Solved

SBS-2003 excahnge mobile access problems

Posted on 2014-10-19
33
131 Views
Last Modified: 2014-10-21
We have an SBS-2003 Sp2, running exchange V6.5 (build 7638.2 SP2), and I created a self-signed certificate to replace an expired exchange certificate and OWA from PC's works no problem. the problem is, none of the mobiles devices connect even for the android Firefox browser. tried to run ICW to modify security settings but the program doesn't run, starts but stop after a few seconds.
I thought I might install PowerShell v2 for SBS2003 but there is no support for exchange!
I need help to fix this problem!
0
Comment
Question by:SIM-PS
  • 16
  • 15
  • +1
33 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40390969
Please have a read of my article and run through the settings, then test the configuration on the test site mentioned and report back any issues that my article doesn't help fix:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Alan
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40390998
You need to purchase and install an SSL certificate. Self-signed certificates can lead to heartache and hair loss. :)

I recommend DigiCert.
http://supertekboy.com/certificates-for-microsoft-exchange/
0
 

Author Comment

by:SIM-PS
ID: 40391002
I Have=, but the System Manager menu doesn't show the server folder, see attachment. how do I add it?
2014-10-20-09-08-Image.png
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391006
3rd party certs aren't essential for SBS 2003 - but they do make life easier.

As long as the name in the cert matches the FQDN used to connect then it will be happy.
0
 

Author Comment

by:SIM-PS
ID: 40391008
Hi Gareth, tried to get the client to agree to it without success. I the problem is deeper than that since ICW.exe won't run!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391011
Did you see my initial comment yet?
0
 

Author Comment

by:SIM-PS
ID: 40391016
Yes Alan, please see the attachment, the server folder isn't there, how do I add it any idea?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391045
Which part of my article are you referring to?
0
 

Author Comment

by:SIM-PS
ID: 40391057
I had seen the article before  and  
1. system manager doesn't have server folder showing as per your article
2. Connect to the internet (ICW) won't bring up the menu and therefore can't check or modify the security settings for the new ssl certificate.

so i'm looking at fixing that or some work around, hence my look at PowerShell
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391064
If you click on View> Advanced Settings, do you see it now?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391068
Where does the ICW wizard fail?

Please post the ICWLOG.TXT file on your c: drive for review (located in %sbsprogramdir%\Support\icwlog.txt)
0
 

Author Comment

by:SIM-PS
ID: 40391073
I don't that option ( see new attaSystem Manager Menu2ched file)
0
 

Author Comment

by:SIM-PS
ID: 40391077
17/06/2005 2:18 PM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizinet.dll, version 5.2.2651.0
calling CNetCommit::ValidatePropertyBag ().
Call to Querying for the property bag () returned ok.
Call to Reading hardware selection () returned ok.
Hardware selection: 0
Call to Validating hardware selection () returned ok.
Call to Reading LAN NIC Guid () returned ok.
LAN NIC Guid: {D7D9534B-C7D1-4EFB-95F7-961E8F543DE4}
Call to Validating LAN NIC Guid () returned ok.
Call to Validating NIC properties () returned ok.
Broadband selection: 0
Call to Validating broadband selection () returned ok.
calling CNetCommit::ValidateFulltimeConnectionProperties ().
Call to Reading LAN NIC Guid () returned ok.
LAN NIC Guid: {D7D9534B-C7D1-4EFB-95F7-961E8F543DE4}
Call to Validating LAN NIC Guid () returned ok.
Call to Reading 2nd NIC Guid () returned ok.
External NIC Guid: {CDB427BA-5EED-4043-9C3D-DDC2460B204B}
Call to Validating external NIC Guid () returned ok.
Call to Validating NIC properties () returned ok.
Call to Reading Default Gateway () returned ok.
Default Gateway: 210.49.38.1
Call to Validating Default Gateway IP () returned ok.
Call to Reading preferred DNS server IP () returned ok.
Preferred DNS server: 203.2.75.132
Call to Validating prefferred DNS server IP () returned ok.
Call to Reading alternate DNS server IP () returned ok.
Alternate DNS server: 198.142.0.51
Call to Validating alternate DNS server IP () returned ok.
Call to Validating preferred & alternate DNS servers () returned ok.

