Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ActiveSync works internally, but not externally.

Posted on 2012-12-20
8
Medium Priority
?
1,167 Views
Last Modified: 2013-02-03
Hello Friends,

ActiveSync, which works internally, but not externally.

We are using exchange 2010 SP2 and Exchange Certificate is our internal root CA.

When I have test the Activesync using https://www.testexchangeconnectivity.com , getting error: " 

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mob.domain.com.
A certificate chain couldn't be constructed for the certificate."

Please advice me to resolve/ work activesync from externally aswell.
 






Additional Details

The certificate chain couldn't be built. You may be missing required intermediate certificates.
0
Comment
Question by:binumicrosoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 38711120
To make Activesync work externally, buy a 3rd party SSL certificate with at least the following names included in the cert:

autodiscover.yourdomain.com
mail.yourdomain.com (or whatever you prefer to use)

Then when it is installed and enabled, Activesync should work.
0
 
LVL 3

Author Comment

by:binumicrosoft
ID: 38711248
So you mean we can not use internal CA for activeSync from externally? or any other option to use internal as well?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38711462
The name on the certificate must be resolvable externally to the Public IP Address of your server.  Does it?

If it doesn't I would suggest buying one that does and then it will work happily.
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 2

Expert Comment

by:matyke
ID: 38717197
You can use internal CA for ActiveSync certificate, but you need to allow not trusted certificates in activesync configuration on your mobile devices.

Do you have any other errors when checking with https://www.testexchangeconnectivity.com/
?
Try to enable "Ignore Trust for SSL" when checking ActiveSync.

Martin
0
 
LVL 3

Author Comment

by:binumicrosoft
ID: 38722098
We have installed 3rd party Exchange Certificate and the problem got resolved.

Thanks everyone!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38722236
Excellent - don't forget to close the question down selecting the comment or comments that helped you solve the question.

Alan
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question