Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


28 posts

Geek

Trusted

Topic # 14746 18-Jul-2007 15:59
Send private message

Hi All

This is a really frustrating problem I've been trying to solve for a over a month...

We have a Treo 750v - it used to sync over the air but since we renewed our webmail SSL cert it hasn't. (I'm not sure if this was a coincidence.) The new cert was from a different root authority which wasn't on the Treo so I got Comodo to reissue the certificate but it still didn't work. They reissued the cert three times with different root authorities and I eventually bought a new SLL from Thawte. Still doesn't work - so I guess it's not the cert. Hmmph

Details are:

  • Exchange 2003 (Ver 6.5 Build 7638.2; Service Pack 2; RPC-HTTP back-end)
  • Treo 750v - Vodafone NZ
  • SSL Cert: Thawte SSL123 for webmail.our-domain.co.nz
  • ActiveSync 4.5
  • Outlook 2003

Procedure I took for installing the SSL cert:

  • On the Exchange server in IIS I requested a new SSL cert for the default website
  • I installed the SSL cert in ISS when it arrived from the supplier
  • I exported the cert to a DER file called thawte.cer
  • I copied the thawte.cer file onto the Treo and opened the file using file manager and installed the cert

I tried  ActiveSync but got the 0x85010014 error.

Last week we bought another Treo 750v and it has the same problem.

Maybe the SSL cert is not the problem but don't know what else has changed...

Grateful for any help - this is so frustrating!

Thanks heaps

Tim
Wellington, New Zealand


Create new topic
I iz your trusted friend
5809 posts

Uber Geek
+1 received by user: 140

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 78655 18-Jul-2007 16:16
Send private message

I had such an issue with getting SSL working on my Jasjam and Exchange 2003, when previously it was working fine... Nothing changed and for a sudden it didn't work. So in the end if found out that by setting Exchange Activesync over the air without the use of HTTPS or SSL, it works just as fine. I am not too stressed if not using SSL on my JasJam to get EAS working, however your requirement may be different.

Just thought to share my experience and to say, EAS works without SSL even if the Exchange server is configured to accept HTTPS.




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 




28 posts

Geek

Trusted

  Reply # 78668 18-Jul-2007 16:57
Send private message

Hi Chiefie

Thanks for your quick reply. I'd rather solve the problem than bypass SSL. I did try unticking the SSL box in Server Connection on the Treo but all it did then was timeout with a message "Waiting for Server".

BTW, OWA works fine for external users and over the air on the Treo.

Cheers

Tim

BDFL - Memuneh
61522 posts

Uber Geek
+1 received by user: 12242

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 78669 18-Jul-2007 16:59
Send private message


28 posts

Geek

Trusted

  Reply # 78679 18-Jul-2007 17:35
Send private message

Hi Mauricio

Do I have to add the Root Certificate for the Certificate Authority manually to the phone?

The SSL cert is issued by Thawte and I thought that the Treo already had a Thawte Root Certificate preinstalled on it.

Start / Settings / System / Certificates / Root

Thawte Server CA (top of list) - my SSL cert issued to webmail.our-domain.co.nz by Thawte Server CA

Thawte Server CA (6th on list) - issued to Thawte Server CA by (Self Issued) << this was preinstalled

Do I have to add something else from Thawte?

Cheers

Tim

BDFL - Memuneh
61522 posts

Uber Geek
+1 received by user: 12242

Administrator
Trusted
Geekzone
Lifetime subscriber



28 posts

Geek

Trusted

  Reply # 78691 18-Jul-2007 18:20
Send private message

Hmm... that's the problem - it should be good to go!

If only it was an SBS server... I would feel a lot better with the wealth of SBS guides and forums!

In this case it's a dedicated Exchange 2003 server - Outlook Web Access works a treat and up until a month ago EAS was working on the Treo. Something must have changed... my first thought was an incompatible SSL cert - i.e. no Root Authority on the Treo but now I've installed the Thawte cert it shouldn't be a problem.

Can I diagnose much from the server or Treo logs?

I bet it all comes down to a renegade tick-box somewhere on the Exchange server!!

Cheers

Tim

BDFL - Memuneh
61522 posts

Uber Geek
+1 received by user: 12242

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 78692 18-Jul-2007 18:24
Send private message

Have you read the link? There's a solution there, and IIRC is related to forms authentication.

Yes, you can log on the Treo - open ActiveSync , tap Options and on your Exchange Server tap Settings. Go to Advanced option and change the logging option to Verbose. You will find the log file in the root folder on your Pocket PC.







28 posts

Geek

Trusted

  Reply # 79290 23-Jul-2007 15:50
Send private message

Might be onto something...

OMA isn't working. If I go to https://webmail.our-domain.co.nz/oma I get a page not found error. (but /exchange works OK)

So now I need to find an Exchange/IIS guide so I can check the integrity and config of our IIS structure...

Any thoughts?

Cheers

Tim



28 posts

Geek

Trusted

Reply # 79422 24-Jul-2007 12:00
Send private message

Sorted!

OMA still doesn't work... which I don't mind but am curious as to why it doesn't...

However, EAS is now working!

I followed the steps in a MSExchange.org article: Configuring Exchange 2003 HTTP Remote Access

This involves changing the original Exchange HTTP configuration to only handle SLL. Then you add a new HTTP virtual server and configure that for Integrated Windows Authentication only.

Maybe I didn't have to implement this - maybe there was a simple misconfiguration with the existing setup. Anyway, it's now working.

It didn't fix the OMA issue but as we don't really use it that's not a problem.

Thanks for your help. Any comments welcome!

Cheers

Tim

BDFL - Memuneh
61522 posts

Uber Geek
+1 received by user: 12242

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 79423 24-Jul-2007 12:08
Send private message

Interesting - and good to know.

It's interesting because Exchange on its default configuration works with EAS (Exchange ActiveSync) out of the box... So obviously something else changed its configuration - but sorted now.

Good luck with your syncing!







1 post

Wannabe Geek


  Reply # 81805 9-Aug-2007 20:39
Send private message

Are you publishing The Exchange server thru ISA? If that is tha case then the certificate is also loaded on the ISA server. This is then also the place where you have to install the new certificate.

If not then ignore what i just said.

_PvK

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.