| Author |
Message |
ahl
Guest
|
 Posted:
Wed Nov 23, 2005 1:58 am Post subject:
Re: ActiveSync 4.0 with Exchange 2003 SP2 (Problems setting |
|
|
HI James,
I found that checking 'date issued' helped me with self generated
certificates. I found it quite by accident when my wireless devices started
to fail authentication while troubleshooting over the last few weeks.
For what it's worth, I now have server AS up and working fine now -
including an i-mate WM5 smartphone! Lots of grief getting the Certificate
onto the phone though....
Still got minor problems with the AS client disconnecting the wireless NIC
on the host PC when connecting the phone by USB. I think it is a WPA and
DHCP problem.
Regards,
Steven B.
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in message
news:9C3EFC7F-FB0F-4955-B30D-ECC1C493C2C5@microsoft.com...
| Quote: | I actually about threw the whole thing in the toilet and said it couldn't
be
done.
I had downloaded and installed an 'old' certificate instead of the new
general one. And I was like, okay this doesn't work and it never will.
Then
I realized what I did and checked it and tried the new one...Voila.
I really appreciate your help. Hopefully this will help others as
well...You would think this is something that would be included in mobile
ActiveSync documentation.
"ahl" wrote:
Been away for a couple of days and returned to find that you have had a
win!!
Good stuff!
CYA
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in message
news:B0E5A794-0EAF-422E-80FC-CF498D8449C3@microsoft.com...
For all that is good....
It worked.
So...I got a generic "Issued to Server.local" from "CA". And put it on
my
handheld as well as the email.servername.com from IIS. It worked.
Thank
you
sooo much! You the man.
"ahl" wrote:
Install the new certificate and your CA certificate on your device.
Check that you are using "email.server.com" in your active sync
client.
That "should" fix your problem..........hopefully.
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in
message
news:30AAB57A-94D0-46C5-95B9-F8222E7D23B4@microsoft.com...
Hello!
I haven't had a chance to try out this on the network via wireless,
but
I
did reinstall/recreate a new certificate for the server...
Doing this the name is now email.server.com and the issued to on the
cert
is
email.server.com as well as the common name.
So....OWA/OMA is working better than ever. I don't even get a cert
warning
or anything.
But now I'm getting the following error on my device. =)
The Security Certificate on the server is invalid. Contact your
Exchange
Server administrator or ISP to install a valid certificate on the
server.
Support Code: ox80072F0D
"ahl" wrote:
In-line
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in
message
news:F2E083D7-186C-4D10-82FC-1B664C6A5835@microsoft.com...
Hello!
Okay...so I have the following in the parameters directory:
(Also,
SSL
is
not selected)
I have an SMTPProxy = email.domain.com (which is the location of
our
OMA/OWA/Sync server)
I belive that this entry is not required after you have applied
Exchange
SP2.
I no longer have it an active sync is working OK
Then I have ExchangeVdir = /exchange-oma
Also, I switched some things around and exported the certificate
from
IIS
and installed it on my device.
Now I get the following message...
Result:
You have an incorrect SSL certificate common name in the Host
Name
field.
For example, you may have entered www.tailspintoys.com when the
common
name
on the certificate is actually www.wingtiptoys.com. Make sure
the
server
name is entered correctly.
Support Code: 0x80072F06
I'd like to mention that when I view the certificate in IIS it
shows
the
"friendly name" field and "description" field. However, when I
export
the
certificate, regardless of how I try to export it for use, those
two
fields
do not come through on the certificate.
The "friendly name" field on the certificate is email.domain.com
just
like
I
am using as the servername field on my device when I set it up to
sync.
Are you able to
1. temporarily open port 80 inbound on your firewall for testing?
Or even better
2. can you connect your device to the network via an internal wifi
AP?
If yes, change your device activesync client setting to;
1.use FQDN and NOT require SSL
or
2.Use the internal server name and not require SSL if you can
connect
to
internal WiFi.
Give that a try to confirm if server-active-sync is working and
then
we
can
move on to the certificate problem.
At that point I can only advise what I did to correct my problem(s)
as
I'm
not an IT expert by any definition.... :)
Regards,
Steven B.
