Solved

Android Exchange Sync with SBS 2011

Posted on 2012-04-10
6
838 Views
Last Modified: 2012-04-11
CCertsWe just migrated to Exchange 2011, everything is working fine except email sync to cell phones.

I purchased a UCC certificate from GoDaddy, dns names webmail.company.com, owa.company.com and autodiscover.company.com, as well as company.com.  Went through the complete certificate wizard, assigned the IIS service to the cert. Also installed the intermediate cert that came with it.

One thing I did notice is in EMC, Server Configuration-Client Access-Exchange Certificates, there are alot of pending requests.  When I try to use the complete certificate wizard and point the cert given from GoDaddy, it says it's already installed, which is correct.  But I'm not sure where the certs for all of those are?

Please see screenshot.  Originally a turbo ssl was purchased, which I revoked and bought a UCC certificate.  

Thank you!
0
Comment
Question by:cas_three
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 500 total points
ID: 37830851
SBS 2011 doesn't do a great job of handling UCC certs
So first, I don't see a "remote.domain.com" here.   when you ran the "setup your internet address" wizard, did you click on the "Advanced" link under the text box where you entered your domain name and change "remote" to "webmail"?

Did you attemp to install the cert using the Install Trusted Cert wizard?
0
 

Author Comment

by:cas_three
ID: 37832679
I actually did a rekey on the UCC cert and added remote.domain.com.  So now there is webmail, owa, autodiscover and remote, all domain.com in the UCC cert.

I went through and changed everything from remote.domain.com to webmail.domain.com.

Also, when I try to browse to the Microsoft ActiveSync directory in IIS7, I get the certificate warning and have to click Continue, so the cert is definitely not somewhere it needs to be.

however, when I select the domain in IIS and go to Server Certificates, I see the GoDaddy UCC cert with all the relevant domains listed above?

I'm so confused!!!  SBS is nice and all, but for this, it sucks haha!
0
 

Author Comment

by:cas_three
ID: 37832724
Also, the certificate is already installed.  Under Network-Connectivity in the SBS consoles it's trusted. I viewed the certificate and it has all the correct SANs on it.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37832769
Again, I'll reiterate what I already said...
SBS doesn't play nicely with UCC certs nor are they required for SBS.    A single domain cert for remote.domainname.com is all that's required (it can actually be anything.domainname.com, but you have to make the change on the advanced. section during the "setup your internet address" wizard.

So which do you want to use?   webmail or remote for accessing SBS remotely and for the MX record?
0
 

Author Comment

by:cas_three
ID: 37832876
webmail, they already have an mx record pointing to webmail.

This was a migration from SBS2003, no external ip's or names have changed.

And whenn running through the setup your internet address wizard, it kept changing my static ip address, which was not a good thing as it would bring everyone down.
0
 

Author Comment

by:cas_three
ID: 37833599
What the problem was i was missing servername.domainname.local on the ucc cert.

Once I created a new requested and rekeyed, it's working.

Thank you
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question