My IT guys have been trying to get this push email thing working and it seems to be one difficulty after another and is not as simple as pressing "push email" in the connection icon....
Our latest error appears on my device with the above error code stating
"the security certificate on teh server is invalid. contact your exchange server administrator or ISP to install a valid certificate to the server".
I have read that I need to buy a public certificate from a public authority (CA) or similar such as Verizon or Thawte. Is this the case, or is there a simpler way to get this push email working using the existing configuration and setup of the server?
We use exchange SP2, with outlook 2003 all around. Internet based webmail works correctly with full access, and activesync via PC works perfectly, but push email encounters the above error.
Any suggestions.
are you sure it's 80072fd or 80072efd ?
I don't have a solution, but the problem is described in M$ knowledgebase article: 915438 - see attached Acrobat .PDF.
I had already tried the suggestion in KB915840 to import the certificate from my sbs2k3-domain, but this had failed with "cannot access the certificate" - even with them on the device. However, certificates from my clients' servers, both sbs2k and sbs2k3, import without problems. This happened both before and after o2's AKU2 ROM update - so AKU2 is not the problem. In addition, I spent Easter *totally* reinstalling sbs2k3 and tested it immediately afterwards. All the sbs2k3/Exch2k3-Sp2 boxes are fully patched. The certificate itself is correct/working, since it works for Outlook Web Access via the web with laptops and even the Exec (Universal).
Whilst sync'ing from the workstation via ActiveStink/USB, if you turn off the SSL requirement the sync suceeeds, but that's obviously not a working solution via the 'Net.
Update:
Just had a thought, and checked the various certificates in a hex-editor. The one from my sbs2k3 box is a completely different format. :? I'll see what I can find out.....
maybe not related, but here's a list of all ActiveSync Server Error Codes: http://blogs.flaphead.dns2go.com/archive/2005/11/21/3202.aspx
80072f0d
Sorry, the correct code is 80072f0d.
I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.
But I do find it painful and frustrating that microsoft do not adequately support their own platforms and systems dont integrate as they should and as they are promoted.
M$ sks.
Re: 80072f0d
simon_darley said:
....I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.....
Click to expand...
Click to collapse
I'm not sure if it was clear from my reply - too tired - but rebuilding the server did not help at all.
Yeh, the pains of rebuilding SBS and having it all configured and running correctly when the staff arrive in the morning is not something I do willingly - hence the use of the holiday. It was done only as a last ditch attempt to solve this and another problem that had Micro$oft totally stumped - not related.
There is a difference in the certificate formats, so that's where I'm concentrating my efforts now. Will let you know what I find.
80072f0d error - the fix!
Just spent the past hour kicking and calling myself an £$%&* idiot.:x
Anyway, to cut the story short, the problem *is* indeed the damn format of the SSL certificate exported by sbs2k3. For the WM5 device to import it, it needs to be in DER X509 format.
If you have imported it into your PC/laptop for OWA/OMA/RWW, then you can easily export it from IE's Internet Options into DER format.
From Internet Options:
- go to Content-tab
- click Certificates-button
- find and highlight your certificate - I had imported mine into Trusted Root Authorities
- click Export-button
- click Next on wizard page
- enable the "DER encoded binary X.509 (.CER)" radio-button, and click Next
- enter a suitable path & filename, e.g.: "myserver.cer"
- click Next, click Finish, click Ok.
- Now copy the certificate to your PDA via ActiveSync.
- Open File Explorer on the PDA,
- Find the certificate file and launch it.
- click Yes to import it and you're done!
I think the reason why my sbs2000 certificates worked was that I had installed Certificate Services on those boxes and exported those certificate from there. I don't understand why some of my client's sbs2003 certificates were in DER-format, and others weren't, but we are talking about Microsoft software, so what else should I expect......
msfp and 80072f0d
After testing a few different certificate variations, the engineers that maintain our servers was able to send me two alternative certificates, one or bother of them appear to ahve worked effective.
So it imported, and now my active sync works for receiving these emails, now I need to look at these heartbeat pings and find out how I set the periodic checking.
Just wondering, normally if you dial a gprs/3g connection, you pay once, and stay connected all day. Does this now mean that it connects, downloads, disconnects, then 5 minutes later reconnects, downloads, and disconnects, thus paying a much larger reconnect fee everytime?
I am playing with this as a new toy, but I can see the costs are going to go ballistic....
and... perhaps for all those that are already experienced here, how does one send an email that remote wipes the device?
is there a command, or a key word or something that makes the system realise the remote wipe command....
sorry, I know this is off the topic of my original post, but thought you might know.
if not, I can start a new topic....!!!
The certificates that I was given was a server.cer and a root.cer.
If anybody needs to know, I can ask the engineers how they did what they gave me to get it to work.
The remote wipe is done from the sbs2k3 box - or rather the box running Exchange2k3Sp2. Your admin needs to install a small tool that he (Domain Administrator credentials needed) then accesses via IE.
Microsoft has published a new white paper (Feb 2006) that describes the whole procedure - just a shame they missed the need for the certificate to be in DER format. The white paper is: "Deploying Windows Mobile 5.0 with Windows Small Business Server 2003".
Related
I try to get my mails pushed to my TyTN. Thus I enabled the appropriate services on my Exchange 2003 SP2 server, set the user permissioning and so on. I generated an P12 cert with my CA and imported it using p12import.exe on my tytn. I also installed .cer for the domain and for the CA on the mobile device. Thus I was able to sync and push. Now I am facing the following issue:
After successfully syncronizing and pushing for some hours, I regularely get an 0x85030027. Checking my certificate I can see that my p12 is gone. After reimporting it using p12import, i can change the server settings the following way to force an "reinitialisation" of the link between user settings and cert: I delete the "m" in "blabla.dynaccess.com", go forward to login information - the password is gone then - go back to the server, add the "m", go forward adding the password. Sometimes I am than able to sync again, sometimes I get an 0x85010004. In the latter case I must delete the whole server setting - loosing all my mails - and have set it once again.
Dealing with this issue now for several days and beeing unable to find any description or solution in this forum and the web, I kindly ask for any idea which could be considered beeing helpful...
PS.: Sorry for my English - it is not my native tongue ;-)
I use CACert certificate for my email and have imported it using smartphoneaddcert utiltity from Micro$oft.
Copy your certificate into \Storage\root.cer (has to be named like this) and run SPAddCert.exe, hopefully that should work
thanks for the immediate answer. i already installed my root-certificate with no probs. The issue I have is related to the individual cert for the device, generated and signed by my ca, which is trusted by the tytn. This individual one disappears after some syncs?!
I don't experience the same problem ...
I think your method is ok (Jacco in DDSL.NL) have a nice tools to import personal certificate to device...
You may also look : http://www.httpsync.net
Cheers
André
Now I can describe the problem more precise: the personal certificate disappears after every soft reset?!
I have the exact same problem !!!!
When you do a soft reset the personal Certificate disappears.
I can reimport it directly, but I need to hook it up to a PC in order to validate the Certificate.
Is there no other way. This is really annoying when i'm on a trip, and I have to soft reset the device.
Does anyone know hpw this can be done differently.
Thanks
Micman
I am trying to configure Microsoft exchange server to get my work emails on my universal.however even though i have my setting all ok,and pda is connecting to internet,no emails are being downloading.
I am getting message that folders have been synchronized but email are neither being sent and received.
tried to speak to my works IT guys who are insisting all settings are OK.
funnily enough i configured my pals pda ,who happens to have a universal like me but using a different phone company ,and all worked beautifully.
when i contacted my phone company they said that all is ok from their side,but I still am not succeeding.
any idea guys?
I think they should enable a certain service. With me all worked fine untill a partly HD crash, now I can still get e-mail into Outlook, but not to my PDA any more. I believe it has to to with Public Directories. At least that's the part what's wrecked in my server.
Good luck!
Bas
OP, I'm assuming you are referring to DirectPush, I would double check with IT that you have your account enabled for User Initated Sync, and that you have all options configured identically to what IT gave you. Specifically, it could be that your company is using SSL and you have yet to export the certificates that are needed to your phone, rendering it unable to sync.
