Solved

Active sync SSL not working with windows 7 phone

Posted on 2010-11-09
9
2,165 Views
Last Modified: 2012-05-10
have a new samsung windows 7 phone, trying to get active sync to my indows exchange 2003 server using a  issued SSL.

when i try and connect outlook to the exchange i get error: “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d” (server reqs SSL is checked)

when i go to mail.-blah-.com/exchage i can log into the email account and it works from there, so the phone should have a SSL it downloaded via IE.
i went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them, phone said that one or more certs were sucessfuly installed, then trying to sync with phone, still getting the “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d”  also the phone does have a 10 min screen lock setting turned on (idk if exchange wants it shorter or anything if that may be a problem)

also, i have tryed exporting the .cer in format base64.cer sending it to the phone, and installing, the phone says the cert is installed, but still getting a cert error.  not this is a cert that we as a company made from a PSK, it is not from a CA

here is one idea a co-worker and were emailing around:
"since I exported the SSLs out of IIS, I know they are the right ones.  Since the phone can access the web based exchange (and work), I know the SSL is in the phone.  Chris is thinking there is a chance there’s a bug or something, that exchange is looking in its own directory (or at least a different place from IE) for an SSL, and when I manually installed the SSL onto the smart phone, it could of installed into a directory where IE looks for SSLs, since the web based version works, but outlook does not look there.  Now… to find out how to decide where outlook would look for a SSL, and then how to install the SSL into that directory.  "

any ideas would be great
thank you,
Steven
0
Comment
Question by:sdmarek
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:prashant_sawant
ID: 34099586
Inorder to resolve the activesync ssl issue please refer : http://support.microsoft.com/kb/817379 and follow the method 2.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34099860
So are you saying that you can browse OWA from the phone without certificate warnings?
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34102513
for that support.microsoft method 2, not too sure how much i like trying to change the reg to make a virtual directory for Exchange that does not require SSL.  this is a important production service in the company, also every one in company has a smart phone and they all work with exchange, the only phone not working is the samsung windows 7 phone (the one that came out this last monday to the USA)

Mega, when the phone is first pwoered on, when i go to OWA, i do get the cert warning, press continue to this web page.  when you do that once it does not show you that page (for OWA or OMA) untill the phone is powered off.  once the phone is powered off it promps that page to you again.  

also, little note:  when going to the OWA, it ask you for a username and pass, you enter it, get the promp the fist time since pwoer off, hit continue, have to enter user name and pass again (hit the remeber user name and pass check box) and it will remember the user name and pass and not ask you again, untill you repower the phone, then you have to go through that again.

i am wondering if the phone is not keeping the .cer files or not correctly installing them, and on  this phone i cant tell where it is storing or trying to keep them, i am not aware of a way to view the certs that are currently installed on the phone.

thank you
steven
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34102771
can someone verify this is correct:  went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them (by clicking on them), phone said that one or more certs were sucessfuly installed

-steven
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Author Comment

by:sdmarek
ID: 34106831
if anyone has a few ideas, that would be great, if not at end of work day gona take this phone back and get either a droid or iphone and just not use window 7 phones in company again

thank you
-steven
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 34109579
Have a look at this page http://www.jacco2.dds.nl/networking/windowsmobile-certinstall.html#Import

Hopefully it is still relevant for WM7

Try the utilis for getting your cert into the trusted root store
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34112482
Mega, that is how i installed the SSL, i later found out that windows 7 phones have 4-6 security policys that has to be meet for it to sync. so even though the SSL is there, if it didnt meet each of the policys it wont connect. as for that link, it looks like its all correct, except i was reading that the windows 7 phone only supports .CER files in base62 format and not binary, and i think i waseted time thinking it was a .CER problem it was is really a policy problem.

anyways, i took the windows 7 phone back to the store, got a android phone, for that phone, all i did was go to the OWA, hit the continue button to get the SSL.  then set up the user name and pass, domain, and mail server in out look, hit OK and it started working. fast and easy with the android phone, so at least till the next patch for the windows 7 phone comes out to allow me to change the policys on the phone, we arnt gona use them at this company and stay with either: iphones, android phones, windows phones OSv. 6.5 or lower, or blackberry(we have a black berry interprise server running)

thank you,
steven

thanks for the help
0
 
LVL 2

Author Closing Comment

by:sdmarek
ID: 34112488
i just got a new phone
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34113981
Yep, it is one of the reasons I prefer my iPhone to WM6.5=no cert problems

Thanks for the points
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now