"ahl" wrote:
James,
Check the permissions on the NEW virtual directory that you
created.
i.e "exchange-oma"
Make sure that "require SSL" is NOT selected.
Auth type should be basic plus integrated.
Check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
confirm that it is pointing to the new virtual directory
Regards,
Steven B
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote
in
message
news:A4251DA6-6AD5-4947-9F47-496317D92564@microsoft.com...
That's what you should get.
Try
http://servername/exchange-oma/user/NON_IPM_SUBTREE/microsoft-server-activesync
as a web folder on an internal PC. See if the sync files are
there
Substitute "exchange-oma" for what ever you named the new
virtual
directory
Okay...if I browse the above using HTTP:// I get an
unauthorized
type
error.
If I use https:// I get a Certificate page and then get a
dialog...
"Choose a digital certificate"
The website you want to view requests identification. Please
choose
a
certificate.
I'm going to check and see if disabling Forms Auth will
correct
anything.
Also, how do I go about installing a certificate on the
device?
Thanks.
|
|
|
| Back to top |
|
 |
KjetilP
Guest
|
| Posted:
Wed Nov 23, 2005 5:54 pm Post subject:
Re: ActiveSync 4.0 with Exchange 2003 SP2 (Problems setting |
|
|
Seems like all this is done using "private certs".
If I buy a cert from ie Verisign, should I need to install CA on the device?
regards KjetilP
"ahl" wrote:
| Quote: |
HI James,
I found that checking 'date issued' helped me with self generated
certificates. I found it quite by accident when my wireless devices started
to fail authentication while troubleshooting over the last few weeks.
For what it's worth, I now have server AS up and working fine now -
including an i-mate WM5 smartphone! Lots of grief getting the Certificate
onto the phone though....
Still got minor problems with the AS client disconnecting the wireless NIC
on the host PC when connecting the phone by USB. I think it is a WPA and
DHCP problem.
Regards,
Steven B.
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in message
news:9C3EFC7F-FB0F-4955-B30D-ECC1C493C2C5@microsoft.com...
I actually about threw the whole thing in the toilet and said it couldn't
be
done.
I had downloaded and installed an 'old' certificate instead of the new
general one. And I was like, okay this doesn't work and it never will.
Then
I realized what I did and checked it and tried the new one...Voila.
I really appreciate your help. Hopefully this will help others as
well...You would think this is something that would be included in mobile
ActiveSync documentation.
"ahl" wrote:
Been away for a couple of days and returned to find that you have had a
win!!
Good stuff!
CYA
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in message
news:B0E5A794-0EAF-422E-80FC-CF498D8449C3@microsoft.com...
For all that is good....
It worked.
So...I got a generic "Issued to Server.local" from "CA". And put it on
my
handheld as well as the email.servername.com from IIS. It worked.
Thank
you
sooo much! You the man.
"ahl" wrote:
Install the new certificate and your CA certificate on your device.
Check that you are using "email.server.com" in your active sync
client.
That "should" fix your problem..........hopefully.
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in
message
news:30AAB57A-94D0-46C5-95B9-F8222E7D23B4@microsoft.com...
Hello!
I haven't had a chance to try out this on the network via wireless,
but
I
did reinstall/recreate a new certificate for the server...
Doing this the name is now email.server.com and the issued to on the
cert
is
email.server.com as well as the common name.
So....OWA/OMA is working better than ever. I don't even get a cert
warning
or anything.
But now I'm getting the following error on my device. =)
The Security Certificate on the server is invalid. Contact your
Exchange
Server administrator or ISP to install a valid certificate on the
server.
Support Code: ox80072F0D
"ahl" wrote:
In-line
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in
message
news:F2E083D7-186C-4D10-82FC-1B664C6A5835@microsoft.com...
Hello!
Okay...so I have the following in the parameters directory:
(Also,
SSL
is
not selected)
I have an SMTPProxy = email.domain.com (which is the location of
our
OMA/OWA/Sync server)
I belive that this entry is not required after you have applied
Exchange
SP2.
