Announcement

Collapse
No announcement yet.

Active Synch and Cert Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Synch and Cert Issues

    I inherited a working Exchange 2003 OMA setup that would allow active sync from a mobile phone with a cert on the phone. Last week I was having issues with users being prompted for passwords repeatedly in outlook and I had read somewhere that this was a problem with the ignore client certificates settings in Exchange. Anyhow, after playing around with that I broke the active sync and for the life of me after following all kinds of articles on this site and other I cannot get it to work again. Between all of the virtual directories there are many different combination of turning on different authentication methods and SSL/no SSL and I am lost. Also, no articles seem to reference the settings of accepting or ignoring certificates so I am unsure as to what this should be set for for each virtual directory. Can someone give me a run down of their default website and virtual directories settings so I can check against mine?


    The error I get on the phone is
    0x85030027 -- The Exchange Server requires certificates to log on


    Which is referenced by this arcticle http://support.microsoft.com/kb/927467

    The problem is it references a virtual direcory name iisadmpwd which does not exist on my system. Apparently it is for changing ad passwords through iis. Not sure if that is related, I am thinking it is a red herring. Any help on this would be greatly appreciated!

  • #2
    Re: Active Synch and Cert Issues

    You have Use Client Certificates enabled on the server. That should not be the case and should be disabled. OWA and clients such as EAS and RPC over HTTPS cannot use client certificates.

    For the correct operation of Exchange you do not need to have require SSL enabled anywhere. There is no switch to enable SSL or not.

    The primary resolution will be to reset the virtual directories.
    http://support.microsoft.com/default.aspx?kbid=883380

    If that doesn't work, then you will have to remove IIS and Exchange and reinstall both.
    http://support.microsoft.com/default.aspx?kbid=320202

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Active Synch and Cert Issues

      Thanks for the response.. I have seen those KB Articles many times in searching for this but it seems a little drastic considering I think it is just a matter of a radio button or check box that needs to be changed. I am able to hit the oma site over https and see my inbox, just can't do it from a phone.

      Comment


      • #4
        Re: Active Synch and Cert Issues

        While it may appear to be something basic on the surface, IIS and the Exchange integration is very complex underneath.
        The behaviour of your desktop browser isn't really a great test, because Internet Explorer is a little more intelligent. It can do more authentication methods than the mobile browsers.

        Simply put - resetting the virtual directories often resolves the problem, particularly if you have tried to implement MSKB 817379. Turn off forms based authentication, reset the directories, follow 817379 and then enable FBA.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X