17/06/2005 2:18 PM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizrfire.dll, version 5.2.2651.0
calling CRFireCommit::ValidatePropertyBag (0x1245af0).
Error 0x1 returned from call to CRFireCommit::ValidatePropertyBag no RRAS NAT Public Interface, Basic Firewall will not be configured.().

17/06/2005 2:18 PM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizcert.dll, version 5.2.2651.0
Calling CCertCommit::ValidatePropertyBag
Require SSL for OWA: 1
Require SSL for Remote Portal: 1
Require SSL for Monitoring: 0
Require SSL for OMA: 0
Require SSL for CompanyWeb: 0
Require 128 Bit Encryption: 1
Cert selection: 1
Web server name: mcc.com.au
CCertCommit::ValidatePropertyBag returned OK

17/06/2005 2:18 PM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizemail.dll, version 5.2.2651.0
calling CEmailCommit::ValidatePropertyBag ().
calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag, 0x7f558).
Call to pdispPPPBag->QueryInterface () returned ok.
calling ReadInt4 (0x1245af0, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
Call to ReadInt4 () returned ok.
The out param of ReadInt4() is -1.
calling CValidatePropertyUtil.ValidatePropertyInteger ().
Call to CValidatePropertyUtil.ValidatePropertyInteger () returned ok.
Call to CEMailCommit::ValidatePropertyBag () returned ok.
calling CNetCommit::Commit (19159792).
calling CNetCommit::ValidatePropertyBag ().
Call to Querying for the property bag () returned ok.
Property bag is not dirty, skipping validation
calling CNetCommit::Common ().
calling CNetCommit::GetLanNicInfo ().
LAN NIC Guid: {D7D9534B-C7D1-4EFB-95F7-961E8F543DE4}
Call to Converting LAN NIC Guid () returned ok.
Call to Getting IP address for the LAN NIC () returned ok.
Call to Reading in the LAN NIC info () returned ok.
Call to Fixing the TCP/IP NIC Binding order () returned ok.
Dhcp server is installed and not disabled
Call to Set DHCP Server to start up automatically () returned ok.
DNS server is installed and not disabled
Call to Changing startup type for DNS () returned ok.
Call to Clearing DNS server entries on the LAN NIC () returned ok.
Call to Setting DNS server IP for the LAN NIC () returned ok.
Call to Resetting DNS recursion timeout () returned ok.
Call to Resetting client dns query timouts in config.dat () returned ok.
Call to DsGetDcName for local domain name () returned ok.
Call to Installing RRAS (LAN) () returned ok.
Call to Installing NAT () returned ok.
Call to Clearing all static routes () returned ok.
calling CNetCommit::DoFulltime ().
Call to Converting external NIC guid () returned ok.
Call to Clearing default gateway on the LAN NIC () returned ok.
External NIC has a dhcp assigned default gateway, will not touch it
Call to Setting DNS forwarders () returned ok.
Call to Preparing for DNS listener reset () returned ok.
Call to Resetting DNS listeners () returned ok.
Call to Clearing DNS server entries on the external NIC () returned ok.
Call to Making sure the DNS entries on the external NIC points to the local DNS server () returned ok.
Call to GetLocalDomainName () returned ok.
Call to Deleting the DNS record for the external NIC () returned ok.
Call to Configuring RRAS NAT () returned ok.
Call to Disabling net services on the external NIC () returned ok.
Call to Turning off dns registration on the external NIC () returned ok.
Call to Disabling NetBIOS for the external NIC () returned ok.
Call to CNetCommit::DoFulltime () returned ok.
Call to Configuring for fulltime connection () returned ok.
calling ConfigureIE ().
calling SetInternetOptions ((null), (null), (null)).
calling InternetSetOptionA (NULL, INTERNET_OPTION_PER_CONNECTION_OPTION).
Call to InternetSetOptionA () returned ok.
Call to SetInternetOptions () returned ok.
calling InternetSetOption_AutodialConnection ().
Call to InternetSetOption_AutodialConnection () returned ok.
calling InternetSetOption_AutodialMode (4).
Call to InternetSetOption_AutodialMode () returned ok.
calling InternetSetOption_DisableAutodial (0).
Call to InternetSetOption_DisableAutodial () returned ok.
Call to ConfigureIE () returned ok.
Call to Configuring IE for fulltime connection () returned ok.
Call to Notifying client setup for Default gateway as the SBS server () returned ok.
calling RegisterMSBOExchangeBP (0).
Error 0x1 returned from call to RegisterMSBOExchangeBP().
Call to Unregistering the smtp sink () returned ok.
Call to GetLocalDomainName () returned ok.
Call to Reading in the local domain name () returned ok.
Local Domain Name is: mcc.local
Call to Enabling secure dynamic DNS updates () returned ok.
Call to Disabling RoundRobin for DNS server () returned ok.
