Re: Nokia E61, MailForExchange and certificates

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Nick

Thank you for choosing Microsoft Online support.

The setting you have when you set up your device for active sync under
"Server Address" is what the Certificate HAS to read. If inbound port 80
is open on the router have you tested this without ssl? Have you been
through the ceicw?

Certain Nokia devices use the Symbian platform and cannot import the SBS
self generated certificate. Other 3rd party certificates seem to install
properly.

Per Nokia, there are 3 possible workarounds:

1. Purchase and install a 3rd party certificate for the small business
server that the Nokia device can import and use
or
2. Click yes for the popup warning on the device about the certificate not
being trusted
or
3. Uncheck SSL on the device.

Here are the default settings for IIS on the Three virtual directories for
an SBS Server.
Open IIS Manager

Open properties of virtual directory exchange-oma
Select Directory Security tab
Select Authentication and access control ->Edit:
Enabled Basic authentication
Enabled Integrated Windows authentication
Disabled anonymous access
Select Secure communications ->Edit:
Require secure channel (SSL) should be unchecked

Open properties of virtual directory OMA
Select Directory Security tab Select Authentication and access control
->Edit:
Uncheck Enable anonymous access
Uncheck Integrated Windows authentication
Only Check Basic authentication
Secure communications ->Edit:
Require secure channel (SSL) should be unchecked

Open properties of virtual directory Microsoft-Server-ActiveSync Properties
Select Directory Security tab Select Authentication and access control
->Edit:
Uncheck Enable anonymous access
Uncheck Integrated Windows authentication
Only Check Basic authentication
Secure communications ->Edit:
Require secure channel (SSL) should be unchecked



James Frederickson - (MSFT)
jamesfre@xxxxxxxxxxxxxxxxxxxx
Microsoft Corporation

.

Relevant Pages

  • RE: Cant sync WM 5.0 phone with SBS2003 over the air
    ... Select Directory Security tab Select Authentication and access control\Edit: ... Authentication Methods ... Require secure channel (SSL) should be unchecked ... Uncheck Integrated Windows authentication ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS authentication
    ... In fact, I want to enable ONLY certificate authentication, not ... directory security tab, secure communication, Edi button ... ... If I do a netmon trace, I can see that IIS tells IE that it needs to ...
    (microsoft.public.inetserver.iis)
  • Re: Need help configuring Wireless Connection profile
    ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: PEAP-TLS vs EAP-TLS
    ... It covers the deployment of PEAP with digital certificates (what you are ... PEAP-TLS as MS docs pretty much all were about PEAP-MSCAHPV2 or generally ... Of course user certificate authentication used in PEAP-TLS ...
    (microsoft.public.windows.server.security)
  • Re: Need help configuring Wireless Connection profile
    ... Just go there and do a search for 'WPA2'. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)