I no longer have it an active sync is working OK
Then I have ExchangeVdir = /exchange-oma
Also, I switched some things around and exported the certificate
from
IIS
and installed it on my device.
Now I get the following message...
Result:
You have an incorrect SSL certificate common name in the Host
Name
field.
For example, you may have entered www.tailspintoys.com when the
common
name
on the certificate is actually www.wingtiptoys.com. Make sure
the
server
name is entered correctly.
Support Code: 0x80072F06
I'd like to mention that when I view the certificate in IIS it
shows
the
"friendly name" field and "description" field. However, when I
export
the
certificate, regardless of how I try to export it for use, those
two
fields
do not come through on the certificate.
The "friendly name" field on the certificate is email.domain.com
just
like
I
am using as the servername field on my device when I set it up to
sync.
Are you able to
1. temporarily open port 80 inbound on your firewall for testing?
Or even better
2. can you connect your device to the network via an internal wifi
AP?
If yes, change your device activesync client setting to;
1.use FQDN and NOT require SSL
or
2.Use the internal server name and not require SSL if you can
connect
to
internal WiFi.
Give that a try to confirm if server-active-sync is working and
then
we
can
move on to the certificate problem.
At that point I can only advise what I did to correct my problem(s)
as
I'm
not an IT expert by any definition.... :)
Regards,
Steven B.
"ahl" wrote:
James,
Check the permissions on the NEW virtual directory that you
created.
i.e "exchange-oma"
Make sure that "require SSL" is NOT selected.
Auth type should be basic plus integrated.
Check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
confirm that it is pointing to the new virtual directory
Regards,
Steven B
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote
in
message
news:A4251DA6-6AD5-4947-9F47-496317D92564@microsoft.com...
That's what you should get.
Try
http://servername/exchange-oma/user/NON_IPM_SUBTREE/microsoft-server-activesync
as a web folder on an internal PC. See if the sync files are
there
Substitute "exchange-oma" for what ever you named the new
virtual
directory
Okay...if I browse the above using HTTP:// I get an
unauthorized
type
error.
If I use https:// I get a Certificate page and then get a
dialog...
"Choose a digital certificate"
The website you want to view requests identification. Please
choose
a
certificate.
I'm going to check and see if disabling Forms Auth will
correct
anything.
Also, how do I go about installing a certificate on the
device?
Thanks.
|
|
|
| Back to top |
|
|
ahl
Guest
|
| Posted:
Thu Nov 24, 2005 5:58 pm Post subject:
Re: ActiveSync 4.0 with Exchange 2003 SP2 (Problems setting |
|
|
The only answer I can really give is, I don't know.
I would assume that you wouldn't have to install Verisign's CA authority as
it would already be on the device. As I understand the issue, you would
still have to install your SSL site's certificate on the device as a trusted
certificate though.
Perhaps someone more enlightened on such things could comment.
"KjetilP" <KjetilP@discussions.microsoft.com> wrote in message
news:F2B6C020-8A37-4E30-99D1-51E8C646FF5D@microsoft.com...
| Quote: | Seems like all this is done using "private certs".
If I buy a cert from ie Verisign, should I need to install CA on the
device?
regards KjetilP
"ahl" wrote:
HI James,
I found that checking 'date issued' helped me with self generated
certificates. I found it quite by accident when my wireless devices
started
to fail authentication while troubleshooting over the last few weeks.
For what it's worth, I now have server AS up and working fine now -
including an i-mate WM5 smartphone! Lots of grief getting the Certificate
onto the phone though....
Still got minor problems with the AS client disconnecting the wireless
NIC
on the host PC when connecting the phone by USB. I think it is a WPA and
DHCP problem.
Regards,
Steven B.
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in message
news:9C3EFC7F-FB0F-4955-B30D-ECC1C493C2C5@microsoft.com...
I actually about threw the whole thing in the toilet and said it
couldn't
be
done.
I had downloaded and installed an 'old' certificate instead of the new
general one. And I was like, okay this doesn't work and it never will.
Then
I realized what I did and checked it and tried the new one...Voila.
I really appreciate your help. Hopefully this will help others as
well...You would think this is something that would be included in
mobile
ActiveSync documentation.
