Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Activesync

Status
Not open for further replies.
billybunter

billybunter

Technical User
Oct 7, 2004
79
GB
Can any one help

I have 2007 up and running fine with OWA. When I try to get an XDA connected so that I can recieve push email I get the error message "Your account in microsoft exchange server does not have permission to sychronize with your current settings, contact your exchange server admin"

The support code is 0x85010004

In exchange I hav'nt changed any settings as active sync is set on as default I thought.

Any ideas would be great thanks
 
Sort by date Sort by votes
Verify that in your Exchange Features for your mailbox.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
In my exchange features it is sey to enabled I have tried it with and with out a policy but it still comes up with the same error?
 
Upvote 0 Downvote
Gidday Billybunter,

First you must have a purchased SSL certificate for this to work correctly. As XDA's and Exchange 2007 will only sync via SSL unlike exchange 2003 you could just use HTTP. I used SSL247, but you could use godaddy.com or verasign if ya got loads of cash.

Next you will need to setup and Exchange Activesync Mailbox Policy within you Organization config. The wizard is really easy.

Then you hace to give clients access rights via the recipeint config -> client name properties -> mailbox features -> activesync status / properties

Best of luck - remember the key is the SSL cert which you will also need for OWA to work correctly.


Clopster



 
Upvote 0 Downvote
Thanks Clopster
I thought this was the case because I unchecked the requires ssl in IIS and it works fine. SSl certs arn't a strong point of mine I have been reading up a bit and its seems that if I want all the aspect of ex 2007 to work I need to purchase a Unified Communications Certificate ? What I dont understand is the process of getting the correct cert, My mail server in our internal network for example is called mailexchange.test.lan the domain name that I get to owa from the outside world is mail.test.net, what name do I buy the cert for or do I need to put both names in the application?

Many thanks

 
Upvote 0 Downvote
Also does anyone know of a smartphone that will work with activesync and the certificate that exchange 2007 creates its self as I may not be able to get cash for a third party cert but have an upgrade due on my phone?
 
Upvote 0 Downvote
Nearly everything wants a trusted certificate, including EAS and Outlook Anywhere.

Depending on your SSL strategy, SSL certs are $20.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
Gidday Billybunter,

Yup had the same problem with the dot local domain and a A record for webmail.domainname.co.uk. The answer is you need certificate for the FQDN so for example webmail.yourdomainname.net

Have a shop around and don't be shy to call the certificate suppliers on the phone to discuss your needs. Also ask if the SSL cert works with windows mobile type phones as some do not. Cost - well I paid £340 for my clients site for a 5 year SSL cert.

Cheaper certs tend to take longer and you have to do more work with no support to get them working.

So who can remember when Mocrosoft said use dot local doamins - its the way forward!!


Clopster
 
Upvote 0 Downvote
Cheaper certs don't take more with no support. A GoDaddy cert can be requested, purchased, and installed in under a half hour.

Nearly all will work with WM devices if they are a trusted cert. Some require that you install an intermediate cert on the server as well (it takes 5 minutes).

However - there are some deep caveats towards certs in 2007. You have to research the whole Autodiscover issue. If you want external Autodiscover, you're best to go with a Subject Alternative Name certificate. And those are considerably more expensive, and a tad more complex to request, purchase, import, and activate.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
Many thanks for all your help
could I buy a cheap cert just for activesync and use the one that the exchange created for everythning else? If so is it easy to do?
 
Upvote 0 Downvote
Not without creating a totally separate web site in IIS just for ActiveSync. Only one cert per website.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AndrewTait
  • Locked
  • Question
ActiveSync Devices OS wrong
Replies
0
Views
97
AndrewTait
AndrewTait
canceltodebug
  • Locked
  • Question
ActiveSync not working since introducing 2010
Replies
1
Views
94
Ekster
Ekster
intel233
  • Locked
  • Question
ActiveSync Policy
Replies
1
Views
96
ShackDaddy
ShackDaddy
supdude
  • Locked
  • Question
Microsoft ActiveSync Client Certificate Settings
Replies
1
Views
94
supdude
supdude
RCFitzhugh
  • Locked
  • Question
Activesync photo attachment size restriction?
Replies
0
Views
68
RCFitzhugh
RCFitzhugh

Part and Inventory Search

Sponsor

Back
Top