Re: Mobile Access to Exchange
- From: "John" <spam001(at)plasticcircus(dot)com>
- Date: Thu, 15 Jun 2006 11:09:48 -0700
I'm sure you'll be seeing me a lot here, getting Activesync is becoming a
huge project.
I resolved this issue, my internal DNS server had an a name record for my
external FQDN pointing to my internal IP address. I understand that the
publishing certificate is only used for internal connections. After I
removed the incorrect record, connections connected to the external IP
address and received the external certificate which then matched the url.
That problem is solved.
But :)
Now I seem to be having some final issues configuring IIS and ISA to allow
devices to connect.
I receive an error "Your account in Microsoft Exchange Server does not have
permission to synchronize with your current settings. Contact your Exchange
Server Administrator Support Code:85010004"
A few things that I thought seemed odd, my ISA server has a server rule to
allow access to /OMA/* but not /exchange-oma/*.
IIS is set to deny all connections except for 127.0.0.1 to the
/exchange-oma/ folder.
the /exchange-oma/ folder is set to use integrated and basic authentication.
I have seen a lot of posts online for this issue, I understand that this
same error code can be presented when just trying to sync to outlook, but is
caused by different reasons.
I have found some solutions for front-end / back-end set-ups but not for a
SBS server running ISA2004, and also using OWA and exchange over http.
I appreciate your help as always,
-John
"chace zhang" <v-chacez@xxxxxxxxxxxxx> wrote in message
news:aIurMAFkGHA.4688@xxxxxxxxxxxxxxxxxxxxxxxx
Hi John,
Thank you for posting here. I'm glad to work with you again.
From your problem description, I understand this issue to be: the Mobile
device cannot successfully sync with the SBS server due to certificate
error. If I am off base, please do not hesitate to let me know.
'Synchronization failed due to an incorrect SSL certificate common name'
Based on this error code, there could be 2 possible causes of this issue.
1. The SBS Server name is the exact same as the name used in the
certificate.
2. The certificate information contains invalid characters. Confirm there
are only numbers and English words in the certificate information.
For the SBS server, I would suggest you rerun the CEICW wizard and input
the correct certificate name in the wizard and test your issue again. ( I
understand you have done this before)
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
[Important] The fully qualified domain name that you type in the "Web
server name" box must be the same name that you use to connect to the Web
site from the Internet. For example, if the URL that you use to connect to
a Microsoft Outlook Web Access Web site is
<<https://external.domain.com/exchange>>, type "external.domain.com"
(without the quotation marks) in the "Web server name" box.
I agree with Leonid's idea, since you used self-signed certificate, you
will need to use an external utility to install the certificate on the
device. To install the certificate using this external utility, perform
the
following steps:
a. On the client computer, download smartphoneaddcert.exe from the
following URL:
http://support.microsoft.com/?id=841060
If a signed version of smartphoneaddcert by your mobile operator is
available from this link, download the signed version.
Note: Although the Knowledge Base article, "841060," at the given link
refers to Windows Mobile 2003 and Windows Mobile 2002, the utility will
also work with Windows Mobile 5.0.
In addition, even though the file is named "smartphoneaddcert," it also
works with Pocket PCs.
b. Run smartphoneaddcert.exe and extract SpAddCert.exe.
c. Copy SpAddCert.exe to the device.
d. On the device, create a folder named "Storage" on the root of the
device
and copy the certificate file into the Storage folder.
e. On the device, run SpAddCert.exe. By default, the certificates in the
Storage folder of the device are listed. Select the certificate you just
copied and click OK on all message boxes that get displayed, to install
the
certificate.
Please verify whether this issue is resolved after above steps.
You may need to use the utility for certificate check on the Mobil device.
Please visit:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D88753B8-8B3A-4F1D-
8E94-530A67614DF1&displaylang=en
Download the file and try the following steps:
a. Ensure that your device is connected to the Desktop that
ActiveSync is installed, and your device is connected. A partnership is
not
necessary, you may connect as Guest should you wish.
b. On the desktop, open up a command prompt, and change to the
directory containing the tool executable CERTCHK.EXE
c. The tool uses a simple command line interface. To disable
certificate checking, type: CERTCHK off
d. To enable certificate checking, type: CERTCHK on
e. To verify if certificate checking is currently enabled or
disabled, type: CERTCHK query
f. To get syntax help for the command, type: CERTCHK
g. Please be sure to re-enable certificate checking on the device
after you are done with testing and have installed a signed certificate.
In addition, open the Exchange System Manager console on the SBS Server,
expand Global Settings, right-click Mobile Services and select Properties,
click General tab, click Device Security button, UNCHECK "Enforce
password on device" check box, and then run "iisreset" (without the
quotation marks) on the command prompt on the SBS Server, then check if
the
issue can be reproduced.
Furthermore, you could also try to test on multiple devices to see if this
issue occurs on other devices too.
If you have any questions or concerns related to this issue, please let me
know.
I appreciate your time and look forward to hearing from you.
Have a nice day!
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
.
- Follow-Ups:
- Re: Mobile Access to Exchange
- From: chace zhang
- Re: Mobile Access to Exchange
- References:
- Mobile Access to Exchange
- From: John
- Re: Mobile Access to Exchange
- From: Leonid S. Knyshov
- Re: Mobile Access to Exchange
- From: chace zhang
- Mobile Access to Exchange
- Prev by Date: Re: Changing IP addresses
- Next by Date: RE: OMA Error 1503
- Previous by thread: Re: Mobile Access to Exchange
- Next by thread: Re: Mobile Access to Exchange
- Index(es):
Relevant Pages
|
