• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 867
  • Last Modified:

Android Exchange Sync with SBS 2011

CCertsWe just migrated to Exchange 2011, everything is working fine except email sync to cell phones.

I purchased a UCC certificate from GoDaddy, dns names webmail.company.com, owa.company.com and autodiscover.company.com, as well as company.com.  Went through the complete certificate wizard, assigned the IIS service to the cert. Also installed the intermediate cert that came with it.

One thing I did notice is in EMC, Server Configuration-Client Access-Exchange Certificates, there are alot of pending requests.  When I try to use the complete certificate wizard and point the cert given from GoDaddy, it says it's already installed, which is correct.  But I'm not sure where the certs for all of those are?

Please see screenshot.  Originally a turbo ssl was purchased, which I revoked and bought a UCC certificate.  

Thank you!
0
cas_three
Asked:
cas_three
  • 4
  • 2
1 Solution
 
Cris HannaCommented:
SBS 2011 doesn't do a great job of handling UCC certs
So first, I don't see a "remote.domain.com" here.   when you ran the "setup your internet address" wizard, did you click on the "Advanced" link under the text box where you entered your domain name and change "remote" to "webmail"?

Did you attemp to install the cert using the Install Trusted Cert wizard?
0
 
cas_threeAuthor Commented:
I actually did a rekey on the UCC cert and added remote.domain.com.  So now there is webmail, owa, autodiscover and remote, all domain.com in the UCC cert.

I went through and changed everything from remote.domain.com to webmail.domain.com.

Also, when I try to browse to the Microsoft ActiveSync directory in IIS7, I get the certificate warning and have to click Continue, so the cert is definitely not somewhere it needs to be.

however, when I select the domain in IIS and go to Server Certificates, I see the GoDaddy UCC cert with all the relevant domains listed above?

I'm so confused!!!  SBS is nice and all, but for this, it sucks haha!
0
 
cas_threeAuthor Commented:
Also, the certificate is already installed.  Under Network-Connectivity in the SBS consoles it's trusted. I viewed the certificate and it has all the correct SANs on it.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Cris HannaCommented:
Again, I'll reiterate what I already said...
SBS doesn't play nicely with UCC certs nor are they required for SBS.    A single domain cert for remote.domainname.com is all that's required (it can actually be anything.domainname.com, but you have to make the change on the advanced. section during the "setup your internet address" wizard.

So which do you want to use?   webmail or remote for accessing SBS remotely and for the MX record?
0
 
cas_threeAuthor Commented:
webmail, they already have an mx record pointing to webmail.

This was a migration from SBS2003, no external ip's or names have changed.

And whenn running through the setup your internet address wizard, it kept changing my static ip address, which was not a good thing as it would bring everyone down.
0
 
cas_threeAuthor Commented:
What the problem was i was missing servername.domainname.local on the ucc cert.

Once I created a new requested and rekeyed, it's working.

Thank you
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now