Re: SBS2003 + .local domain = no ActiveSync?

Yes - I have realized that that the advice in the article re. split DNS is questionable at best! I have created a Forward Lookup Zone in our SBS DNS and created the appropriate Host records as suggested elsewhere in this thread. I no longer have a name resolution problem within the LAN.

However, I still have certificate problems, with WM5 on the Qtek device telling me that the certificate on the SBS is invalid. Actually disabling SSL on the server DOES help - ActiveSync works fine if SSL is not required.

I don't think the network config is probably relevant having sorted out the DNS but just in case here is our arrangement:

Single-server running SBS2003 SP2 (Std Ed).
Single NIC
Internet connection / Firewall through ADSL Router
ISA is not installed
OWA/Remote Workplace work fine (https://FQDN/exchange or /remote)
All the tasks on the 'To Do' list are completed.


thanks

Keith


SuperGumby [SBS MVP] wrote:
disabling SSL on the SBS isn't going to help, nor is following the advice of ill conceived web pages (http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html).

99% of the contributors to this group run SBS in a .local AD DNS, many of them have mobile devices happily syncing to their server.

Are you running a single or dual NIC config?
Is there a router involved?
Is ISA installed?
Are you able to access https://FQDN/remote from a PC outside your office? (Note: this will require re-enabling SSL access to your SBS)
Have you completed the SBS wizardised setup including the CEICW?

"KeithXP" <dummyemail@xxxxxxxxxxx> wrote in message news:u3w6lK$pGHA.4812@xxxxxxxxxxxxxxxxxxxxxxx
Hi Cris -
Yes, I have done that (God knows how many times). Originally our server was self-certified. WM5 refused to trust that certificate (or at least I could not get it to accept it. I installed it on the device by double clicking the .cer file and by using the SpAddCert utility from MS).
My research led me to believe I might have more luck with a 3rd party certificate. I have a 30-day trial certificate from RapidSSL now. This has been installed on the Qtek (and I installed the Root certificate as well for good measure). I still get 'certificate is invalid' error 80072f0d.

I have disabled SSL on the SBS box for now. I cannot believe how difficult this has proven to be.

Keith

Cris Hanna (SBS-MVP) wrote:
Keith
go to your workstation, Start IE > Tools > Internet Options
Click on Content Tab > Certificates in the Center
Go To the Trusted Root Tab
Scroll down till you find in the ISSUED TO column the external FQDN of your SBS server
Highlight it
Click on the Advanced Tab
Check All unchecked boxes
Click on OK
Click on the Export button
Accept the defaults, choose a location of the exported cert you can remember, and complete the export
Use Windows Explorer to copy and paste the exported file to the mobile device
Open the file explorer on the moblie device and double click the certificate file. You will be prompted about installing the file...accept it
You should now be able to set up SSL synch and direct push
-- Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage

"KeithXP" <dummyemail@xxxxxxxxxxx <mailto:dummyemail@xxxxxxxxxxx>>
wrote in message news:eXD$gwypGHA.148@xxxxxxxxxxxxxxxxxxxxxxx

I have been struggling to get Active Sync 4.1 to synchronize a Windows
Mobile 5 device (Qtek 9100) with Exchange on our SBS 2003 (std ed).

My research is now leading me to believe that the problem may be
related
to the fact that our server has a different name externally to that
used
internally. This has resulted from following Microsoft advice and
naming
our internal LAN using the .local domain. So our server is

servername.ourdomain.local

internally, but externally it is

servername.ourdomain.co.uk

I have been told that ActiveSync needs the server address to be
consistent no matter where the connection is being made from (see

http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html).

If this is the case I am seriously hacked off, as it appears that it is
not possible to change the domain name on an SBS server with out a
complete reinstall.

Is there a work round for this?

thanks

Keith

ps. I have been directed here from the ActiveSync newsgroup where I
have
been posting about this issue.


.