ActiveSync not working exchange 2010

Recently migrated from SBS2003 to Exchange 2010 and have already moved everything over and severed the sbs2003 connections.  Mail is flowing and I can remotely access OWA.

However, cannot connect mobile devices.  Owner has decided to not purchase a commerical cert and has created a self signed cert.  The Remote Connectivity Analyser connects successfuly if you turn off the Ignore Trust for SSL.

The clients all say unable to verify account information.  

Any help is appreciated
Who is Participating?
A commercial cert is really required. Mobile devices and Outlook Anywhere especially have issues without a properly signed certificate, even if you've done everything right.

This should not be considered an optional part of your deployment.

Get one of these, the Multiple Domains UCC cert at $59.99/year for 5 domain names.

Considering how much money the owner must have just spent on licensing and server costs, it's a drop in the bucket, and if it saves more than an hour or two of your time it has already paid for itself.
red_75116Author Commented:
I will try to get him to agree.  One question he will ask is why this worked with no issues on SBS2003 and no on Exchange 2010?

Did something change in the way this worked or just lucky?
Simon Butler (Sembee)ConsultantCommented:
The self signed certificate is not supported with use for ActiveSync.

Therefore to be supported you need a trusted SSL certificate. As already pointed out, a $60 certificate will stop a lot of headaches - getting it to work reliably with a self signed certiifcate is rarely worth the hassle. Like Linux - free at the point of delivery, but it is a far from free OS to get it working properly.

SSL certificates were not as tightly integrated on Exchange 2003 as they are on 2010. On 2007 and higher the whole product is based on web services. You got it working on SBS 2003, I would say you were lucky to do so easily. Even on that version I refused to use self signed certificates because of the headaches involved.

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Simon Butler (Sembee)ConsultantCommented:

What is the problem with GoDaddy reseller accounts?

It is no different to posting a link to GoDaddy themselves, you may as well ban those too.
How are you going to tell whether a site is GoDaddy reseller or not? I am aware of a number of them that have been so heavily skinned that you wouldn't know until the checkout.

Are you going to ban links to RapidSSL, Comodo and Verisign reseller accounts as well?

red_75116Author Commented:
Thanks for the solution and the justification / explanation from 2003 to 2010.  UCC cert solved all the issues.

@alanhardisty - I wasn't aware that CertificatesForExchange was actually a GoDaddy Reseller.

But I too don't really understand why this link wouldn't be allowed.

I can understand that posting affiliate or referral links that collects revenue from commissions or ads, that those wouldn't be allowed, sure.

But often a reseller has a different pricing structure, or offers other value added services that are preferable.

- CertificatesForExchange's UCC certificate is $59.99/year
-'s website lists the exact same product for $77.59/year

Why shouldn't I be able to recommend the cheapest certificate available that I've personally used and had success with to others on EE? I don't see the negative.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.