Urthwhyte is right about the ssl, installing it is a simple as accessing the certificate file though your file manager. You might also be experiencing the same problem I am, where your service provider doesn't accept your businesses certificates (doesn't apply to wifi connects).
If you really want it to work and you don't care if ppl pull the data off the air, you could disable ssl if it's not required.
Trying to set up ActiveSync on my Telus P4000 (Titan), although the issue should be the same with an WM6.1 phone...
I can't for the life of my figure the right server settings to enter in the Configure Server section, and I have yet to find a definitive "this is how you do it" procedure for it. As near as I've been able to glean, for the "Server address" section, you give it JUST the domain name of the Exchange server, without an http:// or a /exchange or /oma or anything... correct so far? But the catch in my particular instance is that Exchange web access is on port 8080, rather than 80 or 433.
I've tried adding a :8080 to the server address, I've tried adding the http:// and/or https://, I've tried adding the /oma and /exchange to the end, and all combinations of the above, with no luck... when I go back into the settings, it's reverted to JUST the domain name. Is there somewhere else I can tell it to use a non-standard port? Registry key, maybe?
I'm not sure it works with other ports than 80 (HTTP) and 443 (HTTPS).
You just need to put your external A record in the server value.
Try using standard ports first to be sure everything is working, then switch.
Okay, well I managed to get rid of the "Cannot reach server" messages by switching back to "require SLL", and as it turns out, the server wasn't set up for SSL (it is now). So now I'm connecting, but getting certificate errors. At least I've found plenty of info about solving that issue, so on to the next step...
Soundy106 said:
Okay, well I managed to get rid of the "Cannot reach server" messages by switching back to "require SLL", and as it turns out, the server wasn't set up for SSL (it is now). So now I'm connecting, but getting certificate errors. At least I've found plenty of info about solving that issue, so on to the next step...
Click to expand...
Click to collapse
You will probabby have to install a certificate on the phone to be able to communicate with the exchange server. At least i had to...
playerkiller said:
I'm not sure it works with other ports than 80 (HTTP) and 443 (HTTPS).
You just need to put your external A record in the server value.
Try using standard ports first to be sure everything is working, then switch.
Click to expand...
Click to collapse
I've searched everywhere for info on using non-standard ports for activesync, and I haven't found anything, and I couldn't get it to work.
jeen said:
You will probabby have to install a certificate on the phone to be able to communicate with the exchange server. At least i had to...
Click to expand...
Click to collapse
Yeah, did that... still not helping
Go to first new post ActiveSync config for Exchange
Exchange ActiveSync cannot access the server if SSL is set to be required. For
information about how to correctly configure Exchange virtual directory
jeen is right. Unless the certificate is issued form a Trusted Certificate Authority, you will need to import the issuing CA in the Root Certification Authority store of your Phone.
If it's a self signed cert, just export it from exchange server (without Private key) and copy it to your phone. Then, double click it from File Manager. This should be enough.
^Yeah, I did that right off the top (see my reply to jeen). Still no joy.
Perhaps Tendulkar can finish his thought...
To disable SSL requirements for Activesync service is very easy:
Win2003 (IIS6.0)
Open IIS on your cas, expand the Default Website (or the website where ASVritualDir resides) right click on Microsoft-Server-ActiveSync and choose properties.
Go to the tab Directory Security, choose EDIT under Secure Communication.
Remove flag from Require Secure Channel.
Obvsiulsy Click ok.
Win2008 (IIS7)
Open IISManager.
Navigate through site, default website, hilight Microsoft-Server-ActiveSync.
Make sure you have the features view selected (should be by default).
Choose SSL Settings.
Unflag "Remove SSL".
Obviusly click Accept.
playerkiller said:
To disable SSL requirements for Activesync service is very easy:
Win2003 (IIS6.0)
Open IIS on your cas, expand the Default Website (or the website where ASVritualDir resides) right click on Microsoft-Server-ActiveSync and choose properties.
Go to the tab Directory Security, choose EDIT under Secure Communication.
Remove flag from Require Secure Channel.
