Announcement

Collapse
No announcement yet.

Ex2007 and Activesync

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ex2007 and Activesync

    I have a test ex2007 server setup. I have one DC running Win2k3 R2 SP2 and an idenitcal box running Windows 2007.

    I have got webmail working and can connect to it via Outlook. Part of the testing is to get Activesync to work.

    We have a self signed SSL installed, I have tested that I can access the OWA site through a browser and that works fine.

    If I then setup activesync on a freshly wiped Windows 6.1 device I get the following error when using SSL

    "Synchronization could not be completed. Try again Later

    Support Code 0x80072F17"

    If I then turn off SSL on the Microsoft-Server-ActiveSync and on the device, I can then perform a sync and works fine.

    I have found some articles about the above support number but I have not found anything that leads me to a fix about this.

    So has anyone had this before? Have they have fixed it?

    Thanks

    Dave

  • #2
    Re: Ex2007 and Activesync

    Did you install the root certificate on the device? If we are using self signed or internal certifcate on the exchange 2007 server in that case we need to trust the certificates manually.

    And That's why its always good to have 3rd party UCC certificate on the exchange 2007 CAS server.
    ________
    Montana dispensary
    Last edited by Dks; 13th March 2011, 00:22.
    Rgds,

    Dks
    MCP E2K3 & MCITP E2K7
    MCITP Enterprise Win2k8

    Comment


    • #3
      Re: Ex2007 and Activesync

      Originally posted by Dks View Post
      Did you install the root certificate on the device? If we are using self signed or internal certifcate on the exchange 2007 server in that case we need to trust the certificates manually.

      And That's why its always good to have 3rd party UCC certificate on the exchange 2007 CAS server.
      I haven't installed the cert on the device, as I didn't have to with a Ex2003 install with SelfSSl but that was on SBS.

      How do I go about installing the cert on the device?

      Thanks

      Dave

      Comment


      • #4
        Re: Ex2007 and Activesync

        So I found a guide, exported the SSL cert, installed it on my device and now when I go to sync I get

        "The security certificate on the server is not valid. Contact your Exchange Server administrator or ISP to install a valid certifcate on the server

        Support Code: 0x80072F06"

        Now I have no idea why it is saying this when the cert I installed came from the exchange server im trying to connect to. I have checked the date and time of the device and server match

        Dave

        Comment


        • #5
          Re: Ex2007 and Activesync

          The self signed certificate is not supported for use with ActiveSync or Outlook Anywhere. You need to complete your deployment by purchasing a trusted SSL certificate.

          http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Ex2007 and Activesync

            Originally posted by Sembee View Post
            The self signed certificate is not supported for use with ActiveSync or Outlook Anywhere. You need to complete your deployment by purchasing a trusted SSL certificate.

            http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

            Simon.
            Simon,

            Thanks for the link I will have a look through. I was not aware you needed a trusted SSL as articles on the web say people have it working with self cert ones, others say I need a Multiple Domain (UCC) SSL

            The link I found in an article pointed to http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=9039.

            So I would purchase the multiple domain as we have 3 domains for email, and follow the blog post?

            Edit: One thing I have just thought of at the moment the exchange is setup in a test environment with a test domain name and not the real domain name, so will I need to purchase a cert for the current test domain, then repurchase when we do the install for real?

            While I have not started testing yet, I assume I would need a trusted SSL for iPhone activesync?

            Thanks

            Dave

            Comment


            • #7
              Re: Ex2007 and Activesync

              I know there are lots of people who have got it to work, but the fact is, Microsoft do not support it.
              Furthermore, getting it to work is a false economy in my opinion. It can take many hours, then you have to talk users through how to install the certificate on their device - if the provider has allowed that. It is just hassle.

              If you have three different domains for email, then you will need a ten name certificate.
              That is because for Exchange to work correctly you will need

              mail.example.com (the common name on the certificate which everyone enters in to their devices, OWA etc).
              server.example.local (the server's internal FQDN)
              server (the server's NETBIOS name)
              autodiscover.example1.com
              autodiscover.example2.com
              autodiscover.example3.com

              six names total. They come in packs of five.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Ex2007 and Activesync

                Simon,

                Thanks for that. It works when SSL is turned off on a windows mobile device, but not with an iphone but I know it works in the test, so I will worry about getting it to work with SSL when we start the setup of the main system.

                When I said other email domains, I didn't make myself clear as users login with one domain, but we have other email domains that are linked to user accounts.

                So do I still need an SSL for the other email domain even though we do not use it to log into, if that makes sense?

                Thanks

                Dave

                Comment


                • #9
                  Re: Ex2007 and Activesync

                  If you have users with their primary email address in the other domains then you need to accommodate that in the SSL certificate. he autodiscover process has a number of fixed URLs that it will try, the main one being autodiscover.example.com (where example.com is the domain after the @ for the user's primary email address).
                  There are other ways of not having the additional DNS entry, but they require either the support of the external DNS provider for SRV records (which is still unusual) or a redirect site, which can give mixed messages to the users.

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: Ex2007 and Activesync

                    I dont work for this company but I found them to be priced right and their customer service is excellent. If you do choose to use them make sure you remember that there is an intermediate certificate involved too but their customer support is excellent and will take you step by step thru the process.

                    This is if you need a SAN certificate.

                    http://<span style="color:Red">URL R... BY MOD</span>
                    Last edited by biggles77; 25th September 2009, 07:38. Reason: Members post count doesn't allow link posting yet.

                    Comment

                    Working...
                    X