cannot connect mobile phone to windows 2003 sbs/exchange 2003 to pickup emails

hi, I have a few phones that I would like to pickup emails on. we have a windows 2003 sbs running exchange 2003.
I get from the MS test connectivity site

Host name mail.domain.co.uk doesn't match any name found on the server certificate CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

windows phone reports
we're having problems connecting to mail.domain.co.uk
error code 80072FA8

we do not use a paid for SSL. And ideally would like to stay away from that on this server.
total123Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
LeeDerbyshireConnect With a Mentor Commented:
You're quite right - it doesn't actually require certs. No version of Exchange actually requires them, in the sense that the SSL requirement can still be unchecked in IIS. It's just that SSL being required has become the default setting over the last decade, since people have become more security-conscious. If you're happy to see if your ActiveSync will work without SSL, then see if you can find the Microsoft-Server-ActiveSync VDir in IIS, and uncheck the Require SSL checkbox.
0
 
Miguel Angel Perez MuñozCommented:
You need to install a SSL certificate in order to get this working using active sync, or you can enable IMAP and use IMAP as mail protocol:http://searchexchange.techtarget.com/tip/How-to-set-up-an-SSL-certificate-to-encrypt-OWA-and-ActiveSync-traffic
http://www.petri.co.il/how-to-enable-imap-access-to-exchange-mailboxes.htm
0
 
Simon Butler (Sembee)ConsultantCommented:
Windows Mobile has a huge problem with self signed certificates. It does not like them one bit.
You should switch to a trusted certificate, as this is SBS 2003, you can use a standard single name SSL certificate, which you can pick up for $10/year if you look around.

Saying that though, with SBS 2003, you are going to have a lot of problems with modern ActiveSync devices because of its age. An upgrade of SBS is the only option to get something reliable.

Simon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LeeDerbyshireCommented:
At this stage, it only seems to be complaining that

mail.domain.co.uk

doesn't match any name found on the server certificate

CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

It may help to add the name to the certificate (although I've no idea how you would do that - I didn't even know you could have more than one host name for a certificate). Or issue a new one in the name mail.domain.co.uk .

Of course, it might then complain that it doesn't recognise the issuer. But if you really do have a good reason to avoid buying a certificate for this server, it may be worth trying the new certificate name first.
0
 
total123Author Commented:
exchange 2003 has never required ssl certs. I've support dozens on exchange 2003 servers with out ever having the cert. but I will except that exchange 2007 upwards does require one.
this is why I don't want to use one on 2003.

thanks for the ideas
0
 
Larry Struckmeyer MVPCommented:
Host name mail.domain.co.uk doesn't match any name found on the server certificate CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

So when you ran the CEICW to generate a self signed cert, what did you put into the certificate field in the wizard?  And is there a public DNS MX record for that name?
0
 
total123Author Commented:
CEICW would have been run 6 years ago when it was installed, it's not been run since.

there is a public DNS for mail.domain.co.uk
0
 
Larry Struckmeyer MVPCommented:
Then run it far enough to see the cert name and let us know.  You can just step through it and cancel once you see the cert name.
0
 
total123Author Commented:
hi, sorry for the delay. SSL cert unchecked doesn't work
0
 
LeeDerbyshireCommented:
Have you tried configuring the device to not use SSL? If the device is still configured to use SSL (either because the server address starts with https, or there is a 'use secure channel' checkbox somewhere in the config pages), then it will still try to use SSL even if it's not required at the server end.
0
 
total123Author Commented:
would the microsoft active sync test not work with exchange any more maybe ?


as the webmail access is

http://mail.mydomain.co.uk/exchange
rather than /owa
0
 
LeeDerbyshireCommented:
You don't enter the OWA URL when configuring ActiveSync - just the basic server address. A/S doesn't have anything to do with OWA - it has its own directory https://mail.domain.com/Microsoft-Server-ActiveSync . Although you are never required to actually enter it in that full form.
0
 
total123Author Commented:
it seems that my android phones works when ssl is unticked, but ssl ticked doesn't work.
which would be fine if the blackberry device allowed me to untick ssl.
0
 
Larry Struckmeyer MVPConnect With a Mentor Commented:
You can purchase a ssl cert from www.ssls.com for 4.95 per year.  It has to be ordered from IIS, not the SBS wizard, and then exported from IIS and imported in the wizard, but it works.  For a higher price you can use enom or Go Daddy or others of your choice.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.