Announcement

Collapse
No announcement yet.

Exchange 2003 / WM 6.1 SSL ActiveSync not working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 / WM 6.1 SSL ActiveSync not working

    Hello
    I'm having a difficult time figuring something out and wanted some assistance if possible.
    We currently have 1 Exch 2003 sp2 server fully patched in a Win2k3 domain.
    We have 4 Palm Treo Pro devices running windows mobile 6.1. We recently purchased an SSL unified communcations certificate from Digicert. To secure OWA, I applied this to the default web site in IIS and succesfully was able to connect to OWA using https, however it broke the synch process to our mobile phones would not sync to our exch server. So after trying to remove the requirement for SSL and seeing that the mobile phones were not working, (also followed several documents to troubleshoot - http://www.amset.info/exchange/mobile-eastrouble.asp and
    http://www.amset.info/exchange/mobile-85010014.asp
    I reset the default web site virtual directories back to their original state using the following article from Microsoft. http://support.microsoft.com/kb/883380
    Follwing this document worked successfully. So now i'm back to being able to resync the phones and able to access owa using http.

    Today the only change I made was adding "Requring SSL" to just the Exchange virtual directory and the OMA virtual directory. I was able to access owa using https but the phones did not synch. I manually added the digital cert to the phone but no luck.

    Is there a problem with Windows mobile 6.1 using SSL ??? does anyone have this working?

    Thanks
    Jamie

  • #2
    Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

    What was the error code on the mobiles when you synchronised? And do you have SSL enabled on the mobile admin exchangeweb or active sync virtual directory?
    Last edited by scurlaruntings; 10th July 2009, 17:27.

    Comment


    • #3
      Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

      error code on the phone is 85010014
      actually no i did not enable SSL on the Microsoft-Server ActiveSync Virtual directory, only OMA and Exchange. Should I try enabling SSL on the MS Activesync & Exchange virtual directores, and leave off the OMA virtual directory?

      Comment


      • #4
        Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

        Originally posted by Jamie View Post
        Today the only change I made was adding "Requring SSL" to just the Exchange virtual directory and the OMA virtual directory.
        Did you not read what I wrote in the two articles that you have linked to above?
        Enabling require SSL on the /exchange virtual directory BREAKS Exchange ActiveSYnc unless you have created the second virtual directory and the registry key.

        That is because an internal call is made on port 80.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

          so your saying to create the exchange-oma secondary virtual directory to let the phones sync there, then enable "require ssl" on the exchange virtual directory only?

          Comment


          • #6
            Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

            You don't need to set the require SSL option anywhere.
            There are two things that break EAS.

            1. Require SSL
            2. Enabling Forms Based Authentication.

            Require SSL is not required if you only have port 443 open. I never open port 80 to a live production system.

            Forms Based Authentication will break EAS, which required the second virtual directory to be configured, but you must reset the virtual directories first and ensure that FBA is not enabled before doing the export.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

              Got it ... I've figured it out after going back to your original document.. I did the same process a couple weeks ago but i think a couple of these steps such as reseeting the virtual dir's, etc. were a bit out of order. so after resetting all the virtual dir's in IIS, i then went ahead and created the new exchange-oma for the phones and it worked.

              I actually never used form base authentication before so when enabling this feature, it was nice to see the outlook 2k3 web access screen come up.
              The only item i dont see is when going to the https URL - internet explorer does not give you the Yes/No/View Certificate prompt anymore. It takes me right to the OWA login screen.

              Would Basic Authentication in any of the virtual Dir's have anything to do with this? should this be changed to just windows authentication or is it safe to leave basic authentication alone?

              Comment


              • #8
                Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

                If you are using a commercial SSL certificate, then you shouldn't get an SSL prompt - that is the point. Do you get a prompt when you shop online at Amazon or use your bank? You shouldn't do.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Exchange 2003 / WM 6.1 SSL ActiveSync not working

                  got it ... thanks for the info ...
                  the mobile phones, ssl certs in OWA work like a champ now

                  Comment

                  Working...
                  X