ActiveSync not working exchange 2010

Recently migrated from SBS2003 to Exchange 2010 and have already moved everything over and severed the sbs2003 connections.  Mail is flowing and I can remotely access OWA.

However, cannot connect mobile devices.  Owner has decided to not purchase a commerical cert and has created a self signed cert.  The Remote Connectivity Analyser connects successfuly if you turn off the Ignore Trust for SSL.

The clients all say unable to verify account information.  

Any help is appreciated
red_75116Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Frosty555Commented:
A commercial cert is really required. Mobile devices and Outlook Anywhere especially have issues without a properly signed certificate, even if you've done everything right.

This should not be considered an optional part of your deployment.

Get one of these, the Multiple Domains UCC cert at $59.99/year for 5 domain names.

https://www.securepaynet.net/ssl/ssl-certificates.aspx?ci=53341&prog_id=417826

Considering how much money the owner must have just spent on licensing and server costs, it's a drop in the bucket, and if it saves more than an hour or two of your time it has already paid for itself.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
red_75116Author Commented:
I will try to get him to agree.  One question he will ask is why this worked with no issues on SBS2003 and no on Exchange 2010?

Did something change in the way this worked or just lucky?
Simon Butler (Sembee)ConsultantCommented:
The self signed certificate is not supported with use for ActiveSync.

Therefore to be supported you need a trusted SSL certificate. As already pointed out, a $60 certificate will stop a lot of headaches - getting it to work reliably with a self signed certiifcate is rarely worth the hassle. Like Linux - free at the point of delivery, but it is a far from free OS to get it working properly.

SSL certificates were not as tightly integrated on Exchange 2003 as they are on 2010. On 2007 and higher the whole product is based on web services. You got it working on SBS 2003, I would say you were lucky to do so easily. Even on that version I refused to use self signed certificates because of the headaches involved.

Simon.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Simon Butler (Sembee)ConsultantCommented:
@alanhardisty

What is the problem with GoDaddy reseller accounts?

It is no different to posting a link to GoDaddy themselves, you may as well ban those too.
How are you going to tell whether a site is GoDaddy reseller or not? I am aware of a number of them that have been so heavily skinned that you wouldn't know until the checkout.

Are you going to ban links to RapidSSL, Comodo and Verisign reseller accounts as well?

Simon.
red_75116Author Commented:
Thanks for the solution and the justification / explanation from 2003 to 2010.  UCC cert solved all the issues.

Thanks!
Frosty555Commented:
@alanhardisty - I wasn't aware that CertificatesForExchange was actually a GoDaddy Reseller.

But I too don't really understand why this link wouldn't be allowed.

I can understand that posting affiliate or referral links that collects revenue from commissions or ads, that those wouldn't be allowed, sure.

But often a reseller has a different pricing structure, or offers other value added services that are preferable.

- CertificatesForExchange's UCC certificate is $59.99/year
- GoDaddy.com's website lists the exact same product for $77.59/year

Why shouldn't I be able to recommend the cheapest certificate available that I've personally used and had success with to others on EE? I don't see the negative.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.