Link to home
Create AccountLog in
Avatar of Lisaa_G
Lisaa_GFlag for Canada

asked on

Activesync connection issues post server migration

Nearly at the end of a long and somewhat painful migration from SBS 2003 to Server 2008 with Exchange 2010.  Both servers are still online but mailboxes have been moved to the new server and all Exchange services disabled on the old server.  Mail is moving fine in and out of the office but we are having some issues getting iPhones synched to the Exchange server.

Using Microsoft's Remote Connectivity Analyzer and testing for Exchange Activesync yields the following which seems to indicate that the SSL certificate from the old server is being picked up.  (I've modified the names for privacy).  

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.ourdomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.ourdomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.galarneauassoc.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=mail.ourdomain.com, CN=companyweb, CN=gals1, CN=localhost, CN=sbs2003.ourdomain.com, Issuer: CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       Host name mail.ourdomain.com was found in the Certificate Subject Common name.
      Validating certificate trust for Windows Mobile devices.
       Certificate trust validation failed.
       
      Test Steps
       
      ExRCA is attempting to build certificate chains for certificate CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
       A certificate chain couldn't be constructed for the certificate.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain didn't end in a trusted root. Root = CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com

How do I get the activesync to detect / acknowledge the certificate from our 2008 server?  Should I be purchasing and installing a certificate from a certificate authority ( will this make my issues go away?)
Avatar of Postmaster
Postmaster
Flag of Australia image

does the external URL lead to a 2010 CAS server?
Do you have a UC certificate install  on the CAS server with the following domains.


CASservername.domain.com
autodiscover.domain.com
webmail.domain.com

Is the CAS server configured  properly for all the virtual directories. Has firewall changes been done  so that any traffic for webmail gets forwarded to exchange 2010 CAS server
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Lisaa_G

ASKER

Sorry for the delay getting back to you - ended up with a few other minor problems that needed to be addressed but this solved the problem.

Thank you!!!!