I have used my own generated CA from my Win 2003 server without issue and it is the same certificate as I use for OWA - my Listener just has the extra path for Microsoft Active Sync (I assume that is what you want). I imported my certs to the WMD and simply installed them (both the leaf and root). Using wildcard certs on a WMD can be tedious as you may have to hack the registry to disable verification on the WMD and that leads you open to a man-in-the-middle attack - but I have heard of many who do that. Unfortunately, I haven't been able to get the hack to work on the newer WMD5 devices, but my Cert from my win2003 server works fine. The best thing to do is to get a real certificate with the right server name and use it for both OWA and Microsoft Active Sync. Steve Comeau IT Manager Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ruba Al-Omari Sent: Wednesday, January 16, 2008 5:30 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Activesync, Hi, I have a problem with my users using direct push, they receive the error Support code 0x80072f06 which is related to my certificate. I have a wild card certificate *.dah.edu.sa from versign installed on the ISA 2006, then there is a webmail publishing rule, that takes the ssl traffic to mail.dah.edu.sa, my problem is there is a different in the name of the certificate from the ISA to the exchange, - The wild card on the ISA is working fine. - If I install the same wild card to the OWA on the exchange as recommended by verisgn then my OWA users receive the (The network logon failed. (1790)) error and my mobile users receive the 0x80072f06 error that the certificate name on the server is different from the server's name - If I issue from my own CA a certificate to the exchange server with the name mail.dah.edu.sa then the OWA works fine over ssl but my mobile users still receive the error that the certificate is not the same name (because they go to the ISA which has the wildcard but the internal exchange has the mail certificate) How can I allow the exchange to utilize the wild card certificate instead of having to issue one from the local CA, when I import the *.dah.edu.sa to the exchange it accepts it with no errors, but then the OWA is not working since it says there is a difference in teh name, what do I need to do? Thanks for any help, 0x80072f06 You have an incorrect SSL certificate common name in the Host Name field. For example, you may have entered www.server.com, when the common name on the certificate is actually www.different.com. Make sure the server name is entered correctly. The Exchange Server name in the ActiveSync settings differs from the name that is required to establish an SSL connection. Correct the Exchange Server name, and try to synchronize again. If you synchronize on a schedule, synchronization has been changed from scheduled to manual. -- Ruba Al-Omari *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ www.scarletknights.com ***