Really need some help here. Here's the scenario
I have 1 exchange 2003 SP2 server. No Frontend Server just 1 node. Currently i have SSL enabled and i can use OWA and OMA but not Activesync. I simply get a password prompt again and again.
If i untick require SSL and use port 80 my JasJar syncs over Activesync direct to the server over GPRS no worries, but cant do this as company policy requires SSL.
Questions
1. Has anyone got Activesync working on their Mobile 5 device with a single server setup (no frontend and Backend) with SSL enabled.
2. I dont really need OWA or OMA just activesync over web is their a way i can use SSL for Activesync if i am not worried about the others?
3. If i really need a frontend server is this a pain to do and do all my users internally still access the old (backend) or do they need to repoint to the frontend? In addition in this case would the frontend server also become the server with the internal to internet exchange smtp connector?
Really stuck. If anyone can help i would be very greatful.
Thanks
Yes, I have exchange 2003 sp2 single server working over ssl. Did you have activesync working on your exchange server running sp1 using AUTD?
Is the name on your ssl certificate the same name as the server name you input into active sync on your device? It must match exactly.
Is your certificate publicly recognized by a authorized certificate reseller or did you export and enroll cert into your pda?
Does outlook activesync work over http connection setup on a desktop or laptop using ssl sync?
Can you use activesync using http connection on an outside network to connect to exchange with outlook?
I would guess it has something to do with the certificate name vs the name of the server on your pda...Just a guess tho.
Didnt have running prior to SP2.
Certificates matches exactly and public signed /recognised.
Activesync over a desktop does not work over ssl.
I can use Activesync over http from the internet as well as oma and exchange OWA on standard port 80 http just not ssl.
I have followed the microsoft instructions to create another ExchDAV without SSL for single node scenario which is why oma started working.
I am running EXSP2 single server configuration with SSL enabled. I am using the CACERT free Certificate. You need to import the ROOT of your CA into the PDA.
Take a look at www.msexchange.org there you have to search for the apropriate article.
Cert
Ok, when you used the freecert and imported to root how did you get your JasJar to ignore the fact that the certifcate is not from a trusted authority other than importing onto the device?
I did hear something about a Secure=0 entry in the registry?
If you can save the root authority and server certificates to your PC as CRT files I think, then you can transfer these over to the jasjar and then just tap on them to import them
Thats what I did
Check this:
http://support.microsoft.com/default.aspx?kbid=817379
Check if you can access OWA or OMA over SSL without Ceritifacte error.
If you get error you shoud copy the CA certificate (CRT file) to Universal, rename it to CER and import it.
Good luck!
And one more thing, if youre using Method 2 in KB817379, you should allow access to all your network interfaces in Exchange-OMA Virtual Directory.
Related
I have been trying to get my 8525 to do OTA Push Mail from our corporate Exchange 2003 SP2 server here where I work. I am the admin so I have access to the Exchange server and all settings are correct on the server itself to deal with OMA.
I can use the web browser of my 8525 and actually browse to our server and view both OWA and OMA directly, but when I configure the server through Activesync it always comes back with error code 80072ee7 (server name not resolved) error.
I am running vp3g's official v3 AT&T rom, and radio 1.48 if that matters. But here's where I think my problem lies and maybe someone with more experience regarding this can correct me if I'm wrong. We are running our OWA site on a high port number above 50000. We also have the OWA site under a subdirectory of the server. When I configure the server in Activesync, I enter the servername, port number and path to the OWA site, but once AS fails and I look at the server setting I find that it has dumped any path information and only keeps the server name and port number info.
So am I correct in assuming that M$ direct push only works with a server where the OWA site exists off the root directory of the IIS server? Or can it support paths into the site?
Actually push email relies on the Microsoft-Server-Activesync web application, and has little to do with OWA/OMA. I seem to recall that specifying port numbers and/or directory paths won't work though... May I ask why you're running the Exchange web services in such an unusual manner? Are you hosting other sites in that same IIS server as well?
kltye said:
Actually push email relies on the Microsoft-Server-Activesync web application, and has little to do with OWA/OMA. I seem to recall that specifying port numbers and/or directory paths won't work though... May I ask why you're running the Exchange web services in such an unusual manner? Are you hosting other sites in that same IIS server as well?
Click to expand...
Click to collapse
Actually that's the way it was set up before I started with the company. We have outside sales people that use the site and they felt it would be slightly more secure if it wasn't sitting on port 80 like most web sites. The boss won't let me change the port number at this time.
