Activesync, SSL, root certs and a general big pain

Jan 30

Activesync, SSL, root certs and a general big pain

Tue, 2007-01-30 00:05 — superuser

So you've got your brand spanking new PDA or phone with push email thinking it will work nicely out of the box with exchange.....wrong!

Firstly if you've already spent time on this and are implementing this in a corporate environment don't waste more time with self signed or some cheap SSL certs as it will just cause more pain. Go straight over to Third-Party Certificates Compatible with Windows Mobile Powered Devices at MS and be done with it (Thawte & Verisign are more expensive but it 'just works') p.s If you have windows mobile 5 with MSFP the cheap GoDaddy TurboSSL cert may also work, it did for me. (note the addition of MSFP which is a requirement)

Here are some of my mental notes for the basics:

Exchange 2003 SP2 needed for push mail

In exchange system manager, expand global settings->properties on mobile services. Make sure user initiated sync and direct push over http(s) are enabled

Browse to https://mail.yourexternaldomain.com via the device in IE, if you get errors about the certificate not being trusted activesync isn't going to work

If you do have to use self signed or non trusted root certs check out this post detailing how to use p12imprt

And a list of annoying error messages with fixes that worked for me

0x85010014 - The Microsoft-Server-ActiveSync and Outlook Mobile Access virtual directories cannot access the contents of the user's mailbox if the Exchange virtual directory is configured to require SSL - In IIS expand the /exchange virtual folder, properties -> directory security -> edit secure communications and make sure 'require SSL' in UNchecked

80072F17 - Use p12imprt

Tags:

Tech Notes

Activesync, SSL, root certs and a general big pain

Activesync, SSL, root certs and a general big pain

Comments

Post new comment

Popular Tags

Recent comments