No announcement yet.

EAS keeps synching Despite of a revoked certificate

  • Filter
  • Time
  • Show
Clear All
new posts

  • EAS keeps synching Despite of a revoked certificate

    hello everyone,

    i have a little "problem" with activesync and an iphone.
    the problem is that the iphone is happily syncing with the exchange server, although the client certificate has been blocked.

    this is my lab setup:

    1x dc with server 2008 r2
    1x exchange 2010 with all roles except um
    1x server 2008 r2 hosting a 2008 standalone ca
    1x windows 7 enterprise client
    1x iphone 4 running ios 5.0.1

    i've followed this blog up to the end of phase 4 to set up my lab and it has all been working fine. i only use the ipcu to install the profile with the certificates onto the iphone.

    however, when i revoke (block) the client certificate and republish the crl, active sync still works on the iphone. the blocked certificate is listed in the new crl.
    i've also downloaded and installed the updated crl onto the exchange server, just in case. still no good.

    i've run the certutil tool and it confirmed that the crl is available at the url specified in the certificates.

    could it be that the exchange server is using a cached older version of the crl or, for some reason, not checking the crl at all.

    any ideas and/or suggestions?

    thx a lot

  • #2
    Re: EAS keeps synching inspite of a revoked certificate

    You need to break the connection, by running iisreset.
    Although in my experience the iPhone basically ignores certificates in general, so relying on those to stop authentication is a waste of time. If you want to stop sync, change the user's password then run IISRESET.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: EAS keeps synching Despite of a revoked certificate

      i did restart the iis on the exchange srv. i guess that is what you mean?
      that didn't help...

      i'll try the pwd reset as soon as i got the phone back
      Last edited by sunseeker11; 19th December 2011, 16:36.