David Saunders 
United States
Member since
4/10/2007
Registered Users
Posts: 44
 |
| 8/30/2008 12:37 AM |
|
I'm pretty sure the phone we bought has an issue with the certificate on our server. SBS 2003, Exchange server 2003 SP2. I'll start with the first question.
Can I make a certificate on our server that will not show an error when logging into OWA using IE?
It has always had an error since it was setup for us. I have been in charge of the server for a few years now and fumbling my way around. I assumed since a professional IT co set it up, it was supposed to be that way. The original certificate expired and I tried my best to make a new one, and obviously failed back a few years ago when I tried to redo it.
|
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 02:19 AM |
|
Yikes no replies. Well here is a bit more of the scenario. I am not 100% sure of the settings that need to be on the phone. for server address I input: https://mail.xxx-xxxxxxxxx.com/exchange, A note for the entry says: This is the OWA server address. So I put in what we use to access email outside the company. For Domain I put mail.xxx-xxxxxxxxx.com, I'm not sure exactly what this should be honestly. I used the same settings for incoming SMTP mail server and outgoing mail server.I checked the box for Outgoing server requires authentication. I checked the two boxes for SSL Required for incoming and outgoing email. For network connection you have either internet or work. I chose internet. I didn't know what work was? When I went back to check the settings, the initial setting for server address was just mail.xxx-xxxxxxxxx.com. It dropped the https portion and the exchange portion. Tried to connect and got error 0x80072f17. Did some research and alot of posts were dealing with the certificate. Since I know I tried to update/install the certificate when it expired I'm pretty sure I didn't do it right. Or I need one for mobile access or something. I checked in Exchange and the boxes are checked for enabling mobile access. So I'm at a loss on what to do to get the phone to download e-mail from our Exchange server.
Any help out there? |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 02:22 AM |
|
I also forgot to mention, what should I use: POP3 or IMAP4? I'm pretty sure POP3 isn't enabled on the server. But I did "try" to setup the IMAP4 a year or so ago and I did check and the service is running.
Also on my home pc, I went thru the steps of loading the certificate into the trusted authority folder and I still get the cert error on access? |
|
|
|
|
|
Stan Guinn
Texas, USA
Member since
12/29/2005
Platinum Membership
Posts: 1917
|
| 8/30/2008 06:11 AM |
|
>Domain I put mail.xxx-xxxxxxxxx.com<
I don't think this is right. I think is wants you internal domain name.
>0x80072f17. Did some research and alot of posts were dealing with the certificate<
Go into IE and export your certificate to a .cer file. Plug your phone into your computer. Copy the cert to your phone and tap on it. It should install the cert.
>I also forgot to mention, what should I use: POP3 or IMAP4?<
If the Blackjack II is a WM6 device you don't need either of these.
>network connection you have either internet or work.<
??????????? Isn't the Blackjack a smartphone? Are you using somthing like AT&T wireless? If so you should be using the wireless company's data package.
>settings for incoming SMTP mail server and outgoing mail server<
You shouldn't have these choices if you are using WM6 activesync device. |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 02:55 PM |
|
[quote]I think is wants you internal domain name[/quote]
Is there a way I can look this up on the server?
I did copy the cert to the phone, actually several of them. I installed them all.
Is there a possibility that the cisco firewall is blocking ports? That was also setup originally. I was told to never try to open ports as its all command line and extremely difficult unless you know what you're doing. |
|
|
|
|
|
Stan Guinn
Texas, USA
Member since
12/29/2005
Platinum Membership
Posts: 1917
|
| 8/30/2008 03:30 PM |
|
If you can access your email through OWA then your phone should be able to get through the firewall.
Look at teh Computer Name tab of the Server System. It is the word next to the server's name.
You also need to run CEICW and enable Mobile Access.
|
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 03:47 PM |
|
[quote]Look at teh Computer Name tab of the Server System. It is the word next to the server's name. [/quote]
I went to my computer RMB select properties
Computer Name Tab
Domain : xxx.local
Is that what I use? Seems to simple.
Also on CEICW, Is there going to be things I won't know how to answer before I try ti run it? |
|
|
|
|
|
Stan Guinn
Texas, USA
Member since
12/29/2005
Platinum Membership
Posts: 1917
|
| 8/30/2008 04:03 PM |
|
> xxx <
Is what you want without the .local
Yes, there maybe things in there you don't know the answers to. Just ignore them. Look for the screen with a bunch of selections you can put checkmarks by. Items like Outlook Web Access, Remote Web Workplace, etc... Be sure there is a checkmark in Outlook Mobile Access.