Obvsiulsy Click ok.
Click to expand...
Click to collapse
Hmmm... "require SSL" was already un-checked. I've re-checked it, let's see what happens with that.
OK lemme know.
make sure you have the same root certificate installed also. you have to trust the same certificate authority as the certificate that you have on your exchange server.
Did anyone find solution
I am having same problem. Certificate installed and tried all connection settings that can find on internet. Cannot get ActiveSync to syn with my server (same certificate error, but hosting company states tested with WM6.1 that all is working fine on their end) and also cannot get Windows Live Messenger to work, states there's a connectivity problem. Funny thing is MMS, surfing net with IE, and Google Maps with GPRS work fine. Only Microsoft network products are not working. My phone is Palm Treo Pro with WM6.1 Professional. Vodaphone version but bought in China and have since added A4 Chinese text editor, which I think could be problem, but need to hard reset phone to check. Any ideas? Better yet, any solutions?
One tip for getting this working in my case (same certificate errors) was that I had to get the certificate off the internally facing OWA server, rather than the externally facing version. Although they're both the same server, the external one goes through an IAS box which seems to be presenting its own certificate rather than the one on the exchange server. Don't ask me - I don't run the system.
As soon as I add the Internal version of the cert, Exchange, OTA Sync and ActiveSync spring into life.
I'm trying hard to like my x1, can anyone help?
Whenever I try to access OWA using either PIE or Opera I get a page cannot be displayed error. Anyone else seen this and got a solution? OWA works fine using my E90 S60 browser.
Thanks, Martyn.
Just tried it on Opera 9.5 build 15202 and it renders really nicely - pleasantly surprised!
Doesn't work in my Opera Mobile. Can't remember the build. It's the one with Manila favs from Itje's thread.
It works nice and is really fast (as always) in latest Opera Mini.
martynb said:
I'm trying hard to like my x1, can anyone help?
Whenever I try to access OWA using either PIE or Opera I get a page cannot be displayed error. Anyone else seen this and got a solution? OWA works fine using my E90 S60 browser.
Thanks, Martyn.
Click to expand...
Click to collapse
Try Opera Mini.
I'd not like to use Opera Mini for sensible sites
like OWA. It transmits logins over a proxy,i don't
think it's a good idea...
why don't you use Active Sync? You can sync it
manually and e.g. only for the last days. But for
the most it uses less traffic then visiting
the OWA site everyday...
Better yet, set up your push email. It keeps a HTTPS session alive. You just need to install the certificate on your PC to set up the sync, which you can get from OWA.
bedlam_au said:
Better yet, set up your push email. It keeps a HTTPS session alive. You just need to install the certificate on your PC to set up the sync, which you can get from OWA.
Click to expand...
Click to collapse
How?
Will it work without OMA (mobile access)? I don't think so. We don't have a frontend server to support ssl connection from mobile devices, and I'm pretty sure I've tried everything.
If you have a magic way to make it work I would really like to know.
I've been having the same problem...
...and I tried Activesync, but I get a 'certificate' error. I can't figure out how to get the certificate on my device.
I spent days searching the web for an answer... and I gave up after a while.
Oms said:
I've been having the same problem...
...and I tried Activesync, but I get a 'certificate' error. I can't figure out how to get the certificate on my device.
I spent days searching the web for an answer... and I gave up after a while.
Click to expand...
Click to collapse
If you have the .cer file, you just copy it to your device like any other file and run it from there. It should install. I had a few weird cert errors when trying to get mine to work but random poking and prodding seemed to get it up and running eventually.
maedox said:
How?
Will it work without OMA (mobile access)? I don't think so. We don't have a frontend server to support ssl connection from mobile devices, and I'm pretty sure I've tried everything.
If you have a magic way to make it work I would really like to know.
Click to expand...
Click to collapse
To be honest, I don't know, I'm not the exchange admin.
My company's fairly tightfisted when it comes to IT expenditure, so I'd be surprised if they forked out anything extra.
A cursory glance at MS's documentation implies that it shouldn't be necessary because as far as the exchange server is concerned, it can't tell the difference between WinMo's client and a regular web browser. I stand to be corrected by someone who actually knows what they're talking about.
