successfully received and is valid
Additional Details
Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.0
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Thu, 09 Sep 2010 19:41:08 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ExRCA is attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.acuotech.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 173.11.47.241
Testing TCP Port 443 on host mail.acuotech.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The certificate name is being validated.
Successfully validated the certificate name
Additional Details
Found hostname mail.acuotech.com in Certificate Subject Alternative Name entry
Validating certificate trust for Windows Mobile Devices
The test passed with some warnings encountered. Please expand the additional details.
Additional Details
Certificate is only trusted on Windows Mobile 5.0 AKU2 (MSFP) and later. Windows Mobile 5.0 devices will not be able to sync. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
The certificate date is being confirmed to ensure the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Certificate is valid: NotBefore = 9/9/2010 7:31:06 PM, NotAfter = 9/9/2013 2:08:54 PM"
The IIS configuration is being checked for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates not configured.
Testing Http Authentication Methods for URL https://mail.acuotech.com/Microsoft-Server-Activesync/
The HTTP authentication methods are correct.
Additional Details
Found all expected authentication methods and no disallowed methods. Methods Found: Basic
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the ActiveSync session
Test Steps
ExRCA is attempting to send the OPTIONS command to the server.
OPTIONS response was successfully received and is valid
Additional Details
Headers received: Allow: OPTIONS,POST
MS-Server-ActiveSync: 14.0
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0
MS-ASProtocolCommands: Sync,SendMail,SmartForward
Public: OPTIONS,POST
Content-Length: 0
Cache-Control: private
Date: Thu, 09 Sep 2010 19:41:08 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ExRCA is attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you very much. This did the trick.
Have you forwarded port 443 too?