Avatar of binumicrosoft
binumicrosoft
Flag for United States of America asked on

ActiveSync works internally, but not externally.

Hello Friends,

ActiveSync, which works internally, but not externally.

We are using exchange 2010 SP2 and Exchange Certificate is our internal root CA.

When I have test the Activesync using https://www.testexchangeconnectivity.com , getting error: " 

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mob.domain.com.
A certificate chain couldn't be constructed for the certificate."

Please advice me to resolve/ work activesync from externally aswell.
 






Additional Details

The certificate chain couldn't be built. You may be missing required intermediate certificates.
ExchangeEmail ServersWeb Servers

Avatar of undefined
Last Comment
Alan Hardisty

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Alan Hardisty

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
binumicrosoft

ASKER
So you mean we can not use internal CA for activeSync from externally? or any other option to use internal as well?
Alan Hardisty

The name on the certificate must be resolvable externally to the Public IP Address of your server.  Does it?

If it doesn't I would suggest buying one that does and then it will work happily.
matyke

You can use internal CA for ActiveSync certificate, but you need to allow not trusted certificates in activesync configuration on your mobile devices.

Do you have any other errors when checking with https://www.testexchangeconnectivity.com/
?
Try to enable "Ignore Trust for SSL" when checking ActiveSync.

Martin
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
binumicrosoft

ASKER
We have installed 3rd party Exchange Certificate and the problem got resolved.

Thanks everyone!!
Alan Hardisty

Excellent - don't forget to close the question down selecting the comment or comments that helped you solve the question.

Alan