ActiveSync works internally, but not externally.

binumicrosoft
binumicrosoft used Ask the Experts™
on
Hello Friends,

ActiveSync, which works internally, but not externally.

We are using exchange 2010 SP2 and Exchange Certificate is our internal root CA.

When I have test the Activesync using https://www.testexchangeconnectivity.com , getting error: " 

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mob.domain.com.
A certificate chain couldn't be constructed for the certificate."

Please advice me to resolve/ work activesync from externally aswell.
 






Additional Details

The certificate chain couldn't be built. You may be missing required intermediate certificates.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Co-Owner
Top Expert 2011
Commented:
To make Activesync work externally, buy a 3rd party SSL certificate with at least the following names included in the cert:

autodiscover.yourdomain.com
mail.yourdomain.com (or whatever you prefer to use)

Then when it is installed and enabled, Activesync should work.

Author

Commented:
So you mean we can not use internal CA for activeSync from externally? or any other option to use internal as well?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
The name on the certificate must be resolvable externally to the Public IP Address of your server.  Does it?

If it doesn't I would suggest buying one that does and then it will work happily.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Commented:
You can use internal CA for ActiveSync certificate, but you need to allow not trusted certificates in activesync configuration on your mobile devices.

Do you have any other errors when checking with https://www.testexchangeconnectivity.com/
?
Try to enable "Ignore Trust for SSL" when checking ActiveSync.

Martin

Author

Commented:
We have installed 3rd party Exchange Certificate and the problem got resolved.

Thanks everyone!!
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Excellent - don't forget to close the question down selecting the comment or comments that helped you solve the question.

Alan

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial