none
ActiveSync problem with Exchange Server 2007 - certificate Error RRS feed

  • Question

  • Dear All,
    I have setup a test server with Exchange 2007 x64. We are getting certificate error every time when we try to sync the phone with Exchange Serve. I have got Active Sync working with Exchnage 2007 behind ISA server. This time I am using hardware firewall instead of ISA. Even if I connect internet connection directly to my exchange server it gives me certificate error. I am using Windows Server Certificate service to create certificates. The certifcate is added in Trusted root authority. Can any one help me with a document on configuring active sync without ISA behind hardware firewall. Its really urgent I am stuck up very badly.  

    Regards,
    Nzm
    Nzm
    Saturday, July 4, 2009 7:44 AM

Answers

  • Hi Elvis,
    Thank you very much for all you help. I followed the same document and run the test. The only thing was I added the certificate in Internediate Certification Authorities and it started working fine. The only issue is that Exchaneg 2007 adds security policy on mobile device forcefully. Because of which evry time the devcie asks for the unlock code, how do I stop Exchange 2007 not to enforce the policy on the device.

    Thank you very much again for you help.

    Regards,

    Nzm
    Nzm
    • Marked as answer by Nzm Tuesday, July 7, 2009 12:48 PM
    Tuesday, July 7, 2009 9:30 AM
  • Hi Nzm,

    Glad to see your original issue is resolved. Regarding the policy, you can set it at EMC | Organization congiguration | Client Access | Exchange ActiveSync Mailbox Policies | Password tab.

    thanks,

    Elvis
    • Marked as answer by Elvis Wei Wednesday, July 8, 2009 3:13 AM
    Tuesday, July 7, 2009 9:45 AM

All replies

  • Does the firewall you are now using use any type of reverse proxy?  Or does it pass the inbound HTTPS requests directly to the Exchange Server? 

    When you try to connect to the Exchange server from outside of your company, look at the certificate that your browser is seeing.  Is it the certificate you expected to see (eg. was this the certificate you issued for the Exchange server?  Or is it the self-signed certificate that comes with the Exchange server?)

    Jim McBee - Blog - http://mostlyexchange.blogspot.com
    Saturday, July 4, 2009 11:27 PM
  • Currently I am using simple Linksys RV042 as this is my test server. There is no reverse proxy which is configured. I checked teh certificate from connecting to Exchange server from outside, I have installed the same certificate on my winows mobile phone. When I browse owa on my phone it gives certificate warning and then allow me to logon but can't does not download email. I have configured Active Sync with Exchange 2007 and Exchange 2003 at two different places but both were behind ISA firewall. This time I am going to use Fortinet firewall.

    Nzm.
    Nzm
    Monday, July 6, 2009 1:21 PM
  • Hi Nzm,

     

    ActiveSync can’t work if certificate is not configured properly. Here are three requirements:

     

    1. Trusted Root Certificate - If you are using an internal CA or self signed certificate, you must install the CA Root certificate on the Mobile Device.

    2. Server Host Name - The server's external host name must match the name specified in the server certificate.

    3. The Valid Date - The certificates have a valid start day and end date. The certificate must not have expired.

     

    You mentioned you received a warning when accessing OWA, the warning will tell you which criteria doesn’t meet the requirement.

     

    Related resources:

     

    Exchange Remote Connectivity Analyzer https://www.testexchangeconnectivity.com/ ,  run a test and it will guide what you should do

     

    Deploying Windows Mobile 6 Devices with Microsoft Exchange Server 2007

    http://technet.microsoft.com/en-us/library/cc182308.aspx

     

    thanks,

     

    Elvis

     

     

    Tuesday, July 7, 2009 8:28 AM
  • Hi Elvis,
    Thank you very much for all you help. I followed the same document and run the test. The only thing was I added the certificate in Internediate Certification Authorities and it started working fine. The only issue is that Exchaneg 2007 adds security policy on mobile device forcefully. Because of which evry time the devcie asks for the unlock code, how do I stop Exchange 2007 not to enforce the policy on the device.

    Thank you very much again for you help.

    Regards,

    Nzm
    Nzm
    • Marked as answer by Nzm Tuesday, July 7, 2009 12:48 PM
    Tuesday, July 7, 2009 9:30 AM
  • Hi Nzm,

    Glad to see your original issue is resolved. Regarding the policy, you can set it at EMC | Organization congiguration | Client Access | Exchange ActiveSync Mailbox Policies | Password tab.

    thanks,

    Elvis
    • Marked as answer by Elvis Wei Wednesday, July 8, 2009 3:13 AM
    Tuesday, July 7, 2009 9:45 AM
  • Hi Elvis,
    I removed Require Password option from password tab, now it does not enforce me to enter password on mobil device.

    Thank a lot

    Nzm
    Nzm
    Tuesday, July 7, 2009 10:06 AM