Re: Certificate Issue

Tech-Archive recommends: Fix windows errors by optimizing your registry

I'll give you the answer...then I get on my soapbox
When you create the self signed cert...
the entry should be default.jimbo.com.au

Then go to the workstation that this WM6 device, connect up the device for active synch
On the workstation, go to IE properties > Content > Certificates> Trusted root
You should find a cert for default.jimbo.com.au
Highlight it then click the export button, accept all the defaults and save it to your pc

Then copy it to the root of your WM6 device
Then using File Explorer on the device...navigate to the root, tap the certificate file and accept the request to install it

Then on the device, re-run active sync and it should be ok....

Now for the soapbox
a. Running a public website on your SBS is probably the biggest security hazard you could have. Port 80 is the number one attacked port on the web, and you are exposing all your company data to it.
b. The DNS server running on your SBS server was never intended to act as your SOA DNS server for your website?
c. Where is the second required public DNS server?

There are very specific documents on the SBS technical library on setting up a WM5 or WM6 device in conjunction with SBS

--
Cris Hanna [SBS - MVP]
-----------------------------------------------------------
MVPs Do Not Work for Microsoft
Please do not contact me directly regarding issues
"Andrew McNab" <andrew@xxxxxxxxxxxxxx> wrote in message news:OCSWI3ViIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
At the moment, this is primarily a certificate issue until I bump into any
other problems. In its entirety, I have exchange and OWA working perfectly
on my domain. I have a PDA phone running Windows Mobile 6 and running
Windows Mobile on Vista to provide ActiveSync for Exchange. Synchronisation
fails due to the certificate name not matching the domain. From TechNet
articles I have read, PDA handsets using Windows Mobile OS require the
following:

A trusted certificate (can be server generated or purchased from a
certificate seller)
The certificate name MUST match the domain name or the PDA will fail
silently during synchronisation
For exchange access via the internet, RDP over HTTP proxy must be installed
on the server

Although I would like to eventually move to RDP over HTTP proxy, i'll get
this sorted first. I have the following things setup:

-Purchased a FQDN, for argument's sake, lets say it is www.jimbo.com.au and
the SBS 2003 domain name is jimbo.internal with the server computer name
jimboserver
-Configured the zone jimbo.com.au with the SoA pointing to jimbo.internal
-A mail exchange(MX) record configured for the zone jimbo.com.au pointing to
jimboserver.jimbo.internal
-Two NICs with one connected to an ADSL gateway and the other used for DHCP
on a Gbit switch for domain machines.
-Ports 80 and 443 directed from the ADSL gateway to the ADSL gateway NIC.
-Two host records in the zone jimbo.com.au called 'www' and 'default'
-Two websites in IIS, one called MyWebsite and the Default Website.
MyWebsite is configured on port 80 with header 'www.jimbo.com.au' and
Default Website configured to port 80 with header 'default.jimbo.com.au' and
SSL port 443
-Creating a server certificate via CIEICW with the domain 'www.jimbo.com.au'
and also tried 'jimbo.com.au'

With the configuration above, external users are able to view
www.jimbo.com.au. Internal users are able to view www.jimbo.com.au,
default.jimbo.com.au, and default.jimbo.com.au/exchange. This is expected
since I have not exposed my DNS publicly. When accessing
default.jimbo.com.au/exchange, I am prompted in IE with a certificate error
stating that the certificate name and domain do not match. Of course, with
browsers, you can chose to ignore this and continue and OWA works fine. The
certificate issue cannot be ignored by the PDA however. Users of Outlook
configured for Exchange have no dramas sending and recieving email using
'user@xxxxxxxxxxxx'.

After laying all this out, my ultimate question is, what am I not doing
correctly? Does the certificate need to match the internal domain name or
the public FQDN (i.e. jimbo.internal or www.jimbo.com.au)? The first outcome
I'd like to achieve is IE not reporting a certificate name missmatch then
I'll work on the PDA later. Any advice or redirection to documentation
regarding certificates used in IIS 6.0 under SBS 2003 would be great. Thanks
for your time.

Andrew


Quantcast