Announcement

Collapse
No announcement yet.

Ex 2010 ActiveSync problem.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ex 2010 ActiveSync problem.

    Hey all,
    I have an Exchange 2010 server installed and running. I'm trying to sync the employees cellphones with exchange. I have SSL activated on Microsoft-Server-ActiveSync site and Client certifications are Accepted. I have a certificate binded to port 443, the certificate is under the same as the the external connection address.

    In exchange all default parameters are set for ActiveSync (as much as I know i don't have to change anything to be able to sync a phone with exchange, correct me if i'm wrong please). At the moment I have tried to sync only my own phone which is IPhone 3GS. When I sync the phone, i get the certificate download option twice for some reason, but it results with an error message of "Exchange account verification failed"

    Anyone have any idea how to resolve this problem ?

    P.S
    The mobile device have been synced before with 2 other different exchange servers.

    Thanks in advance, Michael.

  • #2
    Re: Ex 2010 ActiveSync problem.

    Don't enable client certificates. That is the cause of problems. ActiveSync can't cope with them.

    You shouldn't be doing anything with SSL certificates in IIS manager, all SSL management should be done through Exchange Management Shell.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Ex 2010 ActiveSync problem.

      Check the users security inheritance. Open Active Directory users and computers. Click on View -> Advanced features
      Find your user account and click properties. Go to the security tab
      Click advanced and check the box to allow inheritance. From what I understand, this is only an issue with users who are a member of protected windows groups (ie domain admins)

      Also....

      www.testexchangeconnectivity.com

      Let us know what that site has to say about it....
      Daniel Frei
      -Windows Operations Server Administrator
      -Exchange Guru
      -Cisco Fanatic
      -SharePoint Hippie
      -Volkswagen Enthusiast

      www.lazynetworkadmin.com

      Comment


      • #4
        Re: Ex 2010 ActiveSync problem.

        Well, by www.testexchangeconnectivity.com it seems that I have problems with the autodiscover services. Maybe i dont get something right, but as much as I know, no one have been touching the exchange server except installing it and activesync should work without any aditional settings.
        Testing Exchange ActiveSync
        Exchange ActiveSync test Failed
        Test Steps
        Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
        Failed to test AutoDiscover for Exchange ActiveSync
        Test Steps
        Attempting each method of contacting the AutoDiscover Service
        Failed to contact the AutoDiscover service successfully by any method
        Test Steps
        Attempting to test potential AutoDiscover URL https://****.co.il/AutoDiscover/AutoDiscover.xml
        Failed testing this potential AutoDiscover URL
        Test Steps
        Attempting to resolve the host name ****.co.il in DNS.
        Host successfully resolved
        Additional Details
        IP(s) returned: 82.80.247.30
        Testing TCP Port 443 on host ****.co.il to ensure it is listening and open.
        The port was opened successfully.
        Testing SSL Certificate for validity.
        The SSL Certificate failed one or more certificate validation checks.
        Test Steps
        Validating certificate name
        Certificate name validation failed
        Tell me more about this issue and how to resolve it
        Additional Details
        Host name ****.co.il does not match any name found on the server certificate CN=*.bezeqint.net, OU=Comodo Israel Wildcard SSL, OU=Provided by Comodo ISRAEL (O.O.S Ltd), OU=Hosting, O=Bezeqint, STREET=40 Hashacham St., L=Petach-Tikva, S=Israel, PostalCode=49170, C=IL


        Attempting to test potential AutoDiscover URL https://autodiscover.****.co.il/Auto...toDiscover.xml
        Failed testing this potential AutoDiscover URL
        Test Steps
        Attempting to resolve the host name autodiscover.****.co.il in DNS.
        The Host could not be resolved.
        Tell me more about this issue and how to resolve it
        Additional Details
        Host autodiscover.****.co.il could not be resolved in DNS Exception Details:
        Message: No such host is known
        Type: System.Net.Sockets.SocketException
        Stack Trace:
        at System.Net.Dns.GetAddrInfo(String name)
        at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
        at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
        at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTe st.PerformTestReally()


        Attempting to contact the AutoDiscover service using the HTTP redirect method.
        Failed to contact AutoDiscover using the HTTP Redirect method
        Test Steps
        Attempting to resolve the host name autodiscover.****.co.il in DNS.
        The Host could not be resolved.
        Tell me more about this issue and how to resolve it
        Additional Details
        Host autodiscover.****.co.il could not be resolved in DNS Exception Details:
        Message: No such host is known
        Type: System.Net.Sockets.SocketException
        Stack Trace:
        at System.Net.Dns.GetAddrInfo(String name)
        at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
        at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
        at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTe st.PerformTestReally()


        Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
        Failed to contact AutoDiscover using the DNS SRV redirect method.
        Test Steps
        Attempting to locate SRV record _autodiscover._tcp.****.co.il in DNS.
        Failed to find AutoDiscover SRV record in DNS.
        Tell me more about this issue and how to resolve it
        Anyway, I have set to ignore client certificates via Exchange Management Console (if thats what you meant Sembee) - nothing changed
        As of permissions inheritance ChiliFrei64, I tryed to sync the phones with different users (which are members of different user groups) if thats what you meant.

        Comment


        • #5
          Re: Ex 2010 ActiveSync problem.

          The errors are rather self explanatory - you are missing the configuration for Autodiscover. Autodiscover is not an optional function - it is required for the correct operation of Exchange.

          Furthermore it also appears that you have a wildcard certificate. Wildcard certificates are NOT the same as a SAN/UC certificate which is required for the correct operation of Exchange 2007/2010 plus some ActiveSync devices cannot cope with wildcard certificates.

          You need to sort your SSL certificates out by deploying a SAN/UC certificate from a commercial provider with the correct name on it. GoDaddy do them for US$80/year http://CertificatesForExchange.com/ - you will also have to sort out your DNS, and have autodiscover.example.com resolve correctly to your server.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X