Solved

Active sync SSL not working with windows 7 phone

Posted on 2010-11-09
9
2,174 Views
Last Modified: 2012-05-10
have a new samsung windows 7 phone, trying to get active sync to my indows exchange 2003 server using a  issued SSL.

when i try and connect outlook to the exchange i get error: “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d” (server reqs SSL is checked)

when i go to mail.-blah-.com/exchage i can log into the email account and it works from there, so the phone should have a SSL it downloaded via IE.
i went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them, phone said that one or more certs were sucessfuly installed, then trying to sync with phone, still getting the “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d”  also the phone does have a 10 min screen lock setting turned on (idk if exchange wants it shorter or anything if that may be a problem)

also, i have tryed exporting the .cer in format base64.cer sending it to the phone, and installing, the phone says the cert is installed, but still getting a cert error.  not this is a cert that we as a company made from a PSK, it is not from a CA

here is one idea a co-worker and were emailing around:
"since I exported the SSLs out of IIS, I know they are the right ones.  Since the phone can access the web based exchange (and work), I know the SSL is in the phone.  Chris is thinking there is a chance there’s a bug or something, that exchange is looking in its own directory (or at least a different place from IE) for an SSL, and when I manually installed the SSL onto the smart phone, it could of installed into a directory where IE looks for SSLs, since the web based version works, but outlook does not look there.  Now… to find out how to decide where outlook would look for a SSL, and then how to install the SSL into that directory.  "

any ideas would be great
thank you,
Steven
0
Comment
Question by:sdmarek
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:prashant_sawant
ID: 34099586
Inorder to resolve the activesync ssl issue please refer : http://support.microsoft.com/kb/817379 and follow the method 2.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34099860
So are you saying that you can browse OWA from the phone without certificate warnings?
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34102513
for that support.microsoft method 2, not too sure how much i like trying to change the reg to make a virtual directory for Exchange that does not require SSL.  this is a important production service in the company, also every one in company has a smart phone and they all work with exchange, the only phone not working is the samsung windows 7 phone (the one that came out this last monday to the USA)

Mega, when the phone is first pwoered on, when i go to OWA, i do get the cert warning, press continue to this web page.  when you do that once it does not show you that page (for OWA or OMA) untill the phone is powered off.  once the phone is powered off it promps that page to you again.  

also, little note:  when going to the OWA, it ask you for a username and pass, you enter it, get the promp the fist time since pwoer off, hit continue, have to enter user name and pass again (hit the remeber user name and pass check box) and it will remember the user name and pass and not ask you again, untill you repower the phone, then you have to go through that again.

i am wondering if the phone is not keeping the .cer files or not correctly installing them, and on  this phone i cant tell where it is storing or trying to keep them, i am not aware of a way to view the certs that are currently installed on the phone.

thank you
steven
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Author Comment

by:sdmarek
ID: 34102771
can someone verify this is correct:  went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them (by clicking on them), phone said that one or more certs were sucessfuly installed

-steven
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34106831
if anyone has a few ideas, that would be great, if not at end of work day gona take this phone back and get either a droid or iphone and just not use window 7 phones in company again

thank you
-steven
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 34109579
Have a look at this page http://www.jacco2.dds.nl/networking/windowsmobile-certinstall.html#Import

Hopefully it is still relevant for WM7

Try the utilis for getting your cert into the trusted root store
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34112482
Mega, that is how i installed the SSL, i later found out that windows 7 phones have 4-6 security policys that has to be meet for it to sync. so even though the SSL is there, if it didnt meet each of the policys it wont connect. as for that link, it looks like its all correct, except i was reading that the windows 7 phone only supports .CER files in base62 format and not binary, and i think i waseted time thinking it was a .CER problem it was is really a policy problem.

anyways, i took the windows 7 phone back to the store, got a android phone, for that phone, all i did was go to the OWA, hit the continue button to get the SSL.  then set up the user name and pass, domain, and mail server in out look, hit OK and it started working. fast and easy with the android phone, so at least till the next patch for the windows 7 phone comes out to allow me to change the policys on the phone, we arnt gona use them at this company and stay with either: iphones, android phones, windows phones OSv. 6.5 or lower, or blackberry(we have a black berry interprise server running)

thank you,
steven

thanks for the help
0
 
LVL 2

Author Closing Comment

by:sdmarek
ID: 34112488
i just got a new phone
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34113981
Yep, it is one of the reasons I prefer my iPhone to WM6.5=no cert problems

Thanks for the points
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you irritated by repeating emails issue in Microsoft Outlook 2016 after recent update ?  Lets’ see how to resolve and prevent duplicate emails in the Outlook 2016 using some simple techniques.
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question