?
Solved

Activesync connection issues post server migration

Posted on 2013-05-20
4
Medium Priority
?
594 Views
Last Modified: 2013-06-09
Nearly at the end of a long and somewhat painful migration from SBS 2003 to Server 2008 with Exchange 2010.  Both servers are still online but mailboxes have been moved to the new server and all Exchange services disabled on the old server.  Mail is moving fine in and out of the office but we are having some issues getting iPhones synched to the Exchange server.

Using Microsoft's Remote Connectivity Analyzer and testing for Exchange Activesync yields the following which seems to indicate that the SSL certificate from the old server is being picked up.  (I've modified the names for privacy).  

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.ourdomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.ourdomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.galarneauassoc.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=mail.ourdomain.com, CN=companyweb, CN=gals1, CN=localhost, CN=sbs2003.ourdomain.com, Issuer: CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       Host name mail.ourdomain.com was found in the Certificate Subject Common name.
      Validating certificate trust for Windows Mobile devices.
       Certificate trust validation failed.
       
      Test Steps
       
      ExRCA is attempting to build certificate chains for certificate CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
       A certificate chain couldn't be constructed for the certificate.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain didn't end in a trusted root. Root = CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com

How do I get the activesync to detect / acknowledge the certificate from our 2008 server?  Should I be purchasing and installing a certificate from a certificate authority ( will this make my issues go away?)
0
Comment
Question by:Lisaa_G
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Expert Comment

by:Postmaster
ID: 39183334
does the external URL lead to a 2010 CAS server?
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 39183484
Do you have a UC certificate install  on the CAS server with the following domains.


CASservername.domain.com
autodiscover.domain.com
webmail.domain.com

Is the CAS server configured  properly for all the virtual directories. Has firewall changes been done  so that any traffic for webmail gets forwarded to exchange 2010 CAS server
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 39183524
I always install a 3rd party SSL certificate for my installations and as soon as I do, Activesync works immediately afterwards.

Your problem is the self-issued SSL certificate isn't trusted and a 3rd party cert will cure that problem.

A GoDaddy SSL cert will cost you about $90 for a year for a SAN cert or a GoDaddy reseller cert will cost you $60, so the cost is minimal and it means it will work.

Alan
0
 

Author Closing Comment

by:Lisaa_G
ID: 39233306
Sorry for the delay getting back to you - ended up with a few other minor problems that needed to be addressed but this solved the problem.

Thank you!!!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question