Solved

cannot connect mobile phone to windows 2003 sbs/exchange 2003 to pickup emails

Posted on 2014-02-14
14
568 Views
Last Modified: 2014-11-12
hi, I have a few phones that I would like to pickup emails on. we have a windows 2003 sbs running exchange 2003.
I get from the MS test connectivity site

Host name mail.domain.co.uk doesn't match any name found on the server certificate CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

windows phone reports
we're having problems connecting to mail.domain.co.uk
error code 80072FA8

we do not use a paid for SSL. And ideally would like to stay away from that on this server.
0
Comment
Question by:total123
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39858614
You need to install a SSL certificate in order to get this working using active sync, or you can enable IMAP and use IMAP as mail protocol:http://searchexchange.techtarget.com/tip/How-to-set-up-an-SSL-certificate-to-encrypt-OWA-and-ActiveSync-traffic
http://www.petri.co.il/how-to-enable-imap-access-to-exchange-mailboxes.htm
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39858620
Windows Mobile has a huge problem with self signed certificates. It does not like them one bit.
You should switch to a trusted certificate, as this is SBS 2003, you can use a standard single name SSL certificate, which you can pick up for $10/year if you look around.

Saying that though, with SBS 2003, you are going to have a lot of problems with modern ActiveSync devices because of its age. An upgrade of SBS is the only option to get something reliable.

Simon.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39858691
At this stage, it only seems to be complaining that

mail.domain.co.uk

doesn't match any name found on the server certificate

CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

It may help to add the name to the certificate (although I've no idea how you would do that - I didn't even know you could have more than one host name for a certificate). Or issue a new one in the name mail.domain.co.uk .

Of course, it might then complain that it doesn't recognise the issuer. But if you really do have a good reason to avoid buying a certificate for this server, it may be worth trying the new certificate name first.
0
 

Author Comment

by:total123
ID: 39858702
exchange 2003 has never required ssl certs. I've support dozens on exchange 2003 servers with out ever having the cert. but I will except that exchange 2007 upwards does require one.
this is why I don't want to use one on 2003.

thanks for the ideas
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39858756
Host name mail.domain.co.uk doesn't match any name found on the server certificate CN=www.domain.co.uk, CN=companyweb, CN=2003SBS, CN=localhost, CN=2003SBS.mydomain.local

So when you ran the CEICW to generate a self signed cert, what did you put into the certificate field in the wizard?  And is there a public DNS MX record for that name?
0
 

Author Comment

by:total123
ID: 39858772
CEICW would have been run 6 years ago when it was installed, it's not been run since.

there is a public DNS for mail.domain.co.uk
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39860637
Then run it far enough to see the cert name and let us know.  You can just step through it and cancel once you see the cert name.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 250 total points
ID: 39860807
You're quite right - it doesn't actually require certs. No version of Exchange actually requires them, in the sense that the SSL requirement can still be unchecked in IIS. It's just that SSL being required has become the default setting over the last decade, since people have become more security-conscious. If you're happy to see if your ActiveSync will work without SSL, then see if you can find the Microsoft-Server-ActiveSync VDir in IIS, and uncheck the Require SSL checkbox.
0
 

Author Comment

by:total123
ID: 39867681
hi, sorry for the delay. SSL cert unchecked doesn't work
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39869984
Have you tried configuring the device to not use SSL? If the device is still configured to use SSL (either because the server address starts with https, or there is a 'use secure channel' checkbox somewhere in the config pages), then it will still try to use SSL even if it's not required at the server end.
0
 

Author Comment

by:total123
ID: 39870011
would the microsoft active sync test not work with exchange any more maybe ?


as the webmail access is

http://mail.mydomain.co.uk/exchange
rather than /owa
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39872951
You don't enter the OWA URL when configuring ActiveSync - just the basic server address. A/S doesn't have anything to do with OWA - it has its own directory https://mail.domain.com/Microsoft-Server-ActiveSync . Although you are never required to actually enter it in that full form.
0
 

Author Comment

by:total123
ID: 39876098
it seems that my android phones works when ssl is unticked, but ssl ticked doesn't work.
which would be fine if the blackberry device allowed me to untick ssl.
0
 
LVL 21

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 250 total points
ID: 39876537
You can purchase a ssl cert from www.ssls.com for 4.95 per year.  It has to be ordered from IIS, not the SBS wizard, and then exported from IIS and imported in the wizard, but it works.  For a higher price you can use enom or Go Daddy or others of your choice.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve DNS query failed errors for Exchange
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now