Re: ActiveSync

I've made sure all certs are exported from Exchange to ISA box. ActiveSync
still refuses to talk to Exchange with Support Code: 0x80072F0D (The
security certificate on the server is invalid.).

I restarted ISA machine yesterday at around 4 pm. That's the only one thing
I haven't done since I started configuring ISA to publish OWA. It's amazing
what a reboot can do.

Before ISA reboot, when ActiveSync starts syncing, nothing gets logged in
either machine (Event, System, Application) logs. I enabled ISA live logging
to see what is going on when ActiveSync sync'ing. Live logging (Action
column) looks like the following:

Initiated Connection
Closed Connection
Initiated Connection
Closed Connection
Initiated Connection
Closed Connection

It looks as if ISA refuses to talk to WM (or the other way around). OWA
publishing rule (that I created) does not show in ISA live logging. The rule
isn't executed and traffic doesn't even hit Exchange box.

After restarting ISA machine, I see more in ISA live logging. OWA publishing
rule shows up the logging (the rule gets executed). Exchange box shows the
following error:

Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3031
Description: The mailbox server [%1] does not allow "Negotiate"
authentication to its [%2] virtual directory. Exchange ActiveSync can only
access the server using this authentication scheme.

So I followed KB817379, Method 2 because I don't have Exchange front-end
server. Problem solved. ActiveSync now syncs happily with Exchange 2003.


"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:912F5C7D-D313-4B4D-9AF2-FDA53FE78C78@xxxxxxxxxxxxxxxx
Make sure all the relevant CA certs are in the ISA local machine store.
SChannel sends these to the client as part of the SSL handshake.
if the client doesn't trust the cert or it's not part of the trust list
provided by the server, the WM client can't connect.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"John" <a> wrote in message
news:%236vS%23OpxIHA.2184@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the article. I believe I've done everything mentioned in the
article.

I'm beginning to suspect wildcard SSL cert is the culprit. ActiveSync
error
message looks something like this:

The security certificate on the server is not valid. Contact your exchange
administrator blah blah..
Support code: 0x80072F0D

I'm the exchange admin, btw. I've seen that issue before when trying to
connect using WM5. It turns out WM5 doesn't like wildcard SSL. On the
other
hand, WM6 accepts wildcard SSL just fine. I've been using WM6 to access my
Exchange mailbox protected with a wildcard SSL. But now with ISA in this
setup, I can't access it any longer so I suspect ISA with wildcard SSL +
WM6
are bad combos. Not sure if there's a workaround.


"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:DBADF5B3-7F16-4DC7-BF4B-1D9A4F889A44@xxxxxxxxxxxxxxxx
More likely, it's something you did.
Lots of folks are publishing Exchange web services just fine.
http://www.microsoft.com/technet/solutionaccelerators/mobile/deploy/msfp_deploy.mspx
should get you started.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"John" <a> wrote in message news:eKEfssnxIHA.1436@xxxxxxxxxxxxxxxxxxxxxxx
I have a Motorola phone with WM6. My Exchange server 2003 (in the trusted
network) has a wildcard SSL cert from GoDaddy. Incoming https requests
are
redirected from real-IP to private-IP using Watchguard firewall.
ActiveSync
has been working fine with this setup (without ISA2006).

I now use ISA2006 with 2 NICs. I have configured it to publish OWA and
ActiveSync. FBA is enabled. OWA publishing works fine. I can use any
external PC to access Exchange mailbox. Howeve, ActiveSync stops working
now. I get error code 0x80072F0D on my WM6.

Here's a list of what I've done:
1) Export certificate from exchange server
IIS on Exchange box, default website Properties, Directory Security
(tab),
Server Certificate (button), Export the current certificate to a .pfx
file

2) Import cert into ISA
MMC, Add/Remove Snap-in, Certificates, Computer Account, Local computer,
Personal (folder), All Tasks - Import

3) Install intermediate SSL from GoDaddy on ISA server
Almost the same as above but imported into "Intermediate Certification
Authorities" folder

I still can't access my mailbox thru WM6 ActiveSync. The culprit must be
somewhere in ISA box, not Exchange box, because I've been able to use
ActiveSync for months without ISA in the picture. I don't know what else
to
do now.

Help.






.