Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


ActiveSync fails after certificate renewal

Posted on 2011-02-28
Medium Priority
Last Modified: 2013-12-27
Hi Experts,

I recently renewed my certificate on my exchange 2003 server.  Now I have two Palm Treo 700wx's that cannot sync (activesync).  The new and old certificates are from Comodo and was a renewal (old one expired on 2/25/11).

The renewal didn't affect any of our "rpc over https" clients.
The Treo's CAN open the https://...../oma web page and read mail.

The error displayed on the Treo is:  "The security cert. on the server is invalid.  Contact...admin...to install a valid cert. on the server."

The error code is:  0x80072f0d

I'm following this article now and have confirmed that OWA opens on the device:


Should I look somewhere else or am I on the right track?


Question by:iteched1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35001352
I had the same issue with a customer's server.  Please check your IIS settings against my article and hopefully we will get you up and running PDQ.



Author Comment

ID: 35002116
I think I have a clue:

Basically while running the test this popped up:

      The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.

The Treo is a 5.0 device.  It just strikes me strange how the renewal seems to have caused the problem...unless the "new" cert simply isn't understood by WM 5.0.

LVL 76

Expert Comment

by:Alan Hardisty
ID: 35002218
Was the cert 1024 bit or 2048 bit?

Sounds like that won't help if the Treo is WM5.0.

Thinking if there is a solution to keeping the new cert and having the Treo work.
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

LVL 76

Expert Comment

by:Alan Hardisty
ID: 35002231
You can always resort to issuing your own SSL certificate and installing it on the Treo.

How many mobile devices does your server support?  When is the handset due for an upgrade, or do you have a newer one handy in a drawer somewhere?

Author Comment

ID: 35002279
I'm pretty sure it is 2048 bit.

Most of my mobiles devices are Blackberries and iphones.

I could issue my own cert for JUST the Treo's (or Activesync more specifically)...so long as it doesn't affect the Blackberries, iPhones, and outlook "RPC over Https" clients.

I don't mess with this stuff on an everyday basis so getting in there is sometimes a bit scary...

Is it possible to run a different cert for just the Activesync process?

LVL 76

Accepted Solution

Alan Hardisty earned 2000 total points
ID: 35002330
The Blackberries don't use SSL certs as they don't use Activesync - the iPhones / and RPC over HTTPS clients would be affected.

You can't have separate certs as the cert is installed on the Default Website - and everything hangs off that site and it can only have one cert.

Might be time to upgrade the Treo for an iPhone / Blackberry.

Author Comment

ID: 35002365
That's what I was thinking...

I think I'll make a call to Comodo and see if they can re-issue a cert that will work...but I expect they can't.

Otherwise it may be time for different phones - fortunately I have several.

LVL 76

Expert Comment

by:Alan Hardisty
ID: 35002389
Not sure if this will work - but you might be able to install the Root Certificate for Comodo on the Treo which might get around the problem.


Author Comment

ID: 35002627
I'll give that a go...

Otherwise we decided to ditch the Treo's for some BB "Tours" we have extra.

LVL 76

Expert Comment

by:Alan Hardisty
ID: 35002647
: )  At least the keyboard stays pretty much the same between the Treo and BB.

Author Closing Comment

ID: 35020075
I ended up taking the easy way out with this issue.  The Treo's were abandoned in favor of some Blackberries that I had laying around.  I did try installing the cert on the Treo but that also failed to fix the problem.

So...as far as I can tell there is no solid solution other than retiring the old phones.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question