[isalist] Re: Activesync,
- From: "Steven Comeau" <scomeau@xxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 16 Jan 2008 18:19:48 -0500
I have used my own generated CA from my Win 2003 server without issue
and it is the same certificate as I use for OWA - my Listener just has
the extra path for Microsoft Active Sync (I assume that is what you
want). I imported my certs to the WMD and simply installed them (both
the leaf and root). Using wildcard certs on a WMD can be tedious as you
may have to hack the registry to disable verification on the WMD and
that leads you open to a man-in-the-middle attack - but I have heard of
many who do that. Unfortunately, I haven't been able to get the hack to
work on the newer WMD5 devices, but my Cert from my win2003 server works
fine.
The best thing to do is to get a real certificate with the right server
name and use it for both OWA and Microsoft Active Sync.
Steve Comeau
IT Manager
Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ 08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Ruba Al-Omari
Sent: Wednesday, January 16, 2008 5:30 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Activesync,
Hi,
I have a problem with my users using direct push, they receive the error
Support code 0x80072f06 which is related to my certificate.
I have a wild card certificate *.dah.edu.sa from versign installed on
the ISA 2006, then there is a webmail publishing rule, that takes the
ssl traffic to mail.dah.edu.sa, my problem is there is a different in
the name of the certificate from the ISA to the exchange,
- The wild card on the ISA is working fine.
- If I install the same wild card to the OWA on the exchange as
recommended by verisgn then my OWA users receive the (The network logon
failed. (1790)) error and my mobile users receive the 0x80072f06 error
that the certificate name on the server is different from the server's
name
- If I issue from my own CA a certificate to the exchange server with
the name mail.dah.edu.sa then the OWA works fine over ssl but my mobile
users still receive the error that the certificate is not the same name
(because they go to the ISA which has the wildcard but the internal
exchange has the mail certificate)
How can I allow the exchange to utilize the wild card certificate
instead of having to issue one from the local CA, when I import the
*.dah.edu.sa to the exchange it accepts it with no errors, but then the
OWA is not working since it says there is a difference in teh name, what
do I need to do?
Thanks for any help,
0x80072f06
You have an incorrect SSL certificate common name in the Host
Name field. For example, you may have entered www.server.com, when the
common name on the certificate is actually www.different.com. Make sure
the server name is entered correctly.
The Exchange Server name in the ActiveSync settings differs from the
name that is required to establish an SSL connection. Correct the
Exchange Server name, and try to synchronize again. If you synchronize
on a schedule, synchronization has been changed from scheduled to
manual.
--
Ruba Al-Omari
*** This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification is
required please request a hard-copy version. Rutgers University - DIA, 83
Rockafeller Road, Piscataway, NJ www.scarletknights.com ***
Other related posts:
