Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Microsoft ActiveSync Client Certificate Settings

Status
Not open for further replies.
supdude

supdude

MIS
Mar 20, 2013
4
Hey guys,

I'm running into a few snags with my Airwatch/Exchange integration. With one requirement particularly.

One thing it asks for is to Accept client certificates in Microsoft Server Active Sync settings in IIS manager. That's fine and all, but when I do that breaks normal phones connecting directly to exchange over SSL. When I change the setting back to ignore client certificates it fixes it.

According to Airwatch this setting needs to be in place in order for my client certificate coming from mobile devices enabled on Airwatch to bypass uid/password authentication and sync directly with exchange through the Airwatch server using the specified certificate.

I can see that Airwatch devices are getting that certificate, however they are prompted for uid/password authentication still when the password gets updated. I'm thinking this has something to do with the SSL settings set to required and ignore client certificates.

The rest of the settings look fine, Airwatch has access to the CA and cert, users are showing up in AW and gaining access to their emails. Kind of stuck here.

Thanks in advance
 
Sort by date Sort by votes
BTW here is what I'm working off of at the moment, it came from Airwatch. I verified 3 of the 4 are setup.

System Requirements:
1. The following tasks must be completed before proceeding with the steps outlined in this document:
 A Certificate Authority server must be setup and configured as described in the Setting Up a Microsoft CA for Use with AirWatch document. The CA must be an Enterprise CA as opposed to a Stand Alone CA (Stand Alone does not allow for the configuration and customization of templates). (check)

2. A Network Device Enrollment Service, also referred to as MSCEP server setup and configured as described in the document Configuring NDES
o NDES is only available in the Enterprise version of Microsoft Server 2008 and 2008 R2. (?)

3. Microsoft Exchange with ActiveSync enabled. (check)

4. Internet Information Services (IIS) on the EAS server must have the option “Client Certificate Mapping Authentication” installed. (check)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf
Beni Santoso
  • Locked
  • Question
pop3 account setup failed at outlook because client was not authenticated to send anonymous mail
Replies
1
Views
117
DrB0b
DrB0b
AndrewTait
  • Locked
  • Question
ActiveSync Devices OS wrong
Replies
0
Views
69
AndrewTait
AndrewTait
Zepfanman
  • Locked
  • Question
New sha256RSA certificate causing Outlook security popups
Replies
1
Views
95
ShackDaddy
ShackDaddy
canceltodebug
  • Locked
  • Question
ActiveSync not working since introducing 2010
Replies
1
Views
74
Ekster
Ekster

Part and Inventory Search

Sponsor

Back
Top