?
Solved

Active sync SSL not working with windows 7 phone

Posted on 2010-11-09
9
Medium Priority
?
2,213 Views
Last Modified: 2012-05-10
have a new samsung windows 7 phone, trying to get active sync to my indows exchange 2003 server using a  issued SSL.

when i try and connect outlook to the exchange i get error: “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d” (server reqs SSL is checked)

when i go to mail.-blah-.com/exchage i can log into the email account and it works from there, so the phone should have a SSL it downloaded via IE.
i went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them, phone said that one or more certs were sucessfuly installed, then trying to sync with phone, still getting the “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d”  also the phone does have a 10 min screen lock setting turned on (idk if exchange wants it shorter or anything if that may be a problem)

also, i have tryed exporting the .cer in format base64.cer sending it to the phone, and installing, the phone says the cert is installed, but still getting a cert error.  not this is a cert that we as a company made from a PSK, it is not from a CA

here is one idea a co-worker and were emailing around:
"since I exported the SSLs out of IIS, I know they are the right ones.  Since the phone can access the web based exchange (and work), I know the SSL is in the phone.  Chris is thinking there is a chance there’s a bug or something, that exchange is looking in its own directory (or at least a different place from IE) for an SSL, and when I manually installed the SSL onto the smart phone, it could of installed into a directory where IE looks for SSLs, since the web based version works, but outlook does not look there.  Now… to find out how to decide where outlook would look for a SSL, and then how to install the SSL into that directory.  "

any ideas would be great
thank you,
Steven
0
Comment
Question by:sdmarek
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:prashant_sawant
ID: 34099586
Inorder to resolve the activesync ssl issue please refer : http://support.microsoft.com/kb/817379 and follow the method 2.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34099860
So are you saying that you can browse OWA from the phone without certificate warnings?
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34102513
for that support.microsoft method 2, not too sure how much i like trying to change the reg to make a virtual directory for Exchange that does not require SSL.  this is a important production service in the company, also every one in company has a smart phone and they all work with exchange, the only phone not working is the samsung windows 7 phone (the one that came out this last monday to the USA)

Mega, when the phone is first pwoered on, when i go to OWA, i do get the cert warning, press continue to this web page.  when you do that once it does not show you that page (for OWA or OMA) untill the phone is powered off.  once the phone is powered off it promps that page to you again.  

also, little note:  when going to the OWA, it ask you for a username and pass, you enter it, get the promp the fist time since pwoer off, hit continue, have to enter user name and pass again (hit the remeber user name and pass check box) and it will remember the user name and pass and not ask you again, untill you repower the phone, then you have to go through that again.

i am wondering if the phone is not keeping the .cer files or not correctly installing them, and on  this phone i cant tell where it is storing or trying to keep them, i am not aware of a way to view the certs that are currently installed on the phone.

thank you
steven
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 2

Author Comment

by:sdmarek
ID: 34102771
can someone verify this is correct:  went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them (by clicking on them), phone said that one or more certs were sucessfuly installed

-steven
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34106831
if anyone has a few ideas, that would be great, if not at end of work day gona take this phone back and get either a droid or iphone and just not use window 7 phones in company again

thank you
-steven
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 2000 total points
ID: 34109579
Have a look at this page http://www.jacco2.dds.nl/networking/windowsmobile-certinstall.html#Import

Hopefully it is still relevant for WM7

Try the utilis for getting your cert into the trusted root store
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34112482
Mega, that is how i installed the SSL, i later found out that windows 7 phones have 4-6 security policys that has to be meet for it to sync. so even though the SSL is there, if it didnt meet each of the policys it wont connect. as for that link, it looks like its all correct, except i was reading that the windows 7 phone only supports .CER files in base62 format and not binary, and i think i waseted time thinking it was a .CER problem it was is really a policy problem.

anyways, i took the windows 7 phone back to the store, got a android phone, for that phone, all i did was go to the OWA, hit the continue button to get the SSL.  then set up the user name and pass, domain, and mail server in out look, hit OK and it started working. fast and easy with the android phone, so at least till the next patch for the windows 7 phone comes out to allow me to change the policys on the phone, we arnt gona use them at this company and stay with either: iphones, android phones, windows phones OSv. 6.5 or lower, or blackberry(we have a black berry interprise server running)

thank you,
steven

thanks for the help
0
 
LVL 2

Author Closing Comment

by:sdmarek
ID: 34112488
i just got a new phone
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34113981
Yep, it is one of the reasons I prefer my iPhone to WM6.5=no cert problems

Thanks for the points
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses
Course of the Month8 days, 23 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question