Related
Hello,
My company uses Exchange server 2003 sp2. I've tried to sync my TyTN II several times but I always get this message: "The security certificate on the server is invalid. Contact your system administrator or ISP to install a valid certificate on the server and try again".
I'm actually able to access https://myserver.com/OMA (not http) using my nickname and password, but I don't even know what that means. I talked to the IT guys and they just sent me to a Microsoft page where it says: "This problem may occur because the device manufacturer locked the Windows Mobile 5.0-based device. This lock prevents you from installing Secure Sockets Layer (SSL) certificates correctly".
So, their only answer was: contact your manufacturer to see if the device is locked (??). (Although they also said I didn't need a SSL certificate)
¿Could anybody please help me to understand this? ¿Do I have to install a certificate? ¿Do the IT guys have to do it? I really need to solve this so any information is welcome
thanks a lot.
If it is a "self-signed" certificate (and not an official one bought f.e. via verisign.com), than you have to install it on your device to make it "valid". Additionally the Hostname provided in the certificate must exactly match the hostname of your exchange-server otherwise it won't work either. HTH
PS.: you can find out both when you access your companys exchange server via OWA (OutlookWebAccess). Once you're logged on you can examin the certificate and look if the hostname matches, if the certificate is still valid (every certificate has an expiration date) and who the "certification authority" is.
You can still use OWA if the company allows you to use it unencrypted. Just uncheck use SSL during setup.
I'd be curious if anyone would know how to rip the public key from Firefox or something so it can be imported to the phone to make it work.
I have been told if you can get your exchange admin to send you the .CERT file from the IIS webserver you can run that on your phone and get it to work. However, I believe that has the public and private key pairs, which is a security risk to your entire organization if you have the private pair!
jon_k said:
You can still use OWA if the company allows you to use it unencrypted. Just uncheck use SSL during setup.
Click to expand...
Click to collapse
domain credentials over unsecured channel, bad mojo man
Your IS guys should have a certificate for you to install which will resolve the problemI have a root ca certificate for my company installed on my phone so I have no problem using any certificate they sign.
As already said, check the hostname matches extacly and check the expiry date of the certificate.
Hey Guys, thanks for all your answers!
I'm logged on the OWA server and the certificate says "Equifax Secure global eBusiness CA-1". The expiration date is 24/02/2010. Does anybody know how can I install this on my device? I checked the hostname and it matches perfectly
If it is like the certificate I have to use to get my Tilt/Office Exchange to work, then you just double click on it and it should say "Installed" or something like that. After that, assuming you have everything else setup, it should work like a charm.
thanks a lot to all you guys! Had some problems because the certificate would install in the "intermediate" store, instead of the root store, but I found this site and followed the instructions:
http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/
It's synchronizing right now and it's way faster than activesync!
Well I was able to save, and copy the certificate by going to my companies OWA site.
I copied it via memory card, and was able to install it. Upon installing it I'm not asked for an option of where to install it (root vs. intermediate, etc)
Unfortunately by default it is going to intermediate.
I hope that this will fix it once I figure out how to install it into root.
For now it has not fixed my problem, still get an error synchronizing with the server.
Edit:
Strange, I re-installed the certificate, to make sure it was from the "head" title branch (my company has an extra level to the branch so I tried both), and this time instead of soft-reset, I completely shut-down the phone.
Powering it back up, it now sync's fine, and there is a 2nd verisign cert with a different expiration installed in the root store. My poor outlook is still syncing data as it catches up for the last couple weeks!
Doh.
WeldingRod said:
Well I was able to save, and copy the certificate by going to my companies OWA site.
I copied it via memory card, and was able to install it. Upon installing it I'm not asked for an option of where to install it (root vs. intermediate, etc)
Unfortunately by default it is going to intermediate.
I hope that this will fix it once I figure out how to install it into root.
For now it has not fixed my problem, still get an error synchronizing with the server.
Edit:
Strange, I re-installed the certificate, to make sure it was from the "head" title branch (my company has an extra level to the branch so I tried both), and this time instead of soft-reset, I completely shut-down the phone.
Powering it back up, it now sync's fine, and there is a 2nd verisign cert with a different expiration installed in the root store. My poor outlook is still syncing data as it catches up for the last couple weeks!
Doh.
Click to expand...
