Re: SBS2003 + .local domain = no ActiveSync?

For what its worth:

This is how I got my QTEK9100 to trust our self-certified SBS2003 Standard:

1. Export the cert from a client logged on to the SBS network by clicking on
the padlock in IE while displaying a local SSL page (i.e. companyweb using
https), and copy the cert to a file (use DER encoding binarxX.509 format).
2. Copy the file to your WM5 device: Create a new folder 'Storage' on the
root and copy it there.
3. Copy SpAddCert.exe to your WM5 device.
4. Import using SpAddCert

This did not work with the cert from the SBS under Clientapps\SBScert but it
worked with the exported cert from a client.

I use mail.mydomain.ch to AS and I have the same setup: SBS2003 Standard,
single nic, DSL router...

Good luck
Franz



"KeithXP" <dummyemail@xxxxxxxxxxx> schrieb im Newsbeitrag
news:u3w6lK$pGHA.4812@xxxxxxxxxxxxxxxxxxxxxxx
Hi Cris -
Yes, I have done that (God knows how many times). Originally our server
was self-certified. WM5 refused to trust that certificate (or at least I
could not get it to accept it. I installed it on the device by double
clicking the .cer file and by using the SpAddCert utility from MS).
My research led me to believe I might have more luck with a 3rd party
certificate. I have a 30-day trial certificate from RapidSSL now. This has
been installed on the Qtek (and I installed the Root certificate as well
for good measure). I still get 'certificate is invalid' error 80072f0d.

I have disabled SSL on the SBS box for now. I cannot believe how difficult
this has proven to be.

Keith

Cris Hanna (SBS-MVP) wrote:
Keith
go to your workstation, Start IE > Tools > Internet Options
Click on Content Tab > Certificates in the Center
Go To the Trusted Root Tab
Scroll down till you find in the ISSUED TO column the external FQDN of
your SBS server
Highlight it
Click on the Advanced Tab
Check All unchecked boxes
Click on OK
Click on the Export button
Accept the defaults, choose a location of the exported cert you can
remember, and complete the export
Use Windows Explorer to copy and paste the exported file to the mobile
device
Open the file explorer on the moblie device and double click the
certificate file. You will be prompted about installing the
file...accept it
You should now be able to set up SSL synch and direct push
--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so
all can take advantage

"KeithXP" <dummyemail@xxxxxxxxxxx <mailto:dummyemail@xxxxxxxxxxx>>
wrote in message news:eXD$gwypGHA.148@xxxxxxxxxxxxxxxxxxxxxxx

I have been struggling to get Active Sync 4.1 to synchronize a
Windows
Mobile 5 device (Qtek 9100) with Exchange on our SBS 2003 (std ed).

My research is now leading me to believe that the problem may be
related
to the fact that our server has a different name externally to that
used
internally. This has resulted from following Microsoft advice and
naming
our internal LAN using the .local domain. So our server is

servername.ourdomain.local

internally, but externally it is

servername.ourdomain.co.uk

I have been told that ActiveSync needs the server address to be
consistent no matter where the connection is being made from (see

http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html).

If this is the case I am seriously hacked off, as it appears that it
is
not possible to change the domain name on an SBS server with out a
complete reinstall.

Is there a work round for this?

thanks

Keith

ps. I have been directed here from the ActiveSync newsgroup where I
have
been posting about this issue.


.