So activesync on the 8525 won't allow a port number? I thought it would because it keeps that in the server config info it'll dump any path info, but I figured out the path was not needed after a little tweaking. I just can't do anything about the port at this time.
I'm with kltye... don't think push has much (if anything) to do with OWA/OMA. It runs over port 443 (https). I believe it actually starts on port 80 (http) then switches to 443, but I'll spare you the ugly details on that one. Only need to know that for firewall config purposes.
Drop the port # and path and see how that goes.
Codevyper said:
Actually that's the way it was set up before I started with the company. We have outside sales people that use the site and they felt it would be slightly more secure if it wasn't sitting on port 80 like most web sites. The boss won't let me change the port number at this time.
So activesync on the 8525 won't allow a port number? I thought it would because it keeps that in the server config info it'll dump any path info, but I figured out the path was not needed after a little tweaking. I just can't do anything about the port at this time.
Click to expand...
Click to collapse
Security through obscurity eh?
I'm with vp3g as well: doesn't the https site run over 443? If it doesn't, maybe you can create a new Website and use the same settings as the original Exchange-Activesync web app, but have it listen on 443 for https. Are you able (i.e. "have permission") to open up port 443 on your corporate firewall?
Just did a quick perusal of my Exchange Server... appears as though push is an extension of OMA. If you don't have a Microsoft-Server-ActiveSync virtual directory off the Default Web Site (or some site listening on ports 80 & 443), you may be hosed.
Possibly related, but do you have a trusted SSL cert installed on the server? Without that, you might have a problem connecting.
vp3G said:
Just did a quick perusal of my Exchange Server... appears as though push is an extension of OMA. If you don't have a Microsoft-Server-ActiveSync virtual directory off the Default Web Site (or some site listening on ports 80 & 443), you may be hosed.
Click to expand...
Click to collapse
Yeah that's what I figured. I have the ActiveSync virtual directory within the Default Website along with OMA, but the server is listening on ports 60000 & 443 rather than the typical port 80.
You would think there would be a registry hack for AS on the mobile device whereby you could specify a non-standard port for syncing.
TaurusBullba, to answer your question. We don't have a cert (yet) for the Exchange server. That however doesn't matter for normal http connections, only if I attempt to use port 443 as the connect point for AS. Before the year is out, we'll more than likely acquire a cert for that server as well as our http server, but at the moment. I got nothing.
Inline........
Codevyper said:
Yeah that's what I figured. I have the ActiveSync virtual directory within the Default Website along with OMA, but the server is listening on ports 60000 & 443 rather than the typical port 80.
60000 is probably the killer as I noted earlier that push starts on 80 and jumps to 443.
You would think there would be a registry hack for AS on the mobile device whereby you could specify a non-standard port for syncing.
I think it was built around 80/443 to avoid client-side firewall issues.
TaurusBullba, to answer your question. We don't have a cert (yet) for the Exchange server. That however doesn't matter for normal http connections, only if I attempt to use port 443 as the connect point for AS. Before the year is out, we'll more than likely acquire a cert for that server as well as our http server, but at the moment. I got nothing.
You can do a "self-signed" certificate (i.e., generated by Windows Server) at zero cost. Downside is that it must be exported, copied to the device and installed.
Click to expand...
Click to collapse
vp3G said:
Inline........
Click to expand...
Click to collapse
Thanks for the help everyone. We will be building a new Exchange server later this year and I'll push to throw the site back on 80 at that time. In the meantime, I'll try the self-signed cert and see if that gets me in. Thanks everyone for your help! This site is a great resource for WinMo newbies like myself. BTW vp3g... lovin your AT&T v3 ROM. Solid and no problems overall!
BTW, I don't think ActiveSync starts off with port 80 - I was running a personal Exchange server off my cable connection whose incoming port 80 is blocked and everything worked fine using only 443. Good luck with the setup!
Trying to configure OWA access through GPRS with WM6 here with difficulty. Have browsed the forums and many people have the same issue. It is not a problem of certificates because I do get access through Internet Explorer. The problem is that the " /exchange " termination is automatically deleted from the server address necessary for the connection to my OWA.
Is there any way I can cheat WM6 to leave /exchange at the end of the server address ?
Thanks.
Same issue
I'm also having the same issue as you. So far I have had zero luck using activesync on my WM 6.1 device. I haven't found any 3rd party software that will work either. I find this rather hard to believe since the Palm OS has Chattermail++ that lets you sync multiple exchange server email accounts on the same device, and that's been working for years. Surely someone has found a solution to this?
After days of hard work with Exchange 2007 i figured out how to synchronize with exchange account
First my scenario
Internet<----->ISA 2006 server <---->Windows 2008 DC+Exchange 2007
[email protected] is my mailbox
windows 2008 FQDN: server.domain.local IP address: 192.168.1.254
Internal Isa server FQDN: isa.domain.local IP address:192.168.1.1
Internet FQDN exchange.domain.com
To works everityng fine i have to do a lot changes in the systems
1.Create a new Certificaet Template from WEB Server templates and add option to that cert to "Export Private key"
1.Generate request with "New-ExchangeCertificate" command in Exchange 2007 shell - you can use this site https://www.digicert.com/easy-csr/exchange2007.htm
1.1.In common names field add server.domain.local,server,exchange.domain.com,autodiscover.domain.com,autodiscover.domain.local and etc.
1.2.Create the new certificate in the local Certificate Authority from generated earlier request
1.3 Install the new cert in Internet Explorer .Export the certificate With "Private Key"
1.4 Install the certificate in >mmc>certificates>computer certificates>Personal
Iport the new certificate with import-exchangecertificate command
1.5 Add CA root certificate in Trusted root certs in the same console
1.6 Repeat steps 1.4 and 1.5 at the Isa 2006 server
2.At your local DNS server create a new Host A record for
autodiscover.domain.com > 192.168.1.254
3.Open ISA 2006 console and create Exchange publishing rules for Active-Sync
3.1 Create a new listener on port 443 with Basic Authentication and select the right certificate which you create at point 1.2
4.Create a new DNS HOST A record in your external DNS server for
autodiscover.domain.com > Your external IP address
5 Install Root CA file on HTC device
Open HTC and try to enter [email protected] and password for the exchange accout
Cross you fingers and wait ,if everithyng works fine your mail client will automatically configure itself
If there is an error you have to investigate
Common errors:
1.You do not have the correnct certificates on Device or there is an error in ISA configuration - YOu must have root ca cert installed on device
2.Autodiscover is not working -missconfigured dns records
How to test connection:
from any browser in or out the organization you have to open https://autodiscover.domain.com/autodiscover/autodiscover.xml with no Cert error.
The main diference between exchange 2007 and 2003 is that that by default
Web applications on iis 6 in exchange 2003 are working on http
To access securely Active Sync you must use SSL - https protocol.That is wy we create some cerficates earlier.
If there is any error with autodiscovery function-a you should add server in Outlook mobile not with the https:// address but with FQDN name only
Ot server just add: exchange.domain.com and check SSL option.
There are many toutorials how to install Exchange system and in every toutorial the most important is how to create Certificates.
That scenarion is with local CA in the organization.
Good luck .
Emoze
BPB21 said:
I'm also having the same issue as you. So far I have had zero luck using activesync on my WM 6.1 device. I haven't found any 3rd party software that will work either. I find this rather hard to believe since the Palm OS has Chattermail++ that lets you sync multiple exchange server email accounts on the same device, and that's been working for years. Surely someone has found a solution to this?
Click to expand...
Click to collapse
Have an issue with IT Admin blocking ActiveSync (organization has standardized on BlackBerry).
Am using the Emoze (www.emoze.com) client to retrieve mail. It retrieves mails on your device using OWA, instead of ActiveSync.
I am currently using WM6 and am trying to get EMail through our Exchange server setup; however, my Dash s620 will not properly save the server's address.
The address for our OWA is (ex) mail.email.com:8888/exchange
and this address works fine in Internet Explorer etc, but when I enter this into the phone it removes the /exchange and only saves up to :8888, which then gives me "Error synchronizing" when trying to connect. Our Exchange server does have Exchange ActiveSync enabled along with Direct Push enabled.
Any ideas?
Thanks in advance
I think that you have to check your ActiveSync settings on Exchange. I know that Microsoft have a lot of KB's about that.
It does the same thing on mine, erases exchange, but mine is cool. Are you sure you are putting in the Domain?
jt76542 said:
It does the same thing on mine, erases exchange, but mine is cool. Are you sure you are putting in the Domain?
Click to expand...
Click to collapse
Yeah I've tried every which way I could think of for the login credentials.
I'll sift through some more MS articles tomorrow afternoon, see if I can't find anything... baffled though, really.
K this is going to be a huge PITA I can tell.
I adjusted the Virtual Directory for the default web site in Exchange System manager to point directly to /exchange, eliminating the need for anything after the :8888. It works fine in IE etc, quickly brings up a login prompt. Using the phone's IE and going to the http://mail.email.com:8888 works fine, prompts a login accordingly...
I configured a coworkers Blackberry to use our OWA and it works fine, but I'm not sure if it uses Push Email (Exchange ActiveSync).
What is it about the Dash that won't mesh? The server is not using SSL so I couldn't see it being a certificate issue (maybe it still is?). Is there anyone around who manages an Exchange Server and could perhaps shed some light on common settings that need to be adjusted for Exchange ActiveSync?
Such a nuisance
ActiveSync on the phone reports "The server could not be reached. Please verify the server name." Support code: 0x80072EE7
It reports back with this no matter how I enter the address (which again, works fine in IE). Devil phone
8888 is definetly not standard for publishing ActiveSync.
the software will connect to either MailServer:80 if the SSL checkbox is cleared or MailServer:443 if the checkbox is checked.
don't think you'll get ActiveSync connect to something else.
Why don't you change your port back to 80?
you are already exposing your server to internet without any form of protection (no SSL so your password can be sniffed over the network) and having port 8888 buys you nothing in terms of security since any port scanner will report the port as opened and eventually get the HTTP banner from the IIS Server.
So, get back to a standard config and you'll love your DASH again.
UM
I work for a fairly large company and they have not received and lodged the certificate with the new server. When trying to connect I get the following....apparently other phones (iphone, nokias allow you to over-ride and hook up anyway)
"Result:
The security certificate on the server is not valid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server.
Support code : 0x80072FOD "
Any help would be gratefully received.
Thanks again
2 options...
1. Turn OFF SSL when connecting to their exchange server. There is an option in TP2 to do that when you are configuring/editing username/password.
2. try https://yourexchangeserveraddress.com on a desktop browser
if it connects, then download the certificate on your pc and transfer it to your TP2, go to file explorer, click on it and it will install fine. It should connect fine afterwards with SSL on.
Powersquad
Thanks and have tried both options (turn off ssl and downloading) but to no avail....
Any ideas?
Thanks again for the input
I need some help with a Exchange problem on my windows phone 7.
I will like to sync the mail and calendar with the exchange server at my work place, but it is a local server and there is no wifi. I have therefore connected the phone with USB to my desktop computer (with Zune).
If I connect to the exchange server in internet explorer (on the phone) is there no problems, but I can not get it to connect in "email & accounts". I have installed the certificate on the phone and there is no warning before open logon in internet explorer (h t t p s : //[workserver].local/Exchange/ )
When I try to sync I get this error:
Not updated
There's a problem with
[workserver].local. Try again later.
Last tried 2 seconds ago
Error code: 85010014
If I try with out the USB cable in the phone I get this (expected) error message:
Not updated
Make sure the server info in this account's settings is correct, and that you have a data connection.
Last tried 2 seconds ago
Error code: 80072EE7
If I go in to settings and change my password to something wrong I get a:
Outlook account info is incorrect.
I can then type in my correct password and get the same error code 85010014.
Do some one know the right way to connect to a local Exchange server from Windows Phone 7 over USB and Zune?
Exchange does not sync with phones via USB. Never has, and never will. Dunno if this thread is a joke and we're being trolled, or if it's serious...
You sync over ActiveSync, and that should be easy enough to set up if you know what you're doing.
It should work. When you're connected via USB the phone uses your computer's network connection. Are you sure ActiveSync is enabled on the Exchange server and for your account?
I am serious.
I have tryed to test Outlook Mobile Access (OMA) on both my work desktop and mobile by connecction to: h t t p : //[workserver].local/oma/ )
In both the PC and mobile do I get a login screen an then this error:
A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
Is it only posible to sync a WP7 with exchange server is OMA if enabled on the server, or is there anothor way?
My company do not have license to OMA on there Exchange 2003 server.
MortenRJ said:
Is it only posible to sync a WP7 with exchange server is OMA if enabled on the server, or is there anothor way?
My company do not have license to OMA on there Exchange 2003 server.
Click to expand...
Click to collapse
I don't believe there is any license. You just need Exchange 2003 SP1 and ActiveSync is included. SP2 came out six years ago, so I'd hope that's installed already.