Click to collapse
I also had this problem, and the sync. still does not work... if someone has some idea
Thank you
hello everyone,
I got this to work by installing the .cer certificate from the self signed website certificate AND installing a .cer from the server's self signed ROOT CERTIFICATE. The root certificate is usually located on the C: drive of the server with certificate services installed. Your IT guy should know where this is. You just copy the root cert to a file just as you would the website cert. Install both on the phone...the website cert will go to "intermediate" and the rott cert will go into the "root" store. Once I did this, no more error codes and my activesync shows "connected" instead of the last time it was synced.
Hi
Had the same problem and it's solved thanks to this solution mentioned by oscarsalgar
It's working perfect !!!
Thank you very much
K'uvo man, gracias puesh hermano, me salvaste la vida puesh. Triple hijueputa q me ayudo este post man. Gracias pelado!!
I have received a HTC TYTN II from my company, which currently is synching with our mailserver so that I can read my email wherever I am.
Since I'm curious, I tried to get my old Wizard to do the same. I did the same install as with the Kaiser, but I get the dreaded "0x85010004". I scanned thru the Kaisers registry and took all root-certificates under "HKEY_LOCAL_MACHINE\Comm\Security\SystemCertificates" and imported them into the Wizard and rebooted, but no luck. I am assuming it's a certificate of some kind that is missing, but I can't find where else it could be? Does Exchange install a hidden certificate on the phone in order to identify it, and if so - why isn't it shown in the certificates menu?
Any help is appreciated.
BR
Fredrik
activesync cert with exchange
hi fredrik,
activesync accessing exchange on a mobile device uses OWA (outlook web access) to access your email through SSL. the best way to get the cert you need is to log into your OWA (probably something like https://webmail.yourcompanyname.com) or whatever it is (it's the same address you use when you put in when confiigure exchange with activesync) from a desktop pc. than, right click on a blank portion of the page and go to properties. you should see a button that says certificates, click on that, than click on the details tab. than click on the "copy to file" button and the cert export wizard will start. click next, than select base64 as the type of cert, than hit next, name it, save it, put it on a memory card or bluetooth the file to your phone and install it. sometimes, during the install, your phone will error out when installing it, just soft reset, and then install it again. you should get a message that says it was installed successfully. than configure for activesync for exchange on your phone and you should be all good. let me know if that works for you.
Thanks for the help!
Tried that and got the same problem. The original phone has Pointsec installed in it, but I do not think that it gerenates any certificates (at least not any I have found in the registry). Is the ACU version important?
/F
Talked to my IT department and they told me that Pointsec decodes a certificate in order to communicate with our mailservers. Anyone any good at pointsec and knows if it puts a crypto on the Registry or if it is purly file based? If the file is decrypted each time I punch in my code, it should register the time when the file is being decrypted... What programs can search files in WM and search for the time stamp?
BR
Fredrik
I have an AT&T Tilt. I had Direct Push from Exchange Server working perfectly with no effort - was working for months. Then, I had a hardware problem with that phone and was given a replacement from AT&T. After replacing it I am unable to configure the direct push any more. I wrote down all the settings and carefully reapplied them on the new phone.
What I am seeing now is when manually invoking a send/receive, ActiveSync reports the following:
------
Result:
The server you are synchronizing with is not an Exchange Server, or is running incompatible
software. Choose Configure Server on the ActiveSync menu to specify the correct server.
Support Code: 0x85030022
------
I've been on the line with the hosted exchange server folks and there's no change on their end...
I installed the certificate as suggested above - seemed like it was worth a shot. No difference.
Any ideas?
sorry for the late reply.
I'm not too sure about your pointsec fredrick, as we don't use it on our mobile devices at work, but we do use it on our computers. as far as i know, pointsec is supposedly suppose to be transparent encrypt/decrypt after you first turn on your device and enter a passcode, heck, windows mobile should operate like pointsec isn't even on the device, so it shouldn't be a cert issue, but who knows, i never liked pointsec anyway. sorry i can't be more helpful.
ubetchya,
that error message is pretty straight forward, either the OWA address is wrong or your certificate isn't installed correctly. i know this sounds lame, but if you can, borrow a friend's Windows Mobile phone and config it with activesync to verify your settings are correct. for the owa address, try adding "/exchange" without the quotes at the end, maybe their redirect isn't working correctly. so if your server address is "https://webmail.hostedexchange.com", make it look like "https://webmail.hostedexchange.com/exchange" (that should take you to directly to the exchange server without using their redirect). if you want, you can also try downloading the certificate directly from your hosted exchange guys, if they have the cert page up that is (most exchange admins leave it up, i know we do =P ) to get to the cert page, go to a desktop pc...
