Exchange 2013 - Active Sync/ mobile device connect


just successfully installed (an got working) Exchange 2013 into our domain after moving away from Mdaemon

Outlook can connect ok etc.

but if i try to connect mobile devices they fail

On my device (samsung) i  add a Exchange ActiveSync account, enter my email address an password

it goes through "autoconfig" then throws an error to say

There are problems with the security certificate for this site

the name of the site does not match the name on the certificate"

Something a little weird is that my device is picking up a previous certificate that we had on our old server - this has subsequently been replaced.

also, what posts do i need to open to allow OWA from outside of the domain?

if i enter into a browser, im getting the log on page to our firewall!!

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NerdsOfTechTechnology ScientistCommented:
On your mobile try choosing manual setup opposed to auto setup.
ET SupportCommented:
Hi,  for OWA you need to open port 443 for HTTPS and 80 for HTTP

Do you have ISA server installed in your network , which may still uses the old certificate ?

The current exchange certificate is a selfsigned ?
mudcow007Author Commented:
Hi, tried manual setup an got a security warning about the cert again

if i view the cert its all in Hex, if i then click continue i get "setup could not finish - Unable to connect to server"

We dont have ISA as far as im aware.....

In ECP > Servers > certificates > I have the new certificate i purchased yesterday from "GoDaddy" which is enabaled for IMAP, POP, IIS an SMTP"

there are other self signed certificates in there too

We are using a Sonicwall FW - if i use the website "" it reckons port 443 & 80 are open

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

ET SupportCommented:
on exchange management shell --> Get-ActiveSyncVirtualDirectory -Server "yourservername" | fl *url*

and see the activesync external url is correct.

Also confirm , you are able to access Outlook web App ( OWA ) from external network

the link should be like  https://"mailserverexternalname"/owa
mudcow007Author Commented:

Get-ActiveSyncVirtualDirectory -Server "yourservername" | fl *url*  
responds with
InternalURL :
ExternalURL :

which matches the virtual directories

Im unable to get to OWA from outside. using the URL i get a dialogue box from out firewall saying the file is not found

to me, its like the firewall isnt routing properly

what ports does OWA use? is it just 443?

NerdsOfTechTechnology ScientistCommented:
WWW Service (OWA):
TCP 80 for HTTP (IN/OUT)
TCP 443 for HTTPS
NerdsOfTechTechnology ScientistCommented:
Also have you "activated" your SSL at godaddy - maybe your server thinks your old cert is active (but it isn't)
ET SupportCommented:
Yes, owa uses port number 443 for HTTPS connection...  I guess the firewall doesn't forward the 443 connection requests to the exchange server
mudcow007Author Commented:
I think i may have figured it, the Admin page for the firewall uses 443!!

So i changed this to 444 (now i cant access it!!)

but im still unable to reach OWA

if i type into the browser on my phone i get a white page to say "this webpage can not be displayed"

i will speak to sonicwall i think, an see what they say

updates to follow

NerdsOfTechTechnology ScientistCommented:
Modifying default HTTP and HTTPS management rules on SonicWALL may render the SonicWALL's Web Management Interface to be inaccessible. You may need to use the CLI to restore the default rules.

Yes, please contact SONICWALL support asap for their recommendations.
mudcow007Author Commented:
kinda fixed!

well i can access OWA now from outside the LAN :)

still struggling to get devices to connect though

if i try a manual configuration i get "authentication failed"
ET SupportCommented:
okay, now please run the testconnectivity

select Exchange ActiveSync Autodiscover option

Also please run the below command and see the output

get-autodiscovervirtualdirectory -Server "yourservername" | fl *url*

NerdsOfTechTechnology ScientistCommented:
Oh good.

Back to the email settings for mobile:
On the manual config check your settings to make sure your ports, SSL, and authentication settings are correct.
mudcow007Author Commented:
cheers guys,

ran the checker, an it connected successfully but with "warnings"

"Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks."

its picking up a previously removed SSL certificate!

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
      Additional Details
Remote Certificate Subject: CN=*, OU=PremiumSSL Wildcard, OU=Software Development, O=OneHR Software, STREET=54 St James Street, L=Liverpool, S=Merseyside, PostalCode=L1 0AB, C=GB, Issuer: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 347 ms.

but in other tests its able to use my new certificate!?

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
      Additional Details
Remote Certificate Subject:, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=, O=", Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 362 ms.
ET SupportCommented:
okay,this shows your settings are correct and the configuration seems to be fine.

so it could be your Firewall or iis website still using old certs ..

To confirm,

connect owa using chrome and once logged in , on the chrome address bar , there will be a green lock icon- click on it and see if its showing correct certificate..
mudcow007Author Commented:
Well it looks like OWA is using the correct one....

any ideas how i could check iis?

ET SupportCommented:
Well if OWA is right , there shouldn't be nothing wrong with Active Sync configuration on the server.

Please check on any other mobile devices , may be you can try on IOS devices and see or check with other android versions

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mudcow007Author Commented:
hmmm i wonder if my handset has retained the certificate for our old email configuration?
mudcow007Author Commented:
i will award you the point as weirdly everything just started to work!?

thanks for your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.