Treo 700wx, Exchange Server 2003, Outlook 2003, AS 4.5, Problems?

[Guest Punkrulz]

Hey guys,

I've been the unfortunate soul to have been tasked with setting up my boss' new Treo 700wx. I've been attempting to troubleshoot how we can connect his device, which is using Windows Mobile 5, and ActiveSync 4.5, to the MS Exchange Server. Unfortunately I have to resolve this ASAP.

Now one of the issues I had believed this to be was a certificate issue. Attempting to go to the webmail url to download the ticket on the device didn't work. I did a little bit of research, and discovered I had to download a certificate installer, which I was able to get a signed version of the program from Sprint. I followed all of the instructions, and when I attempt to add the certificate that way, I get the following error message:

"This certificate is not a valid root certificate. Please select a valid root certificate."

I got the certificate by going on the server, and looking at a shortcut that we had to the most recent cert, which is valid until 2009 or so. I even saw directions on exporting it properly, which I did. I don't know if I did everything right with the certificate, however I am able to access it on the device itself, and it says it's been installed... so that's a plus.

I've tried using both ip address, and FQDN while setting up the information in ActiveSync. I get the following error messages:

With SSL Selected:

"The security certificate on the server is invalid. Contact your exchange server administrator or ISP to install a valid certificate on the server.

Support code: 80072f0d"

With SSL Not Selected:

"Activesync encountered a problem on the server.

Support code: 85010014"

Also, we have an Isa Server 2004 running the show.

Can you guys please show me guides, or tell me what specifically needs to be done so that we can get this cell phone actively using Exchange? Any other forums I can look at for additional help?

[Guest jimbouk]

Is the certificate showing the proper external URl for the server? Do you get a certificate error if you use OWA on your pc?

Best way I have found is to go to outlook web access in a pc's web browser, then import the certificate by clicking on it in the browsers address bar and importing the certificate, then copy that to the mobile device.

[Guest Punkrulz]

Is the certificate showing the proper external URl for the server? Do you get a certificate error if you use OWA on your pc?

Best way I have found is to go to outlook web access in a pc's web browser, then import the certificate by clicking on it in the browsers address bar and importing the certificate, then copy that to the mobile device.

Jim,

I initially tried to do that approach, by doing it on the workstation and importing it. The only certificate error we get when trying to access it via IE is that it's not from a trusted certificate authority, since we've made our own.

If I go to the website and import it, where do I import it to on the computer, and where do I go to get it to put it onto the device?

[Guest jimbouk]

Jim,

I initially tried to do that approach, by doing it on the workstation and importing it. The only certificate error we get when trying to access it via IE is that it's not from a trusted certificate authority, since we've made our own.

If I go to the website and import it, where do I import it to on the computer, and where do I go to get it to put it onto the device?

I am not in front of pc right now but from memory, you click on the padlock in the browser address bar and can then. import it and save it to your desktop, then its as simple as copying the file onto the device and clicking it to install it.

Do a google for: installing exchange server certificate wm6

I found a site that showed me exactly how to do it the first time I had to do it for a client.

[Guest Punkrulz]

I have just attempted to do this, and again I have had no success... however I did learn a few things. First and foremost, the way the certificate is laid out, it seems to be in two parts. When looking at the details of the certificate, there is a tree... the top most catagory, is owacert, and the lower catagory is mail.deptford-nj.org. I've noted that when you install the certificate as mail.deptford-nj.org it never seems to take, but when you go up the tree to owacert, and install it as a trusted root certificate there... works just fine.

So I installed this certificate, using the sprint utility that installs published certificates, and finally that part worked fine, but we're still getting the 85010014 support code when attempting to synchronize. I took a look at the ISA Server, after getting the IP Address of the phone. I see the phone opens up the default OWA-SSL Rule, then quickly closes it. It will do this twice real quick and that's it, and the phone's not getting anything. I've even gone as far as attempting to add an allow all rule, from the phones IP address to everything internal on the server. Sometimes I still see HTTP being denied by the default connection rule... sometimes standard HTTPS is denied, when I created a rule specifically for that too.

I'm not sure what else that I'm missing.

[Guest jimbouk]

This is still a certificate error. Are you installing the .cer file on the device?

MS have a validation tool that may help.

BTW are you getting the certificate from the Internet Explorer, tools, internet options, content, certificates?

[Guest Punkrulz]

This is still a certificate error. Are you installing the .cer file on the device?

MS have a validation tool that may help.

BTW are you getting the certificate from the Internet Explorer, tools, internet options, content, certificates?

Jim,

I've attempted following the entire guide that comes with the validation tool. I got about as far as page 8 or 9 where it gets into Kerberos and Delegation, and a lot of the screens seemed different. I went through, edited the XML file with what I thought was the appropriate information, and then attempted to go about trying to get everything connected. We now get a different error message.

When attempting to synchronize, sometimes on the computer screen you'll see a message that says for me to enter the credentials on the device. You go to enter the password, and you're met back with the following error message:

"Cannot obtain a valid certificate. To try again, please disconnect and reconnect your device to a PC on the corporate network. If this problem persists, please contact your administrator.

Support code: 0x85030028"

I've even attempted to uninstall and reinstall the certificate. I get that previous error message when I install the certificate by exporting from IE, naming it certnew, and clicking on it in the device rather than use the signed certificate installer.

Any other information you need to help troubleshoot this?

Note: I also noted when attempting to access my websites webmail, I get an error message from the gateway that SSL is not installed and it can't use the request. The error:

• Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
  

Is this related, and if so how do I fix? I remember attempting to fix this before with no luck. I'm not a professional with ISA.