1. type in your webmail server address and add "/certsrv" at the end without the quotes (ie; "https://webmail.hostedguys.com/certsrv"
2. it will prompt you for a username, it should be in the following format "domain\username", so if my domain was microsoft, and my username was bill, than my username would be "microsoft\bill" without the quotes
3. enter your password.
4. click on the last link, "download a certificate, certificate chain, etc"
5. select the base 64 encoding method and than click download CA certificate.
6. save it to a memory card or bluetooth it over to your phone and install it.
hope that helps!
oh... and one more thing about your server address, it could be different than adding "/exchange" at the end, to verify, just to your webmail and see wear it redirects, when you get to your login page (if using forms based authentication), use that address, if not using forms based, (small popup window for login) just log in and than use that address.
UBetchYa said:
I have an AT&T Tilt. I had Direct Push from Exchange Server working perfectly with no effort - was working for months. Then, I had a hardware problem with that phone and was given a replacement from AT&T. After replacing it I am unable to configure the direct push any more. I wrote down all the settings and carefully reapplied them on the new phone.
What I am seeing now is when manually invoking a send/receive, ActiveSync reports the following:
------
Result:
The server you are synchronizing with is not an Exchange Server, or is running incompatible
software. Choose Configure Server on the ActiveSync menu to specify the correct server.
Support Code: 0x85030022
------
I've been on the line with the hosted exchange server folks and there's no change on their end...
I installed the certificate as suggested above - seemed like it was worth a shot. No difference.
Any ideas?
Click to expand...
Click to collapse
I got it working. The error message was pretty close to telling me that it's an invalid server "name". My hosted exchange provider uses owa3.... I was missing the all-important 3.
No matter how hard they try, programmers can't make it completely idiot proof...
All is working now beautifully. Thanks much for the suggestsions.
Tytn II
Hi there,
I'm trying to connnect my Tytn II to my work's exchange server so I can use it instead of having to use a Crackberry however I'm getting the following message in ActiveSync:
Support code # 0x85030022
The server you are synchronizing with is not an exchange sever, or is running incompatible software. Choose Configure Server on the ActiveSync menu to specify the correct server.
Can anyone help ?
Hi Smooth,
Have you tried all the steps in this thread already? make sure you have installed the correct certificate, have the correct server address and ask your administrator if activesync is enabled on the exchange server. post back with your results to the tricks in this thread and we'll see what else you can try.
hi friends,
I want to configure my Xperia with my official Microsoft Exchange server. THe problem i am facing that when i connect my Xperia to the PC and it is synchronized with my outlook it can download all the mails/contact etc...
But i wanted that if i am on move, i can still get the mails directly on the Xperia.
I tried to configure exchange server from Active Synchronization Menu --->configure server , and it give me msg its the same as your look web access server and everything okay, but when from Messaging Menu if i try to send the email or do Send/ Recieve for my outlook, i am not able to recieve/send emails.
Is there anyone else having the same problem, Help will be appreciated.
Thanks
Jade
??? what ???
idont understand your whattt?
either my question is confusing for you ?
Regards
Jade
I don't understand the question either.
When you start the ActiveSync application (on your device) and click Sync, it will either synchronize with Exchange or display an error message if it doesn't work. Assuming it doesn't sync successfully, what's the error message that is displayed?
Well when i configure it from STart--->Active Synchronization and put all the server details over there it configure my settings, and give me msg that the Exchange server is same as that of your outlook.
But when i press the send/recieve button for the outlook email , it keep on showing connecting and later say error Synchronizing.
Um...
You want to ActiveSync your phone with the PC over the Internet?
JYousuf said:
Well when i configure it from STart--->Active Synchronization and put all the server details over there it configure my settings, and give me msg that the Exchange server is same as that of your outlook.
Click to expand...
Click to collapse
Ah.. I assume you're entering your email address, username, password and domain, then ActiveSync tries to do the automatic configuration and then displays a text box to enter your server address? If so, the automatic configuration didn't work and you have to enter the server address manually (which is the same as the server address configured on your desktop Outlook (check your Outlook configuration if you're not sure) or the address of Outlook Web Access, maybe something like mail.whatever.com).
JYousuf said:
But when i press the send/recieve button for the outlook email , it keep on showing connecting and later say error Synchronizing.
Click to expand...
Click to collapse
Please try to sync using the ActiveSync application. It will display an error message, which will probably help to find the problem.
orelsi said:
Um...
You want to ActiveSync your phone with the PC over the Internet?