Call to GetLocalDomainName () returned ok.
Call to Configuring DHCP options () returned ok.
Call to Disabling the RASUTO service () returned ok.
Call to Configuring w32time parameters for fulltime () returned ok.
Call to CNetCommit::Common () returned ok.
Call to CNetCommit::Commit () returned ok.
calling CRFireCommit::CommitEx (0x1245af0).
calling CRFireCommit::ValidatePropertyBag (0x1245af0).
Call to Reading web publishing selection () returned ok.
Call to Reading OWA publishing selection () returned ok.
Call to Reading RUP publishing selection () returned ok.
Call to Reading Monitoring publishing selection () returned ok.
Call to Reading OMA publishing selection () returned ok.
Call to Reading RPC publishing selection () returned ok.
Call to Reading Companyweb publishing selection () returned ok.
Call to Reading ROOT publishing selection () returned ok.
Web publishing selections:
OWA publishing: 1
RUP publishing: 1
Monitoring publishing: 0
OMA publishing: 0
RPC publishing: 0
Companyweb publishing: 0
ROOT publishing: 0
Call to CRFireCommit::ValidatePropertyBag () returned ok.
calling Enable Basic Firewall (0x0).
calling Get Private NIC Info (0x0).
calling Set RRAS Inbound Filter (0x0).
calling Set RRAS Registry key (0x0).
Call to GetPrivateNICGuid () returned ok.
Call to GetIPAddress for private nic () returned ok.
Call to GetSubnetMask for private nic () returned ok.
RUP is not published
Call to Fixing the inheritance for root dir () returned ok.
Call to Unpublishing the default web site () returned ok.
Call to Fixing the inheritance for companyweb dir () returned ok.
Call to Unpublishing companyweb () returned ok.
Call to Publishing /Exchange () returned ok.
Call to Publishing /ExchWeb () returned ok.
Call to Publishing /Public () returned ok.
Call to Publishing /ExAdmin () returned ok.
Call to Publishing RUP () returned ok.
Call to Publishing client help for RUP () returned ok.
Call to Notify RUP for OWA () returned ok.
Call to Notify RUP for Monitoring () returned ok.
Call to Notify RUP for RPC () returned ok.
Call to Notify RUP for Companyweb () returned ok.
Call to Restricting exhchangeoma to local server only () returned ok.
Call to Restricting ConnectComputer to local network only () returned ok.
Call to GetInternetServerName () returned ok.
Call to GetNetbiosDomainName () returned ok.
Call to NotifyProvisioning () returned ok.
Call to Limiting number of connections () returned ok.
Call to Sending RUP intro mail () returned ok.
Call to Saving web publishing selection () returned ok.
calling Set Web Publishing Rules (0x0).
Call to GetPrivateNICGuid () returned ok.
Call to WMIGetIPAddress () returned ok.
Call to IISConfig Set () returned ok.
Call to Setting default logon domain for OMA () returned ok.
calling Service verified running: (RemoteAccess).
Call to Setting Anonymous Access () returned ok.
Call to CRFireCommit::Commit () returned ok.
Calling CCertCommit::CommitEx
Calling CCertCommit::ValidatePropertyBag
Require SSL for OWA: 1
Require SSL for Remote Portal: 1
Require SSL for Monitoring: 0
Require SSL for OMA: 0
Require SSL for CompanyWeb: 0
Require 128 Bit Encryption: 1
Cert selection: 1
Web server name: mcc.com.au
CCertCommit::ValidatePropertyBag returned OK
Updating Client Setup config.dat file returned OK
CCertCommit::EnableSSL returned OK
CCertCommit::RequireSSL returned OK
CCertCommit::NotifyRemoteUserPortal returned OK
Reading the Internet Server Name returned OK
OMA is not published, will not update the server name
Sending RUP intro mail returned OK
CCertCommit::SaveUserSelections returned OK
CCertCommit::CommitEx returned OK
calling CEmailCommit::Commit (0x381f0).
calling CEmailCommit::ValidatePropertyBag ().
calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag, 0x7f4d4).
Call to pdispPPPBag->QueryInterface () returned ok.
calling ReadInt4 (0x1245af0, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
Call to ReadInt4 () returned ok.
The out param of ReadInt4() is -1.
calling CValidatePropertyUtil.ValidatePropertyInteger ().
Call to CValidatePropertyUtil.ValidatePropertyInteger () returned ok.
Call to CEMailCommit::ValidatePropertyBag () returned ok.
calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag, 0x7f544).
Call to pdispPPPBag->QueryInterface () returned ok.
calling ReadInt4 (0x1245af0, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
Call to ReadInt4 () returned ok.
The out param of ReadInt4() is -1.
calling GetDomainAndControllerNames ().
Call to GetDomainAndControllerNames () returned ok.
calling GetOrganizationName (\\mcc-server.mcc.local, DC=mcc,DC=local).
