Re: ActiveSync 4.0 with Exchange 2003 SP2 (Problems setting up sma

Seems like all this is done using "private certs".

If I buy a cert from ie Verisign, should I need to install CA on the device?

regards KjetilP

"ahl" wrote:

>
> HI James,
>
> I found that checking 'date issued' helped me with self generated
> certificates. I found it quite by accident when my wireless devices started
> to fail authentication while troubleshooting over the last few weeks.
>
> For what it's worth, I now have server AS up and working fine now -
> including an i-mate WM5 smartphone! Lots of grief getting the Certificate
> onto the phone though....
>
> Still got minor problems with the AS client disconnecting the wireless NIC
> on the host PC when connecting the phone by USB. I think it is a WPA and
> DHCP problem.
>
> Regards,
> Steven B.
>
> "James Rennard" <JamesRennard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:9C3EFC7F-FB0F-4955-B30D-ECC1C493C2C5@xxxxxxxxxxxxxxxx
> >I actually about threw the whole thing in the toilet and said it couldn't
> >be
> > done.
> >
> > I had downloaded and installed an 'old' certificate instead of the new
> > general one. And I was like, okay this doesn't work and it never will.
> > Then
> > I realized what I did and checked it and tried the new one...Voila.
> >
> > I really appreciate your help. Hopefully this will help others as
> > well...You would think this is something that would be included in mobile
> > ActiveSync documentation.
> >
> > "ahl" wrote:
> >
> >> Been away for a couple of days and returned to find that you have had a
> >> win!!
> >>
> >> Good stuff!
> >>
> >> CYA
> >>
> >>
> >> "James Rennard" <JamesRennard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:B0E5A794-0EAF-422E-80FC-CF498D8449C3@xxxxxxxxxxxxxxxx
> >> > For all that is good....
> >> >
> >> > It worked.
> >> >
> >> > So...I got a generic "Issued to Server.local" from "CA". And put it on
> >> > my
> >> > handheld as well as the email.servername.com from IIS. It worked.
> >> > Thank
> >> > you
> >> > sooo much! You the man.
> >> >
> >> > "ahl" wrote:
> >> >
> >> >> Install the new certificate and your CA certificate on your device.
> >> >>
> >> >> Check that you are using "email.server.com" in your active sync
> >> >> client.
> >> >>
> >> >> That "should" fix your problem..........hopefully.
> >> >>
> >> >>
> >> >>
> >> >> "James Rennard" <JamesRennard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> >> >> message
> >> >> news:30AAB57A-94D0-46C5-95B9-F8222E7D23B4@xxxxxxxxxxxxxxxx
> >> >> > Hello!
> >> >> >
> >> >> > I haven't had a chance to try out this on the network via wireless,
> >> >> > but
> >> >> > I
> >> >> > did reinstall/recreate a new certificate for the server...
> >> >> >
> >> >> > Doing this the name is now email.server.com and the issued to on the
> >> >> > cert
> >> >> > is
> >> >> > email.server.com as well as the common name.
> >> >> >
> >> >> > So....OWA/OMA is working better than ever. I don't even get a cert
> >> >> > warning
> >> >> > or anything.
> >> >> >
> >> >> > But now I'm getting the following error on my device. =)
> >> >> >
> >> >> > The Security Certificate on the server is invalid. Contact your
> >> >> > Exchange
> >> >> > Server administrator or ISP to install a valid certificate on the
> >> >> > server.
> >> >> >
> >> >> > Support Code: ox80072F0D
> >> >> >
> >> >> > "ahl" wrote:
> >> >> >
> >> >> >> In-line
> >> >> >>
> >> >> >> "James Rennard" <JamesRennard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> >> >> >> message
> >> >> >> news:F2E083D7-186C-4D10-82FC-1B664C6A5835@xxxxxxxxxxxxxxxx
> >> >> >> > Hello!
> >> >> >> >
> >> >> >> > Okay...so I have the following in the parameters directory:
> >> >> >> > (Also,
> >> >> >> > SSL
> >> >> >> > is
> >> >> >> > not selected)
> >> >> >> >
> >> >> >> > I have an SMTPProxy = email.domain.com (which is the location of
> >> >> >> > our
> >> >> >> > OMA/OWA/Sync server)
> >> >> >>
> >> >> >> I belive that this entry is not required after you have applied
> >> >> >> Exchange
> >> >> >> SP2.
> >> >> >> I no longer have it an active sync is working OK
> >> >> >>
> >> >> >> > Then I have ExchangeVdir = /exchange-oma
> >> >> >> >
> >> >> >> > Also, I switched some things around and exported the certificate
> >> >> >> > from
> >> >> >> > IIS
> >> >> >> > and installed it on my device.
> >> >> >> >
> >> >> >> > Now I get the following message...
> >> >> >> >
> >> >> >> > Result:
> >> >> >> > You have an incorrect SSL certificate common name in the Host
> >> >> >> > Name
> >> >> >> > field.
> >> >> >> > For example, you may have entered www.tailspintoys.com when the
> >> >> >> > common
> >> >> >> > name
> >> >> >> > on the certificate is actually www.wingtiptoys.com. Make sure
> >> >> >> > the
> >> >> >> > server
> >> >> >> > name is entered correctly.
> >> >> >> >
> >> >> >> > Support Code: 0x80072F06
> >> >> >> >
> >> >> >> > I'd like to mention that when I view the certificate in IIS it
> >> >> >> > shows
> >> >> >> > the
> >> >> >> > "friendly name" field and "description" field. However, when I
> >> >> >> > export
> >> >> >> > the
> >> >> >> > certificate, regardless of how I try to export it for use, those
> >> >> >> > two
> >> >> >> > fields
> >> >> >> > do not come through on the certificate.
> >> >> >> >
> >> >> >> > The "friendly name" field on the certificate is email.domain.com
> >> >> >> > just
> >> >> >> > like
> >> >> >> > I
> >> >> >> > am using as the servername field on my device when I set it up to
> >> >> >> > sync.
> >> >> >>
> >> >> >> Are you able to
> >> >> >> 1. temporarily open port 80 inbound on your firewall for testing?
> >> >> >>
> >> >> >> Or even better
> >> >> >>
> >> >> >> 2. can you connect your device to the network via an internal wifi
> >> >> >> AP?
> >> >> >>
> >> >> >> If yes, change your device activesync client setting to;
> >> >> >> 1.use FQDN and NOT require SSL
> >> >> >> or
> >> >> >> 2.Use the internal server name and not require SSL if you can
> >> >> >> connect
> >> >> >> to
> >> >> >> internal WiFi.
> >> >> >>
> >> >> >> Give that a try to confirm if server-active-sync is working and
> >> >> >> then
> >> >> >> we
> >> >> >> can
> >> >> >> move on to the certificate problem.
> >> >> >>
> >> >> >> At that point I can only advise what I did to correct my problem(s)
> >> >> >> as
> >> >> >> I'm
> >> >> >> not an IT expert by any definition.... :)
> >> >> >>
> >> >> >> Regards,
> >> >> >> Steven B.
> >> >> >>
> >> >> >> > "ahl" wrote:
> >> >> >> >
> >> >> >> >> James,
> >> >> >> >>
> >> >> >> >> Check the permissions on the NEW virtual directory that you
> >> >> >> >> created.
> >> >> >> >> i.e "exchange-oma"
> >> >> >> >>
> >> >> >> >> Make sure that "require SSL" is NOT selected.
> >> >> >> >> Auth type should be basic plus integrated.
> >> >> >> >>
> >> >> >> >> Check
> >> >> >> >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
> >> >> >> >> confirm that it is pointing to the new virtual directory
> >> >> >> >>
> >> >> >> >> Regards,
> >> >> >> >> Steven B
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> "James Rennard" <JamesRennard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
> >> >> >> >> in
> >> >> >> >> message
> >> >> >> >> news:A4251DA6-6AD5-4947-9F47-496317D92564@xxxxxxxxxxxxxxxx
> >> >> >> >> >> That's what you should get.
> >> >> >> >> >>
> >> >> >> >> >> Try
> >> >> >> >> >> http://servername/exchange-oma/user/NON_IPM_SUBTREE/microsoft-server-activesync
> >> >> >> >> >> as a web folder on an internal PC. See if the sync files are
> >> >> >> >> >> there
> >> >> >> >> >>
> >> >> >> >> >> Substitute "exchange-oma" for what ever you named the new
> >> >> >> >> >> virtual
> >> >> >> >> >> directory
> >> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> > Okay...if I browse the above using HTTP:// I get an
> >> >> >> >> > unauthorized
> >> >> >> >> > type
> >> >> >> >> > error.
> >> >> >> >> > If I use https:// I get a Certificate page and then get a
> >> >> >> >> > dialog...
> >> >> >> >> >
> >> >> >> >> > "Choose a digital certificate"
> >> >> >> >> > The website you want to view requests identification. Please
> >> >> >> >> > choose
> >> >> >> >> > a
> >> >> >> >> > certificate.
> >> >> >> >> >
> >> >> >> >> > I'm going to check and see if disabling Forms Auth will
> >> >> >> >> > correct
> >> >> >> >> > anything.
> >> >> >> >> > Also, how do I go about installing a certificate on the
> >> >> >> >> > device?
> >> >> >> >> >
> >> >> >> >> > Thanks.
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
.