Click to expand...
Click to collapse
Microsoft Exchange is pretty cool
Have you checked both Mail for Outlook and WM Active Sync in your configuration? For your needs you may only activate Mail for the Server, not the PC connection. Look also for other conflicts like tasks and so on.
I think i am not able to elaborate my problem clearly. Let me do again
I am having a corporate account and that is configured on my Microsoft Outlook and i receive all my corporate mails over there.
Now as i did on my SE P990i, i have set the same corporate account which use Microsoft Exchange Server on my Mobile, and that i wanted to do on Xperia too. So that i can recieve the emails on my computer and on Xperia.
But i cannot configure it even having the right settings for exchange server. and it keep on showing connecting......... but do nothing.
Thanks
Jade
I made few change in the settings and now getting this msg
Microsoft Exchange:
Result:
The security certificate on the server is not valid. Contract your exchange server administrator to install a valid certificate on the sever.
View support code: 0x80072F0D
=====================
But the same Microsoft Exchange server works fine for me on P990i, and its not possible to contact my head office in USA just to ask them install any certificate for me ):
any other solution.
Regards
Jade
JYousuf said:
I made few change in the settings and now getting this msg
Microsoft Exchange:
Result:
The security certificate on the server is not valid. Contract your exchange server administrator to install a valid certificate on the sever.
View support code: 0x80072F0D
Click to expand...
Click to collapse
The most likely cause of this issue is that your company uses a self-signed security certificate instead of a commercial one, which is why your device doesn't trust the certificate. You have to install the certificate to your device to be able to use it:
Open your webmail (Outlook Web Access) site in Internet Explorer, using https (if IE gives you a certificate error too, just accept it)
Click the lock icon (either on the top or at the bottom, depending on your IE version) to view the security certificate
On the "Details" tab, click "Copy to File" and save it (default export settings) to your device or storage card
On your device, install the certificate by launching it through File Explorer.
(You could also disable SSL for the Exchange Server connection, but I don't recommend this at all.)
Also, you will most likely be able to use Push Mail with Exchange, so mails will be delivered to your device right after receiving them, without having to do scheduled or manual Send/Receive .
My friend,
Thanks alot for your reply, i have tried to follow step by step what you said, as also given on this link
http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/
I was able to generate the certificate and installed it on my Xperia, and can also see it in the certification list, but still getting the same error.
Regards
Jade
JYousuf said:
My friend,
Thanks alot for your reply, i have tried to follow step by step what you said, as also given on this link
http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/
I was able to generate the certificate and installed it on my Xperia, and can also see it in the certification list, but still getting the same error.
Regards
Jade
Click to expand...
Click to collapse
Hmm, did you install the root certificate or just the web server certificate (step 4 on the page you linked)? I'm not sure, it's possible you need the root certificate and not just the server certificate.
Well i followed all the step given on the link i pasted above. I installed the root certficated, but which server certificate you are talking about, though i followed all the step of that link.
Thanks
Still looking for some possible solution.......
You might want to ask your corporate admin for the exchange server.
They may changed the settings.
you need to enable push internet and configure your exchange for push internet. contact your mobile provider for that. and about the certificates you need to install it in your phone.
Good morning everybody,
i updated my Nexus One 2 days ago from 85B to 91.
Since the update my phone cannot connect to my exchange server :-(
Does anybody know something about this problem?
Thx for your answers
I have the same problem. :-(
Sent from my Nexus One using XDA App
Sorry, no problems here with FRF91 and Exchange...
best,
das_spektakel
i have the same problem.
after the update my exchange setup had gone.
resetting it backup just comes up with "unable to open connection to server"
if i untick accept all SSL certificates i get "unable to open connection to server due to security error." so it must be communicating, and ticking that accept all ssl should then mean it passes?
exchange: 2007 SP1 standard on Win2003 standard x64 sp2.
OK i think i have it.
i changed our exchange certificate on the server to a SAN certificate. (subject alternative name).
my explanation won't be the best, but it certifies the servers different DNS names. such as its internal name, external name (eg. internal.company.local, externalmail.company.com.au)
Maybe with this update it broke the 'accept all ssl' which is suppose to let it communicate if the ssl cert comes back with the rong name, or expired.
if you have access to the exchange server you are trying to setup then give this a burl.
..ok i can't post a url. so if you want to give it ago shoot me an email and ill link you up and give you a hand if need be.
let me know if this helps any of you!?
Mick
any way around this other than swapping out certificates? i don't have access to do that at my company and i doubt they'll do that just because one phone has an issue...
