Solved

Activesync connection issues post server migration

Posted on 2013-05-20
4
579 Views
Last Modified: 2013-06-09
Nearly at the end of a long and somewhat painful migration from SBS 2003 to Server 2008 with Exchange 2010.  Both servers are still online but mailboxes have been moved to the new server and all Exchange services disabled on the old server.  Mail is moving fine in and out of the office but we are having some issues getting iPhones synched to the Exchange server.

Using Microsoft's Remote Connectivity Analyzer and testing for Exchange Activesync yields the following which seems to indicate that the SSL certificate from the old server is being picked up.  (I've modified the names for privacy).  

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.ourdomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.ourdomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.galarneauassoc.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=mail.ourdomain.com, CN=companyweb, CN=gals1, CN=localhost, CN=sbs2003.ourdomain.com, Issuer: CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       Host name mail.ourdomain.com was found in the Certificate Subject Common name.
      Validating certificate trust for Windows Mobile devices.
       Certificate trust validation failed.
       
      Test Steps
       
      ExRCA is attempting to build certificate chains for certificate CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
       A certificate chain couldn't be constructed for the certificate.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain didn't end in a trusted root. Root = CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com

How do I get the activesync to detect / acknowledge the certificate from our 2008 server?  Should I be purchasing and installing a certificate from a certificate authority ( will this make my issues go away?)
0
Comment
Question by:Lisaa_G
4 Comments
 
LVL 16

Expert Comment

by:Postmaster
ID: 39183334
does the external URL lead to a 2010 CAS server?
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 39183484
Do you have a UC certificate install  on the CAS server with the following domains.


CASservername.domain.com
autodiscover.domain.com
webmail.domain.com

Is the CAS server configured  properly for all the virtual directories. Has firewall changes been done  so that any traffic for webmail gets forwarded to exchange 2010 CAS server
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39183524
I always install a 3rd party SSL certificate for my installations and as soon as I do, Activesync works immediately afterwards.

Your problem is the self-issued SSL certificate isn't trusted and a 3rd party cert will cure that problem.

A GoDaddy SSL cert will cost you about $90 for a year for a SAN cert or a GoDaddy reseller cert will cost you $60, so the cost is minimal and it means it will work.

Alan
0
 

Author Closing Comment

by:Lisaa_G
ID: 39233306
Sorry for the delay getting back to you - ended up with a few other minor problems that needed to be addressed but this solved the problem.

Thank you!!!!
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now