While you are in there, watch for the screen about Web Certificates. You do not want to create a new one. But you do want to make a note of the name of the certificate on that screen. Be sure that is the certificate you transfered to your phone. |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 04:16 PM |
|
| Where do I run CEICW? I'm looking everywhere???? |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 04:19 PM |
|
| I checked those boxes from within System Manager - Global Settings - Mobile Services - properties, On the General tab all boxes are checked. Do I still need to run CEICW? |
|
|
|
|
|
Stan Guinn
Texas, USA
Member since
12/29/2005
Platinum Membership
Posts: 1917
|
| 8/30/2008 04:19 PM |
|
| Start>Server Mamagement>Internet and Email>repair Internet and Email Settings |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 04:32 PM |
|
| I checked those boxes from within System Manager - Global Settings - Mobile Services - properties, On the General tab all boxes are checked. Do I still need to run CEICW? |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 05:11 PM |
|
I ran the CEICW. As instructed. It did change the login page of OWA slightly.
for server address I input: https://mail.xxx-xxxxxxxxx.com/exchange, A note for the entry says: This is the OWA server address. So I put in what we use to access email outside the company.When I went back to check the settings, the initial setting for server address was just mail.xxx-xxxxxxxxx.com. It dropped the https portion and the exchange portion.
It is not connecting. Is it because its dropping the https:// on the server address and the /exchange? |
|
|
|
|
|
Stan Guinn
Texas, USA
Member since
12/29/2005
Platinum Membership
Posts: 1917
|
| 8/30/2008 05:12 PM |
|
| I would look at the settings in CEICW just to be sure. It The script does more then set those checkboxes in System Manager. If you get to that point in CEICW and the check mark is by OWA then you can just cancel out of it. |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 06:22 PM |
|
| I ran the CEICW. It went smooth and finished just fine. I checked locally that the OWA was still functioning. The screen changed a little bit. You now have to login with domain/username and it also added preminum or plain and public or private terminal. I logged in fine and email was accesible. yeay me. So I remoted to my local desktop to be sure internet was also still working, and it was. Just a double check. I called the salesman and had him delete all the email accounts I tried. I walked thru the Outlook setup with him and set the server address to https:// yadda yadda/exchange. Checked the box for SSL and set the domain for xxx minus the .local. rest was a breeze. Still a sync error. So he called me back a few minutes later saying that he tried active sync and there was a message saying the certificate was wrong. I had him locally login to OWA and download the certificate to his loal pc using the DER setting. He left the USB cable at the shop. So he went to retrieve that. So when he gets back, I was going to have him download the *.cer file to his My Documents on the phone and dbl click the file to install the certificate. Hopefully this will end the saga. |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 06:30 PM |
|
| The one thing that still bugs me is that the phone drops the https:// and the /exchange portion of the server address. I hope that doesn't become an issue. |
|
|
|
|
|
Stan Guinn
Texas, USA
Member since
12/29/2005
Platinum Membership
Posts: 1917
|
| 8/30/2008 06:33 PM |
|
| Don't forget to unplug the phone from the computer before you try to sync. It won't sync via ActiveSync if it is plugged into the computer. |
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 06:44 PM |
|
Yes. Unplugged from the pc, tried to sync and it said the certificate was invalid. Even after we copied and pasted the OWA certificate and installed to the phone. Now I'm at a loss. It now tried to connect it seems, so I'm closer I think. Now I'm thinking it has to do with the certificate. Your thoughts?
|
|
|
|
|
|
Stan Guinn
Texas, USA
Member since
12/29/2005
Platinum Membership
Posts: 1917
|
| 8/30/2008 07:48 PM |
|
When you go to OWA in IE do you get a certificate error? If so chose to View the certificate. Are the issued to and issued by exactly the same?
In IE, when you go to Content>Certificates>Trusted Root Store, are there more than one cert listed with your FQDN. If so, select the one with the expiration date the farthest in the future.
|
|
|
|
|
|
David Saunders
United States
Member since
4/10/2007
Registered Users
Posts: 44
|
| 8/30/2008 08:04 PM |
|
Yes there is a certificate error. Invalid cetificate. Yes same name.
There aren't any, even though I know I have selected the root when installing the cert from OWA locally.
How do I determine my company/sever FQDN? |
|
|
|
|
|