Activesync connection issues post server migration
Posted on 2013-05-20
Nearly at the end of a long and somewhat painful migration from SBS 2003 to Server 2008 with Exchange 2010. Both servers are still online but mailboxes have been moved to the new server and all Exchange services disabled on the old server. Mail is moving fine in and out of the office but we are having some issues getting iPhones synched to the Exchange server.
Using Microsoft's Remote Connectivity Analyzer and testing for Exchange Activesync yields the following which seems to indicate that the SSL certificate from the old server is being picked up. (I've modified the names for privacy).
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Attempting to resolve the host name mail.ourdomain.com in DNS.
The host name resolved successfully.
Testing TCP port 443 on host mail.ourdomain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
ExRCA is attempting to obtain the SSL certificate from remote server mail.galarneauassoc.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Remote Certificate Subject: CN=mail.ourdomain.com, CN=companyweb, CN=gals1, CN=localhost, CN=sbs2003.ourdomain.com, Issuer: CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
Validating the certificate name.
The certificate name was validated successfully.
Host name mail.ourdomain.com was found in the Certificate Subject Common name.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.
ExRCA is attempting to build certificate chains for certificate CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com.
A certificate chain couldn't be constructed for the certificate.
Tell me more about this issue and how to resolve it
The certificate chain didn't end in a trusted root. Root = CN=mail.ourdomain.com, CN=companyweb, CN=sbs2003, CN=localhost, CN=sbs2003.ourdomain.com
How do I get the activesync to detect / acknowledge the certificate from our 2008 server? Should I be purchasing and installing a certificate from a certificate authority ( will this make my issues go away?)