"ahl" wrote:
Been away for a couple of days and returned to find that you have had
a
win!!
Good stuff!
CYA
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in
message
news:B0E5A794-0EAF-422E-80FC-CF498D8449C3@microsoft.com...
For all that is good....
It worked.
So...I got a generic "Issued to Server.local" from "CA". And put it
on
my
handheld as well as the email.servername.com from IIS. It worked.
Thank
you
sooo much! You the man.
"ahl" wrote:
Install the new certificate and your CA certificate on your device.
Check that you are using "email.server.com" in your active sync
client.
That "should" fix your problem..........hopefully.
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote in
message
news:30AAB57A-94D0-46C5-95B9-F8222E7D23B4@microsoft.com...
Hello!
I haven't had a chance to try out this on the network via
wireless,
but
I
did reinstall/recreate a new certificate for the server...
Doing this the name is now email.server.com and the issued to on
the
cert
is
email.server.com as well as the common name.
So....OWA/OMA is working better than ever. I don't even get a
cert
warning
or anything.
But now I'm getting the following error on my device. =)
The Security Certificate on the server is invalid. Contact your
Exchange
Server administrator or ISP to install a valid certificate on the
server.
Support Code: ox80072F0D
"ahl" wrote:
In-line
"James Rennard" <JamesRennard@discussions.microsoft.com> wrote
in
message
news:F2E083D7-186C-4D10-82FC-1B664C6A5835@microsoft.com...
Hello!
Okay...so I have the following in the parameters directory:
(Also,
SSL
is
not selected)
I have an SMTPProxy = email.domain.com (which is the location
of
our
OMA/OWA/Sync server)
I belive that this entry is not required after you have applied
Exchange
SP2.
I no longer have it an active sync is working OK
Then I have ExchangeVdir = /exchange-oma
Also, I switched some things around and exported the
certificate
from
IIS
and installed it on my device.
Now I get the following message...
Result:
You have an incorrect SSL certificate common name in the Host
Name
field.
For example, you may have entered www.tailspintoys.com when
the
common
name
on the certificate is actually www.wingtiptoys.com. Make sure
the
server
name is entered correctly.
Support Code: 0x80072F06
I'd like to mention that when I view the certificate in IIS it
shows
the
"friendly name" field and "description" field. However, when
I
export
the
certificate, regardless of how I try to export it for use,
those
two
fields
do not come through on the certificate.
The "friendly name" field on the certificate is
email.domain.com
just
like
I
am using as the servername field on my device when I set it up
to
sync.
Are you able to
1. temporarily open port 80 inbound on your firewall for
testing?
Or even better
2. can you connect your device to the network via an internal
wifi
AP?
If yes, change your device activesync client setting to;
1.use FQDN and NOT require SSL
or
2.Use the internal server name and not require SSL if you can
connect
to
internal WiFi.
Give that a try to confirm if server-active-sync is working and
then
we
can
move on to the certificate problem.
At that point I can only advise what I did to correct my
problem(s)
as
I'm
not an IT expert by any definition.... :)
Regards,
Steven B.
"ahl" wrote:
James,
Check the permissions on the NEW virtual directory that you
created.
i.e "exchange-oma"
Make sure that "require SSL" is NOT selected.
Auth type should be basic plus integrated.
Check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
confirm that it is pointing to the new virtual directory
Regards,
Steven B
"James Rennard" <JamesRennard@discussions.microsoft.com
wrote
in
message
news:A4251DA6-6AD5-4947-9F47-496317D92564@microsoft.com...
That's what you should get.
Try
http://servername/exchange-oma/user/NON_IPM_SUBTREE/microsoft-server-activesync
as a web folder on an internal PC. See if the sync files
are
there
Substitute "exchange-oma" for what ever you named the new
virtual
directory
Okay...if I browse the above using HTTP:// I get an
unauthorized
type
error.
If I use https:// I get a Certificate page and then get a
dialog...
"Choose a digital certificate"
The website you want to view requests identification.
Please
choose
a
certificate.
I'm going to check and see if disabling Forms Auth will
correct
anything.
Also, how do I go about installing a certificate on the
device?
Thanks.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in