[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 861
  • Last Modified:

Android Exchange Sync with SBS 2011

CCertsWe just migrated to Exchange 2011, everything is working fine except email sync to cell phones.

I purchased a UCC certificate from GoDaddy, dns names webmail.company.com, owa.company.com and autodiscover.company.com, as well as company.com.  Went through the complete certificate wizard, assigned the IIS service to the cert. Also installed the intermediate cert that came with it.

One thing I did notice is in EMC, Server Configuration-Client Access-Exchange Certificates, there are alot of pending requests.  When I try to use the complete certificate wizard and point the cert given from GoDaddy, it says it's already installed, which is correct.  But I'm not sure where the certs for all of those are?

Please see screenshot.  Originally a turbo ssl was purchased, which I revoked and bought a UCC certificate.  

Thank you!
0
cas_three
Asked:
cas_three
  • 4
  • 2
1 Solution
 
Cris HannaCommented:
SBS 2011 doesn't do a great job of handling UCC certs
So first, I don't see a "remote.domain.com" here.   when you ran the "setup your internet address" wizard, did you click on the "Advanced" link under the text box where you entered your domain name and change "remote" to "webmail"?

Did you attemp to install the cert using the Install Trusted Cert wizard?
0
 
cas_threeAuthor Commented:
I actually did a rekey on the UCC cert and added remote.domain.com.  So now there is webmail, owa, autodiscover and remote, all domain.com in the UCC cert.

I went through and changed everything from remote.domain.com to webmail.domain.com.

Also, when I try to browse to the Microsoft ActiveSync directory in IIS7, I get the certificate warning and have to click Continue, so the cert is definitely not somewhere it needs to be.

however, when I select the domain in IIS and go to Server Certificates, I see the GoDaddy UCC cert with all the relevant domains listed above?

I'm so confused!!!  SBS is nice and all, but for this, it sucks haha!
0
 
cas_threeAuthor Commented:
Also, the certificate is already installed.  Under Network-Connectivity in the SBS consoles it's trusted. I viewed the certificate and it has all the correct SANs on it.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Cris HannaCommented:
Again, I'll reiterate what I already said...
SBS doesn't play nicely with UCC certs nor are they required for SBS.    A single domain cert for remote.domainname.com is all that's required (it can actually be anything.domainname.com, but you have to make the change on the advanced. section during the "setup your internet address" wizard.

So which do you want to use?   webmail or remote for accessing SBS remotely and for the MX record?
0
 
cas_threeAuthor Commented:
webmail, they already have an mx record pointing to webmail.

This was a migration from SBS2003, no external ip's or names have changed.

And whenn running through the setup your internet address wizard, it kept changing my static ip address, which was not a good thing as it would bring everyone down.
0
 
cas_threeAuthor Commented:
What the problem was i was missing servername.domainname.local on the ucc cert.

Once I created a new requested and rekeyed, it's working.

Thank you
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now