Solved

cannot connect mobile phone to windows 2003 sbs/exchange 2003 to pickup emails

Posted on 2014-02-14
14
580 Views
Last Modified: 2014-11-12
hi, I have a few phones that I would like to pickup emails on. we have a windows 2003 sbs running exchange 2003.
I get from the MS test connectivity site

Host name mail.domain.co.uk doesn't match any name found on the server certificate CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

windows phone reports
we're having problems connecting to mail.domain.co.uk
error code 80072FA8

we do not use a paid for SSL. And ideally would like to stay away from that on this server.
0
Comment
Question by:total123
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39858614
You need to install a SSL certificate in order to get this working using active sync, or you can enable IMAP and use IMAP as mail protocol:http://searchexchange.techtarget.com/tip/How-to-set-up-an-SSL-certificate-to-encrypt-OWA-and-ActiveSync-traffic
http://www.petri.co.il/how-to-enable-imap-access-to-exchange-mailboxes.htm
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39858620
Windows Mobile has a huge problem with self signed certificates. It does not like them one bit.
You should switch to a trusted certificate, as this is SBS 2003, you can use a standard single name SSL certificate, which you can pick up for $10/year if you look around.

Saying that though, with SBS 2003, you are going to have a lot of problems with modern ActiveSync devices because of its age. An upgrade of SBS is the only option to get something reliable.

Simon.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39858691
At this stage, it only seems to be complaining that

mail.domain.co.uk

doesn't match any name found on the server certificate

CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

It may help to add the name to the certificate (although I've no idea how you would do that - I didn't even know you could have more than one host name for a certificate). Or issue a new one in the name mail.domain.co.uk .

Of course, it might then complain that it doesn't recognise the issuer. But if you really do have a good reason to avoid buying a certificate for this server, it may be worth trying the new certificate name first.
0
 

Author Comment

by:total123
ID: 39858702
exchange 2003 has never required ssl certs. I've support dozens on exchange 2003 servers with out ever having the cert. but I will except that exchange 2007 upwards does require one.
this is why I don't want to use one on 2003.

thanks for the ideas
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39858756
Host name mail.domain.co.uk doesn't match any name found on the server certificate CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

So when you ran the CEICW to generate a self signed cert, what did you put into the certificate field in the wizard?  And is there a public DNS MX record for that name?
0
 

Author Comment

by:total123
ID: 39858772
CEICW would have been run 6 years ago when it was installed, it's not been run since.

there is a public DNS for mail.domain.co.uk
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39860637
Then run it far enough to see the cert name and let us know.  You can just step through it and cancel once you see the cert name.
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 250 total points
ID: 39860807
You're quite right - it doesn't actually require certs. No version of Exchange actually requires them, in the sense that the SSL requirement can still be unchecked in IIS. It's just that SSL being required has become the default setting over the last decade, since people have become more security-conscious. If you're happy to see if your ActiveSync will work without SSL, then see if you can find the Microsoft-Server-ActiveSync VDir in IIS, and uncheck the Require SSL checkbox.
0
 

Author Comment

by:total123
ID: 39867681
hi, sorry for the delay. SSL cert unchecked doesn't work
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39869984
Have you tried configuring the device to not use SSL? If the device is still configured to use SSL (either because the server address starts with https, or there is a 'use secure channel' checkbox somewhere in the config pages), then it will still try to use SSL even if it's not required at the server end.
0
 

Author Comment

by:total123
ID: 39870011
would the microsoft active sync test not work with exchange any more maybe ?


as the webmail access is

http://mail.mydomain.co.uk/exchange
rather than /owa
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39872951
You don't enter the OWA URL when configuring ActiveSync - just the basic server address. A/S doesn't have anything to do with OWA - it has its own directory https://mail.domain.com/Microsoft-Server-ActiveSync . Although you are never required to actually enter it in that full form.
0
 

Author Comment

by:total123
ID: 39876098
it seems that my android phones works when ssl is unticked, but ssl ticked doesn't work.
which would be fine if the blackberry device allowed me to untick ssl.
0
 
LVL 21

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 250 total points
ID: 39876537
You can purchase a ssl cert from www.ssls.com for 4.95 per year.  It has to be ordered from IIS, not the SBS wizard, and then exported from IIS and imported in the wizard, but it works.  For a higher price you can use enom or Go Daddy or others of your choice.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now