Call to GetOrganizationName () returned ok.
calling GetFirstAdministrativeGroup (\\mcc-server.mcc.local, DC=mcc,DC=local, MCC).
Call to GetFirstAdministrativeGroup () returned ok.
calling GetFirstRoutingGroup (\\mcc-server.mcc.local, DC=mcc,DC=local, MCC, first administrative group).
Call to GetFirstRoutingGroup () returned ok.
Call to SetCookieAuthentication () returned ok.
Call to Enabling Wireless admin for OMA () returned ok.
Call to Getting NETBIOS domain name () returned ok.
NETBIOS domain name: MCC
Call to Enabling NTLM on /public () returned ok.
calling CommitPOP3 (0x1245af0).
Call to CommitPOP3 () returned ok.
calling _SetRegInt4Value (HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\SmallBusinessServer\Connectivity\ICW, Last_MailOption_Exchange, -1).
Ignoring return value from call to _SetRegInt4Value().
Call to CEMailCommit::Commit () returned ok.
calling CNetCommit::SaveConfig ().
calling CEmailCommit::ValidatePropertyBag ().
calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag, 0x7f52c).
Call to pdispPPPBag->QueryInterface () returned ok.
calling ReadInt4 (0x1245af0, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
Call to ReadInt4 () returned ok.
The out param of ReadInt4() is -1.
calling CValidatePropertyUtil.ValidatePropertyInteger ().
Call to CValidatePropertyUtil.ValidatePropertyInteger () returned ok.
Call to CEMailCommit::ValidatePropertyBag () returned ok.
calling CScriptUtil::RenameFile (config.vbs).
Call to CScriptUtil::RenameFile () returned ok.
calling CScriptUtil::OpenFileToRead (temp.icw).
Call to CScriptUtil::OpenFileToRead () returned ok.
The out param of CScriptUtil::OpenFileToRead() is 0x77bf1d08.
calling CScriptUtil::CreateFile (config.vbs).
Call to CScriptUtil::CreateFile () returned ok.
The out param of CScriptUtil::CreateFile() is 0x77bf1d48.
calling CopyUntilSection (0x77bf1d08, 0x77bf1d48).
Call to CScriptUtil::CopyUntilSection () returned ok.
calling WriteEmailSection (0x77bf1d48).
Call to WriteEmailSection () returned ok.
calling CScriptUtil::CopyUntilSection (0x77bf1d08, 0x77bf1d48).
Call to CScriptUtil::CopyUntilSection () returned ok.
calling WriteSetPropertySection (0x77bf1d48).
Call to WriteSetPropertySection () returned ok.
calling CScriptUtil::CopyUntilSection (0x77bf1d08, 0x77bf1d48).
Call to CEMailCommit::SaveConfig () returned ok.
Calling CCertCommit::SaveConfig
Calling CCertCommit::ValidatePropertyBag
Require SSL for OWA: 1
Require SSL for Remote Portal: 1
Require SSL for Monitoring: 0
Require SSL for OMA: 0
Require SSL for CompanyWeb: 0
Require 128 Bit Encryption: 1
Cert selection: 1
Web server name: mcc.com.au
CCertCommit::ValidatePropertyBag returned OK
CCertCommit::SaveConfig returned OK
calling CRFireCommit::SaveConfig ().
calling CRFireCommit::ValidatePropertyBag (0x1245af0).
Call to Reading web publishing selection () returned ok.
Call to Reading OWA publishing selection () returned ok.
Call to Reading RUP publishing selection () returned ok.
Call to Reading Monitoring publishing selection () returned ok.
Call to Reading OMA publishing selection () returned ok.
Call to Reading RPC publishing selection () returned ok.
Call to Reading Companyweb publishing selection () returned ok.
Call to Reading ROOT publishing selection () returned ok.
Web publishing selections:
OWA publishing: 1
RUP publishing: 1
Monitoring publishing: 0
OMA publishing: 0
RPC publishing: 0
Companyweb publishing: 0
ROOT publishing: 0
Call to CRFireCommit::ValidatePropertyBag () returned ok.
Call to CRFireCommit::SaveConfig () returned ok.
calling CNetCommit::SaveConfig ().
calling CNetCommit::ValidatePropertyBag ().
Call to Querying for the property bag () returned ok.
Property bag is not dirty, skipping validation
calling oScriptUtil.RenameFile ().
Call to oScriptUtil.RenameFile () returned ok.
calling oScriptUtil.OpenFileToRead ().
Call to oScriptUtil.OpenFileToRead () returned ok.
calling oScriptUtil.CreateFile ().
Call to oScriptUtil.CreateFile () returned ok.
calling oScriptUtil.CopyUntilSection ().
Call to oScriptUtil.CopyUntilSection () returned ok.
calling WriteNetworkSection ().
Call to WriteNetworkSection () returned ok.
calling oScriptUtil.CopyUntilSection ().
Call to oScriptUtil.CopyUntilSection () returned ok.
calling WriteSetPropertySection ().
Call to WriteSetPropertySection () returned ok.
Call to CNetCommit::SaveConfig () returned ok.
calling GetBOConnector ().
Error 0x80072030 returned from call to GetBOConnector().
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391082
Okay - ignore the server part.  Which bit of my article are you trying to confirm on your server?  The SP2 part?

Just checking your icwlog.txt file.  BRB.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391089
Please check the NIC binding order as per my article.  This may fix the ICW Wizard issue.
0
 

Author Comment

by:SIM-PS
ID: 40391097
ICW  is the main issue since I can't run it2014-10-20-10-12-ICW.png
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391100
Please see my last comment.
0
 

Author Comment

by:SIM-PS
ID: 40391121
Checked NICs and bindings all looks ok, except that I get to the ICW click next, a seconds then drops out.
2014-10-20-10-29-ICW2.png
0
 

Author Comment

by:SIM-PS
ID: 40391124
is there a way to re-install ICW without screwing the server?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391134
When did the wizard last run happily to your knowledge?

What is the history of the server?  Was it running happily until very recently?
0
 

Author Comment

by:SIM-PS
ID: 40391150
the SBS-2003 server was converted from a Physical server to a VMware VM server in 2009 and has been happy, allowing for self-signed Certificates for exchange every 2 years.
It's only now that we need to create the new certificate that this issue has come up. and only with mobile option OWA is happy with the Cert but only for PC's internal or external.

Is a script (even a vb one that could fix the security attributes?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391156
Okay - MS Don't support virtualised SBS!

There is no magic solution that I'm aware of.

Can you please delete the icwlog.txt file and re-run the wizard.