I recieved my new Nokia Lumina 920. I was some what disgruttled to find that i was unable to add, my companies email account using a self signed certificate. On my Android mobile using the same certificate, everything is added and works perfect.
What is so diffierent using Windows phone 8, using self signed certificate. And if there is a fix, can you let me know how to install it correctly.
The following error message appears when sync takes place
"There is a problem with the certificate for (domain name) contact your support person or your service provider. Last tried 5 minutes error code 80048888"
Exchange version : Exchange 2010
Sent from my GT-N7100 using xda app-developers app
I know this will not help but, I did this myself to setup an Exchange 2003 server with a Self signed cert, I had no problem installing it (downloaded it via a hotmail account and just touched it to open it/install it)
I have done this on 7.5 and 8.0 with no problems at all. A problem with your cert ? Is it expired ?
Make sure you reboot your phone after you install the Cert, I had that issue with 7.5, it would not see it till a reboot...
DavidinCT said:
I know this will not help but, I did this myself to setup an Exchange 2003 server with a Self signed cert, I had no problem installing it (downloaded it via a hotmail account and just touched it to open it/install it)
I have done this on 7.5 and 8.0 with no problems at all. A problem with your cert ? Is it expired ?
Make sure you reboot your phone after you install the Cert, I had that issue with 7.5, it would not see it till a reboot...
Click to expand...
Click to collapse
Hi David
Thanks for coming back to me, I have tried what you have suggested however I'm still not getting my exchange 2010 to sync with my Nokia 920. Just wondering, your CERT was it a paid version or was it a self cert. Mine is a self cert does that make a difference. Please help me.
Thanks in advance..
John
Dafluxman said:
Hi David
Thanks for coming back to me, I have tried what you have suggested however I'm still not getting my exchange 2010 to sync with my Nokia 920. Just wondering, your CERT was it a paid version or was it a self cert. Mine is a self cert does that make a difference. Please help me.
Thanks in advance..
John
Click to expand...
Click to collapse
Your phone should honor the Exchange CAS Server's certificate if you install the certificate of the CA which issued the certificate for the server.
And keep in mind that the principle name in the certificate should match the DNS name that your are using to connect to the server.
You will have to install the public key certificate of the CA issuing your self signed certificate. The certificate itself won't be enough as it can't be verified as when the phone checks up the path of trust it won't recognize the signing certificate. Hope that makes sense?
StevieBallz said:
You will have to install the public key certificate of the CA issuing your self signed certificate. The certificate itself won't be enough as it can't be verified as when the phone checks up the path of trust it won't recognize the signing certificate. Hope that makes sense?
Click to expand...
Click to collapse
Hi Guys, you have solved my problems. Excellent support keep it up. I eventually exported the public key and installed it directly into the phone now my Nokia 920 works beautifly. One more question, I did get an error 85030028 and googling this said to go into IIs, click on active sync, then select SSL and tick ignore client certs... is that the correct way to active sync.. well the main thing is the phone is syncing as normal.
Thanks again
John
Dafluxman said:
Hi David
Thanks for coming back to me, I have tried what you have suggested however I'm still not getting my exchange 2010 to sync with my Nokia 920. Just wondering, your CERT was it a paid version or was it a self cert. Mine is a self cert does that make a difference. Please help me.
Thanks in advance..
John
Click to expand...
Click to collapse
Mine was a self-signed cert, Not paid. One of the free tools from Microsoft or a 3d party... This is from my own personal exchange server.
Glad to see you got it working...
DavidinCT said:
Mine was a self-signed cert, Not paid. One of the free tools from Microsoft or a 3d party... This is from my own personal exchange server.
Glad to see you got it working...
Click to expand...
Click to collapse
Im running a Small Business Server 2011 and im using a free SSL Certificat from https://cert.startcom.org/?lang=de
Maybe this is an option for you
Dafluxman said:
One more question, I did get an error 85030028 and googling this said to go into IIs, click on active sync, then select SSL and tick ignore client certs... is that the correct way to active sync.. well the main thing is the phone is syncing as normal.
Thanks again
John
Click to expand...
Click to collapse
Haven't dealt with this myself but I guess it is possible that the phone tried to authenticate using one of the certificates you installed previously instead of using the credentials you provided but it's really just a guess. As long as SSL is still enabled the encryption should work and I see no issues with the setup.
If the setting causes ActiveSync to sync over HTTP instead of HTTPS that would be a concern so I would check if that is the case.