Announcement

Collapse
No announcement yet.

Active Sync after /ExchDAV

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Sync after /ExchDAV

    Hi all.

    Having a problem with my windoes mobile phone syncing after I enable SSL.

    I've followed the below two articles with no luck. Any help would be appreciated.


    http://www.petri.com/problems_with_f...activesync.htm

    http://www.petri.com/adding_root_cer...e_2003_ppc.htm

  • #2
    Re: Active Sync after /ExchDAV

    I don't see how the subject corresponds with the problem... what is the problem anyway? You haven't actually said.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Active Sync after /ExchDAV

      After I enable SSL on for OWA and make the registry addition for /ExchDAV and then try to sync a mobile device (smartphone), it comes back with error message: 85010014. None of my research has yeilded a fix for this problems. Once I turn off SSL, the problem goes away.

      Comment


      • #4
        Re: Active Sync after /ExchDAV

        http://www.amset.info/exchange/mobile-85010014.asp

        What certificate are you using? Public or locally generated? If locally generated you will also need to make sure the root cert is on the device.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Active Sync after /ExchDAV

          Hi Andy,

          I'm using the SSL generated from my Windows CA server. When I did add the root certificate, it tells me that it is not valid. Let me check out your link and see if it helps.

          Comment


          • #6
            Re: Active Sync after /ExchDAV

            If the cert isn't valid then it will fail. I've had the same issue with a local cert. You can export the cert chain from the /certsrv website. Is the same cert in use for webmail?
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: Active Sync after /ExchDAV

              Andy,

              Following the directions given at:

              http://www.amset.info/exchange/mobile-85010014.asp

              Steps 15-18 are as follows:
              15After making the change, run iisreset again, then restart the IISADMIN service in Services.
              16Put the SSL certificate back on the site, but do NOT set the require SSL option at this time.
              17Test the sync process to prove that it works.
              18If sync works, re-enable forms based authentication in Exchange System Manager.

              My problem is that you have to require SSL in order for FBA to work. If I configure FBA, run IISRESET it does not take me to the https page. IF I require SSL, it does.
              But then the sync breaks.

              Comment


              • #8
                Re: Active Sync after /ExchDAV

                Those are my instructions.

                What instructions were you following for the /exch-dav? That isn't something that I have seen before.

                The thing with this problem is that you can bring across an invalid configuration if you aren't careful. That is why I usually recommend a folder reset and not enabling FBA afterwards before making the changes.

                Furthermore, do not confuse the setting to require SSL with your ability to use SSL. They are not the same and you do not have to require SSL option enabled to use FBA.
                You can use SSL without require SSL enabled. In fact I do not deploy Exchange with the require SSL option enabled because I never open port 80 on the firewall. I do not want anonymous http traffic anywhere near the Exchange server.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Active Sync after /ExchDAV

                  Andy,

                  I believe I've got it! The key for my was not to require SSL on the default website, but the /exchange VD. Sounds crazy because the default web sites is redirected to /exchange.

                  Any ideas why?

                  Anyway, redirect on /exchange now goes to SSL and mobile is syncing via SSL.

                  Comment


                  • #10
                    Re: Active Sync after /ExchDAV

                    Thanks Simon,

                    So how does one use SSL and not require it? Is this something that is done on in IIS, ESM or on the firewall?

                    BTW: ExchDAV is the name that was given to the new virtual directory that was created.

                    Comment


                    • #11
                      Re: Active Sync after /ExchDAV

                      The SSL certificate is just there. You access it via https://host.domain.com instead of http://host.domain.com
                      All the require SSL option does is force IIS to generate an error if SSL is not used. However if the http port is blocked the setting is redundant.

                      People seem to want a switch to enable or disable SSL, but there isn't one. They find this require SSL option and think that is it. If you don't want SSL then you remove the certificate or the port mapping.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment

                      Working...
                      X