Also - please post an unedited output from ifconfig /all

Thanks

Alan
0
 

Author Comment

by:SIM-PS
ID: 40391161
C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : em-sbs
   Primary Dns Suffix  . . . . . . . : EardleyMotteram.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : EardleyMotteram.local

Ethernet adapter Primary VM NIC1 - 20.0.0.-:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
   Physical Address. . . . . . . . . : 00-0C-29-1F-74-D8
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 20.0.0.50
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 20.0.0.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
                                       20.0.0.1
   Primary WINS Server . . . . . . . : 20.0.0.50

C:\Documents and Settings\Administrator>
0
 

Author Comment

by:SIM-PS
ID: 40391163
deleted the icwlog.txt file and re-ran the wizard, didn't create a new file and I've just noticed before I deleted it, that the date stamp showed "2005"
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391393
Okay - please remove the 2nd DNS record on your NIC (the one pointing to the router).  SBS should only ever point to itself and/or another DNS server within the domain, not a router.

Then try the ICW Wizard again.

If no dice, please install and run the SBS 2003 Best Practices Analyser and fix any issues identified.
http://www.microsoft.com/en-gb/download/details.aspx?id=5334

Alan
0
 

Author Comment

by:SIM-PS
ID: 40391404
will try this tonight , thank you
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391420
No probs - here if you get stuck anywhere.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40391426
Quick check for you!

What Service Pack is displayed in the following registry key:

registry key HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\ServicePackNumber

Think you might be missing SBS Service Pack 1!!
0
 
LVL 2

Accepted Solution

by:
Jasvindar Singh earned 500 total points
ID: 40391822
Let me start with explaining you difference between Third Party and Internal Certificate and its Impact:
a. By default Third Party Certificate's Root Certificate is installed in all the PC's and Mobile device and it get
     it get installed when OS is installed because Certificate companies have tie up with OS Manufacturers.
b. When you have Third Party certificate on your server, your device connects without any issues because it
     already have Root certificate of Third Party certificate which is on Server.
c. Concept is quite simple, If A trusts B, B trust C then A trusts C.

d. Now in your scenario, you have replaced Third Party certificate with Internal CA. So make sure on SBS
     Server => IIS => Default Web Site => Microsoft Server ActiveSync => Properties => Directory Security tab =>
     Make sure both the checkboxes "Require Secure Channel (SSL)" and "require 128-bit encryption" is  
     UNCHECKED. => Apply and OK. Restart IIS. Cmd Prompt => iisreset.

e. Make sure while configuring ActiveSync profile on Device => Uncheck SSL requirement.

                                                                       OR
f. If you want Device to connect over Secure channel i.e., HTTPS then you need to install Internal CA's
    Certificate on all the devices.

g. Email Root Certificate of Internal CA to yourself, open it in Device using OWA in browser and save the file
    and install that certificate on Device.
0
 

Author Closing Comment

by:SIM-PS
ID: 40393715
Great help, thanks to all of you  for your persistence and the sharing of your knowledge.

Regards Patrick
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40393778
How does the selected comment resolve your issue exactly?

Alan
0
 

Author Comment

by:SIM-PS
ID: 40393867
I changed the settings below

   Server => IIS => Default Web Site => Microsoft Server ActiveSync => Properties => Directory Security tab =>
     Make sure both the checkboxes "Require Secure Channel (SSL)" and "require 128-bit encryption" is  
     UNCHECKED. => Apply and OK. Restart IIS. Cmd Prompt => iisreset.

thank you for your help Alan.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40393873
Those details are outlined in my article which was posted first.  Did you read through and check your IIS settings against my article because if you did, you would have made the changes based on my article not the comment that you accepted as the solution?

Exchange 2003 (Part of Small Business Server):

Exchange Virtual Directory
•      Authentication = Integrated & Basic
•      Default Domain = NetBIOS domain name - e.g., yourcompany*
•      Realm = yourcompany.com
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL IS ticked (very important)

Microsoft-Server-Activesync Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchange-oma Virtual Directory
•      Authentication = Integrated & Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Restricted to IP Address of Server
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

OMA Virtual Directory
•      Authentication = Basic
•      Default Domain = NETBIOS domain name - e.g., yourcompany*
•      Realm = NETBIOS name
•      IP Address Restrictions = Granted Access
•      Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Alan
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
The purpose of this video is to demonstrate how to set up a Mailchimp campaign. This will include styling and adding elements to a newsletter/email. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchim…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now