Announcement

Collapse
No announcement yet.

Activesync issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Activesync issues

    We have a Exchange 2010 install on a Server 2008 r2 os, when it was originally set up around 3 months ago OWA/Activesync wasn't setup.

    Tried connection an iphone, it was able to see the mailbox headers but not send or download full emails. So i used the testexchangeconnectivity.com website to do a quick check.

    Turns out there is a mismatch with the certificate, we're currently using a self-signed one and i don't think the correct external domain information was entered so i decided to create a new self-signed certificate.

    I've installed the CA on the server 08 r2 os then started the wizard on the exchange server to create a new certificate request. Copied the resulting file contents on the CA website which then completed the certificate requestion. Going back to exchange i completed the certificate process, all went ok so i hit finish. The certificate i just created and completed just dissappeared!

    I have no idea why this is happening and is driving me crazy!!

    PS: i know it's best pratice to have a 3rd certificate, it's just not going to happen at the moment. I know activesync should work with a self signed certificate.

  • #2
    Re: Activesync issues

    ActiveSync isn't supported with the self signed certificates. I would stop wasting your time trying to get them to work and spend the US$60 to get a proper certificate. It isn't worth the headache of getting the self signed things to work.

    You should also ensure that the server is fully up to date - Exchange 2010 SP3, preferably with rollup 1. There were a lot of ActiveSync fixes in that rollup.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Activesync issues

      Originally posted by nabberuk View Post
      We have a Exchange 2010 install on a Server 2008 r2 os, when it was originally set up around 3 months ago OWA/Activesync wasn't setup.

      Tried connection an iphone, it was able to see the mailbox headers but not send or download full emails. So i used the testexchangeconnectivity.com website to do a quick check.

      Turns out there is a mismatch with the certificate, we're currently using a self-signed one and i don't think the correct external domain information was entered so i decided to create a new self-signed certificate.

      I've installed the CA on the server 08 r2 os then started the wizard on the exchange server to create a new certificate request. Copied the resulting file contents on the CA website which then completed the certificate requestion. Going back to exchange i completed the certificate process, all went ok so i hit finish. The certificate i just created and completed just dissappeared!

      I have no idea why this is happening and is driving me crazy!!

      PS: i know it's best pratice to have a 3rd certificate, it's just not going to happen at the moment. I know activesync should work with a self signed certificate.
      If issued from your CA or using the default self signed cert, you will need to install the certificate or certificate chain on the mobile device. Without this a successful handshake will not be established. Failing that if budget is an issue you could use a 'free' certificate from www.startssl.com who issue 'free' SAN certificates although the number of name spaces are limited. At least that way you'd be in a supported configuration and wouldn't have the additional administration of installing certificates client side.

      Comment


      • #4
        Re: Activesync issues

        StartSSL is ok, but those aren't trusted by a lot of mobile devices either!

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Activesync issues

          Been using startssl for 3 years now and never had an issue with EAS. Legacy devices agreed. But even Office 365/Lync online trusts their root CA's.

          Comment


          • #6
            Re: Activesync issues

            I can't see the self signed certificate being the issue, we don't get the normal error messages moaning about it being a self signed certificate.

            We also have another site where there is a self-signed certificate and activesync users work fine.

            Comment


            • #7
              Re: Activesync issues

              Just because it works elsewhere doesn't mean it is going to work everywhere.
              That is what I call the drunk driver's excuse.

              99% of the problems I see with ActiveSync are caused by SSL certificates, penny pinching to use the "free" certificate. It doesn't take very long though before a $60 trusted SSL certiifcate becomes more economical.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Activesync issues

                Originally posted by Sembee View Post
                Just because it works elsewhere doesn't mean it is going to work everywhere.
                That is what I call the drunk driver's excuse.

                99% of the problems I see with ActiveSync are caused by SSL certificates, penny pinching to use the "free" certificate. It doesn't take very long though before a $60 trusted SSL certiifcate becomes more economical.

                Simon.
                There isn't a CA that works 'everywhere'. If the device doesnt trust the CA, then the handshake will fail.
                Apart from that being an irrelvent analogy yours is clearly a very myopic viewpoint. Wether you like it or not there are situations where admins will deploy EAS using self signed, or public CA's that aren't as widespread as the likes of Thawte, Verisign Godaddy etc. But the choice of CA is obviously academic. Either way if the device doesnt trust the CA the result is the same.
                The best practice is to use a certificate from a public CA. Startssl fits into that bracket and my experience with them has been excellent. At the end of the day the likes of Comodo startssl are legitimate options. Wether you feel that does or doesnt make sense is irrelavent as your opinion is clearly too inflexible and not insightful enough to understand the finer particulars, whims or reasons why some admins choose that route. You can repeat the mantra about cost but for some thats not an option. As the facts are ANY trusted CA will work with EAS, providing the certificate chain is present on the device as its just an ssl handshake. Its up to the admin to understand the implications of what CA he chooses to employ and thus support.
                Last edited by scurlaruntings; 8th June 2013, 07:28.

                Comment

                Working...
                X