Relevant Pages

  • Re: Issue SSL Cert to Treo 700 for Windows MobileActivesync use
    ... You can install the certs on your 700w. ... The certificate is issued to the server and the same cert is installed on ... This server is already running IIS for OWA and has a Entrust ...
    (microsoft.public.pocketpc.activesync)
  • RE: Problem Code Signing a VBA Macro in an Excel 2002/2003
    ... Regards ... "Stephen Davies" wrote: ... > From here Choose my certificate and click OK, this informs me that the VBA ... > digital certificate nothing is install and of course the spreadsheet ...
    (microsoft.public.office.developer.vba)
  • Re: Install certificate in personnal store
    ... The certificates as viewed from IE certs panel does some filtering ... For example, i believe if you import into the MY cert store, ... You can view ALL certs and ALL system certificate stores using ... I would like to install this certificate in the personnal store ...
    (microsoft.public.win2000.security)
  • Re: Pocket IE - SSL
    ... Pocket PC has no client certificate installer or importer. ... Note that two components of Pocket PC 2003 do use client certs: ... > to install your own certificates in Pocket IE like in the normal IE? ...
    (microsoft.public.pocketpc.developer)
  • Re: saving a certificate
    ... You should then be able to open, view and install ... certificate as from any other *.cer file. ... Regards ... would like to save the contents of the certificate to a file. ...
    (microsoft.public.platformsdk.security)