Try installing the cert and setting up your server in Active Sync. It should just work.
I had problem in my work getting this working but after a clean install of OWA on our front end server everything worked properly. The only think needed on the X1 was to import the cer file if you going to use Exchange/Active Sync connection as someone has already suggested.
IE and Opera always worked it was just Active Sync which had problems.
I've just recently got an X1 and been trying furiously to get active sync to work. But as I don't have access to the exchange server at work, I've been trying to find out how to obtain a copy of the cert from my outlook.
Haven't been able to find anything, any suggestions would be much appreciated!
Grab the cert from the OWA website, cause it should be SSL encrypted. The browser shows the encryption with a small lock symbol. Click on it an get more information about the cert. When you opened it, open the cert for the CA shown on the last register. In there choose "save to file" and copy it to your phone.
On the phone open the cert with any file explorer, that will import it into the phone's cert store. From now your phone will trust your company internal CA.
This way is only useful, if your company uses self generated certs with an internal CA. You can see this, if your browser at home (the pc there has nothing to do with your company) show an cert warning, if you open the OWA website. If you really can't get acces to this site from the internet, forget all of the above
Brilliant! I'll give that a go when I get home! I'll let you know how I get on.
Thanks again mcfisch!
I just realised what I did wrong the first time. Under server, I put the wrong address didn't I. However, I've come across another problem, Where it asks for the login credentials, there' username, password and domain, what do I put under domain?
Its all sorted now! I can't believe I was being such a dumbass! I was over complicating things way too much!
Happy days!!!!!!!!
Hello
I've had my HD2 for almost a month now (replacing my iPhone 3G) and prefer it over my 3G in every way, except Microsoft Exchange email support.
I'm trying to connect to my Uni account. It syncs OK the first time/few times after a hard-reset but afterwards I keep getting the invalid security certificate error below
I've searched everywhere and tried different ROMs but no solution. I didn't have to provide any digital certificate for the iPhone or Outlook on my laptop..
I use the same settings on my iPhone (SSL enabled etc)
Anyone else have this problem?
Thank you
the problem isnt the hd2...... it is your lack of having the right cert your iphone downloaded it winmo requires u to install winmo handles exchane perfectly if you set it up right
So if I remove the iPhone from my synced devices list in OWA will it work?
what you need to do is get the cert your webmail is using. By going to the site you should be able to click the lock icon by the address in internet explorer and view the cert. Export it (copy to file) as a .cer file and put it on your device. then click it in file explorer on your phone and it will install. Once you get it installed it will work perfectly.
Ignore me - as above
Thanks for the replay. I came a cross a solution like that yestarday but it didn't work.
Anyways i've tried again now and heres what I did: deleted the exchange account on the phone completely, exported a certificate from OWA on firefox but it came out as a .crt which the phone can't read, so I converted it to a .cer and opened it on the phone, it gave me a sucess message.
Now I added the email account again and like before, it synced perfectly. However I soft-reset and can't sync anymore..
I use gmail over activesync. You could set up a gmail account and see if that works. If it does your exchange isn't setup properly...
I want to add that I never had any issues setting up an exchange mailbox on activesync. Some haertbeat issues yes, but never the setup itself.
I highly doubt it since a uni would probably use 'the usual' routes for ssl certs, but you might have to export & add the intermediate certificates.
As an example, here is mine, using FF so you're looking at a consistent screen.
If you click on the line ending in (2048), it is a different cert than the one ending in "- L1B" So export all 3 certificates (or however many lines you see) and import them over.
For the record, my exchange works perfectly fine as well.
mazzarin said:
I highly doubt it since a uni would probably use 'the usual' routes for ssl certs, but you might have to export & add the intermediate certificates.
As an example, here is mine, using FF so you're looking at a consistent screen.
If you click on the line ending in (2048), it is a different cert than the one ending in "- L1B" So export all 3 certificates (or however many lines you see) and import them over.
For the record, my exchange works perfectly fine as well.
Click to expand...
Click to collapse
THANK YOU
I've exported all three and worked.