none
Testing Activesync says intermediate certificate not found

    Question

  • I am using Go Daddy certificates in Exchange 2010 environment.  I have verified that all certs are installed on the CAS servers (including intermediate).

    There are two F5 units, one for Load Balancing and then another for Reverse Proxy.

    When I run the Activesync test from testexchangeconnectivity, I get the following error. Any suggestions?

     

     

    ExRCA is testing Exchange ActiveSync.

     

     

    The Exchange ActiveSync test failed.

     

     

     

     


    Test Steps

     

     

     

     


    Attempting to resolve the host name casarray.heritagepropane.com in DNS.

     

     

    The host name resolved successfully.

     

     

     

     


    Additional Details

     

     

    IP addresses returned: 67.208.149.107

     

     

     

    Testing TCP port 443 on host casarray.heritagepropane.com to ensure it's listening and open.

     

     

    The port was opened successfully.

     

     


    Testing the SSL certificate to make sure it's valid.

     

     

    The SSL certificate failed one or more certificate validation checks.

     

     

     

     


    Test Steps

     

     

     

     


    ExRCA is attempting to obtain the SSL certificate from remote server casarray.heritagepropane.com on port 443.

     

     

    ExRCA successfully obtained the remote SSL certificate.

     

     

     

     


    Additional Details

     

     

    Remote Certificate Subject: CN=outlook.heritagepropane.com, OU=Domain Control Validated, O=outlook.heritagepropane.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

     

     

     

    Validating the certificate name.

     

     

    The certificate name was validated successfully.

     

     

     

     


    Additional Details

     

     

    Host name casarray.heritagepropane.com was found in the Certificate Subject Alternative Name entry.

     

     

     

    Validating certificate trust for Windows Mobile devices.

     

     

    Certificate trust validation failed.

     

     

     

     


    Test Steps

     

     

     

     


    ExRCA is attempting to build certificate chains for certificate CN=outlook.heritagepropane.com, OU=Domain Control Validated, O=outlook.heritagepropane.com.

     

     

    One or more certificate chains were constructed successfully.

     

     

     

     


    Additional Details

     

     

    A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

     

     

     

    Analyzing the certificate chains for compatability problems with Windows Phone devices.

     

     

    Potential compatibility problems were identified with some versions of Windows Phone.

     

     

     Tell me more about this issue and how to resolve it

     

     

     

     


    Additional Details

     

     

    The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

     

     

     

    ExRCA is analyzing intermediate certificates that were sent down by the remote server.

     

     

    One or more intermediate certificates were missing or invalid.

     

     

     

     


    Additional Details

     

     

    There's a missing intermediate certificate in the certificate chain. Subject = SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US. For more information, see Knowledge Base Article 927465.

    Wednesday, November 16, 2011 7:01 PM

Answers