Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Active sync SSL not working with windows 7 phone

Posted on 2010-11-09
9
2,177 Views
Last Modified: 2012-05-10
have a new samsung windows 7 phone, trying to get active sync to my indows exchange 2003 server using a  issued SSL.

when i try and connect outlook to the exchange i get error: “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d” (server reqs SSL is checked)

when i go to mail.-blah-.com/exchage i can log into the email account and it works from there, so the phone should have a SSL it downloaded via IE.
i went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them, phone said that one or more certs were sucessfuly installed, then trying to sync with phone, still getting the “there is a problem with the certificate for mail.-blah-.com, error code: 80072f0d”  also the phone does have a 10 min screen lock setting turned on (idk if exchange wants it shorter or anything if that may be a problem)

also, i have tryed exporting the .cer in format base64.cer sending it to the phone, and installing, the phone says the cert is installed, but still getting a cert error.  not this is a cert that we as a company made from a PSK, it is not from a CA

here is one idea a co-worker and were emailing around:
"since I exported the SSLs out of IIS, I know they are the right ones.  Since the phone can access the web based exchange (and work), I know the SSL is in the phone.  Chris is thinking there is a chance there’s a bug or something, that exchange is looking in its own directory (or at least a different place from IE) for an SSL, and when I manually installed the SSL onto the smart phone, it could of installed into a directory where IE looks for SSLs, since the web based version works, but outlook does not look there.  Now… to find out how to decide where outlook would look for a SSL, and then how to install the SSL into that directory.  "

any ideas would be great
thank you,
Steven
0
Comment
Question by:sdmarek
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:prashant_sawant
ID: 34099586
Inorder to resolve the activesync ssl issue please refer : http://support.microsoft.com/kb/817379 and follow the method 2.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34099860
So are you saying that you can browse OWA from the phone without certificate warnings?
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34102513
for that support.microsoft method 2, not too sure how much i like trying to change the reg to make a virtual directory for Exchange that does not require SSL.  this is a important production service in the company, also every one in company has a smart phone and they all work with exchange, the only phone not working is the samsung windows 7 phone (the one that came out this last monday to the USA)

Mega, when the phone is first pwoered on, when i go to OWA, i do get the cert warning, press continue to this web page.  when you do that once it does not show you that page (for OWA or OMA) untill the phone is powered off.  once the phone is powered off it promps that page to you again.  

also, little note:  when going to the OWA, it ask you for a username and pass, you enter it, get the promp the fist time since pwoer off, hit continue, have to enter user name and pass again (hit the remeber user name and pass check box) and it will remember the user name and pass and not ask you again, untill you repower the phone, then you have to go through that again.

i am wondering if the phone is not keeping the .cer files or not correctly installing them, and on  this phone i cant tell where it is storing or trying to keep them, i am not aware of a way to view the certs that are currently installed on the phone.

thank you
steven
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 2

Author Comment

by:sdmarek
ID: 34102771
can someone verify this is correct:  went onto my exchange server , ran mmc, added cert snap in, went to personal, exported the certs, emailed them to the phone, installed them (by clicking on them), phone said that one or more certs were sucessfuly installed

-steven
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34106831
if anyone has a few ideas, that would be great, if not at end of work day gona take this phone back and get either a droid or iphone and just not use window 7 phones in company again

thank you
-steven
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 34109579
Have a look at this page http://www.jacco2.dds.nl/networking/windowsmobile-certinstall.html#Import

Hopefully it is still relevant for WM7

Try the utilis for getting your cert into the trusted root store
0
 
LVL 2

Author Comment

by:sdmarek
ID: 34112482
Mega, that is how i installed the SSL, i later found out that windows 7 phones have 4-6 security policys that has to be meet for it to sync. so even though the SSL is there, if it didnt meet each of the policys it wont connect. as for that link, it looks like its all correct, except i was reading that the windows 7 phone only supports .CER files in base62 format and not binary, and i think i waseted time thinking it was a .CER problem it was is really a policy problem.

anyways, i took the windows 7 phone back to the store, got a android phone, for that phone, all i did was go to the OWA, hit the continue button to get the SSL.  then set up the user name and pass, domain, and mail server in out look, hit OK and it started working. fast and easy with the android phone, so at least till the next patch for the windows 7 phone comes out to allow me to change the policys on the phone, we arnt gona use them at this company and stay with either: iphones, android phones, windows phones OSv. 6.5 or lower, or blackberry(we have a black berry interprise server running)

thank you,
steven

thanks for the help
0
 
LVL 2

Author Closing Comment

by:sdmarek
ID: 34112488
i just got a new phone
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34113981
Yep, it is one of the reasons I prefer my iPhone to WM6.5=no cert problems

Thanks for the points
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video discusses moving either the default database or any database to a new volume.

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question