Link to home
Start Free TrialLog in
Avatar of netrescue
netrescueFlag for Trinidad and Tobago

asked on

Exchange active sync not working

i have an Exchange 2007 server. it recently had an expired certificate.
i have successfully replaced the certificate by acquiring a new one from AIO Network Solutions and importing it and enabling all services (SMTP, IIS, POP, IMAP, UM) via the command prompt.
everything is working except mail on phones that use active sync. (primarily htc phones)

any ideas what could be the issue?
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Based on what you have said, not really.
Is the certificate trusted by the devices? The SSL provider I don't recongise, so they are probably a reseller for someone else.
Was the SSL certificate common name the same?

Run a test account through the Microsoft test site and see what it says. http://exrca.com/ 

Simon.
I'd bet that there's at least an intermediate certificate, and/or even a root certificate that isnt' installed properly on your CAS server..  Also, even if the chain is installed on the server properly, if the root isn't trusted on the mobile devices, it's not going to work..

Sometimes you can get some insight as to what's going on with the cert on the server by using a standard browser to hit the site..   open IE and go to
https://your-cas-server.domain.com/Microsoft-Server-ActiveSync

and even though activesync isn't going to work with a browser, as soon as it goes into "secure" mode on the browser, you should be able to click on the lock and see if the whole certificate chain is installed and valid.
Avatar of netrescue

ASKER

hey guys,
i ran the tests from https://www.testexchangeconnectivity.com/ and got the following results

 
ExRCA is testing Exchange ActiveSync.
      The Exchange ActiveSync test failed.
      
Test Steps
      
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
      Testing of Autodiscover for Exchange ActiveSync failed.
      
Test Steps
      
Attempting each method of contacting the Autodiscover service.
      The Autodiscover service couldn't be contacted successfully by any method.
      
Test Steps
      
Attempting to test potential Autodiscover URL https://toyota-trinidad.com/AutoDiscover/AutoDiscover.xml

      Testing of this potential Autodiscover URL failed.
      
Test Steps
      
Attempting to resolve the host name toyota-trinidad.com in DNS.
      The host name resolved successfully.
      
Additional Details
      IP addresses returned: 190.213.6.226

 
Testing TCP port 443 on host toyota-trinidad.com to ensure it's listening and open.
      The port was opened successfully.
 
Testing the SSL certificate to make sure it's valid.
      The SSL certificate failed one or more certificate validation checks.
      
Test Steps
      
ExRCA is attempting to obtain the SSL certificate from remote server toyota-trinidad.com on port 443.
      ExRCA successfully obtained the remote SSL certificate.
      
Additional Details
      Remote Certificate Subject: CN=tttl-utm1 VPN Certificate, O=tttl-utm1.toyota-trinidad.com.wmsmkf, Issuer: O=tttl-utm1.toyota-trinidad.com.wmsmkf.

 
Validating the certificate name.
      Certificate name validation failed.
       Tell me more about this issue and how to resolve it

      
Additional Details
      Host name toyota-trinidad.com doesn't match any name found on the server certificate CN=tttl-utm1 VPN Certificate, O=tttl-utm1.toyota-trinidad.com.wmsmkf.

 
Attempting to test potential Autodiscover URL https://autodiscover.toyota-trinidad.com/AutoDiscover/AutoDiscover.xml

      Testing of this potential Autodiscover URL failed.
      
Test Steps
      
Attempting to resolve the host name autodiscover.toyota-trinidad.com in DNS.
      The host name resolved successfully.
      
Additional Details
      IP addresses returned: 190.213.6.226

 
Testing TCP port 443 on host autodiscover.toyota-trinidad.com to ensure it's listening and open.
      The port was opened successfully.
 
Testing the SSL certificate to make sure it's valid.
      The SSL certificate failed one or more certificate validation checks.
      
Test Steps
      
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.toyota-trinidad.com on port 443.
      ExRCA successfully obtained the remote SSL certificate.
      
Additional Details
      Remote Certificate Subject: CN=tttl-utm1 VPN Certificate, O=tttl-utm1.toyota-trinidad.com.wmsmkf, Issuer: O=tttl-utm1.toyota-trinidad.com.wmsmkf.

 
Validating the certificate name.
      Certificate name validation failed.
       Tell me more about this issue and how to resolve it

      
Additional Details
      Host name autodiscover.toyota-trinidad.com doesn't match any name found on the server certificate CN=tttl-utm1 VPN Certificate, O=tttl-utm1.toyota-trinidad.com.wmsmkf.

Attempting to contact the Autodiscover service using the HTTP redirect method.
      The attempt to contact Autodiscover using the HTTP Redirect method failed.
      
Test Steps
      
Attempting to resolve the host name autodiscover.toyota-trinidad.com in DNS.
      The host name resolved successfully.
      
Additional Details
      IP addresses returned: 190.213.6.226

 
Testing TCP port 80 on host autodiscover.toyota-trinidad.com to ensure it's listening and open.
      The port was opened successfully.
 
ExRCA is checking the host autodiscover.toyota-trinidad.com for an HTTP redirect to the Autodiscover service.
      ExRCA failed to get an HTTP redirect response for Autodiscover.
      
Additional Details
      A Web exception occurred because an HTTP 404 - NotFound response was received from IIS7.

 
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
      ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
      
Test Steps
      
Attempting to locate SRV record _autodiscover._tcp.toyota-trinidad.com in DNS.
      The Autodiscover SRV record wasn't found in DNS.
       Tell me more about this issue and how to resolve it



please let me know if there is anything else i can provide.
ASKER CERTIFIED SOLUTION
Avatar of 172pilotSteve
172pilotSteve
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hey guys
I was able to resolve the issue.
it was that the alternative name in the certificate did not match what the old one had.
I realized I got 2 certificates from our certificate authority (AIO) and I installed the wrong one.
I imported and enabled the other certificate and all is well now.

thanks for the assistance.