Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WIN8 Phone OWA to exchange 2007 - cert issue

Status
Not open for further replies.

davejam

Technical User
Jan 6, 2004
313
GB
Hi All,

I have been trying to setup windows phone 7.5 (now 7.8) on our exchange for ages but with no success, the guy who originally setup the exchange server / firewall got it working for iphone but neglected to put the time into getting it working for WP.

For a couple of years i have just managed all of my email access through explorer on owa which has suited me but not been ideal (to busy to waste weeks on it).

NEW PROBLEM.... the boss has just got a new htc win8 phone and wants access to email on the phone (not through explorer!!!!)

I have followed instructions that i read posted on a help forum

"Hum... Ok, let's try this, cause I can connect via my OWA URL just fine.

1.Settings>email + accounts>Add an account
2.Choose "advanced setup"
3.Input your email address and password and tap next
4.Choose "Exchange ActiveSync"
5.Email address, Password and User Name fields should already be filled. Change user name if needed.
6.Input the Domain name in the "Domain" field. Tap the ? if you need more explanation on how to find this.
7.Input your OWA URL WITHOUT HTTPS in the Server field. Just "server.mydomain.com", not "
8.Underneath the Server field is a checkbox that says "Server requires encrypted (SSL) connection". Check this if you need HTTPS. Uncheck it if you don't use HTTP.
9.Tap "sign in"

After this, you may get an error code relating to a certificate, which indicates a sucessful connection, but you need to install the certificate from your server at work. Before we do that, let's see if these instructions work for you."

Unfortunately this was a post from 2009 so not sure if that thread was even still active!!

So now i am back to square 1 ...ish.

I have been trying to connect through various ways with various usernames / passwords and got errors at every attempt.

I followed the above instructions and took a step forward...

I first tried without ssl and get the error

"We're having a problem synchronising your information. The server may require you to select an encrypted (SSL) connection in this account's settings.
Last tried about a minute ago
Error code: 85002027"

I have followed this post and got it as far as the certificate that was mentioned in the post.

"Not updated
You'll need a personal certificate to connect to myserver.mydomain.co.uk
Last tried 2 minutes ago
Error code: 85030027"

obviously myserver.mydomain.co.uk is actually myserver and mydomain!!! :)

I have previously tried to export a certificate and send to phone when i was originally setting up my wp7.5 but never had a success with it.

Our email address is for a domain hosted on an external server, this then formards the email to our exchange server internally (which is the server details i am trying to enter)

The server is win2008 standard (64 bit) running exchange server 2007, this is using a locally created certificate (CA?).

If getting an official ssl certificate will fix the issue I am happy to put this to the boss, can you suggest a company to use as I have read previously that godaddy was not a cert that was automatically accepted, this was when i was looking into my phone access previously, which would not have waranted me spending company money to fix access.

If i can get by with personal cert innitially then i would like to know what best to do to get this going.

Cheers in advance.

David Yaf


daveJam

easy come, easy go!!!
 
Is your organization running a CA (Certificate Authority) (aka Active Directory Certificate Services)? If so, you should be able to get a CA-signed certificate installed in IIS for OWA. Then all you would need to do was import the CA certificate (not the OWA certificate) from the issuer to the phone.
 
thanks for responding juxvp,

We are currently running a CA cert, its never really caused us an issue apart from this.

I am not 100% on the dynamics of exchange but I have looked into the cert and I have added IIS through the power shell.
If i list my certs under my live cert i have services IMAP, POP, IIS, SMTP. Status is Valid.

I am assuming I have managed to setup the iis to a working system as i can get to my emails through /OWA. but I am not sure on how to import the CA cert from the issuer to the phone.

I have gone into Console and picked certificates, think i found my certificate under Personal / certificates and exported, emailed to phone and installed, but this does not affect the error message.

If you could enlighten me on what I could try to get this sorted it would be greatly appreciated.

Cheers

daveJam

easy come, easy go!!!
 
This assumes that it is indeed a certificate problem and not some strangeness with the phone. Have you used the ExRCA tool ( to test for other issues?

Did you export your CA certificate (Usually it is DOMAIN-NAME CA as the Issued To)? This is the certificate you need to install, as it will tell the device that it is a trusted authority for certificate-secured connections. This will make the mobile device implicitly trust any certificates issued and signed by that certificate authority. Depending on your server's operating system the details may change, but for Server 2008:

[ol 1]
[li]On the Certificate Authority, open MMC. Start->Run...->mmc <ENTER>[/li]
[li]Click on File->Add/Remove Snap-in...[/li]
[li]Select Certificates on the left and Click Add >[/li]
[li]Select Computer account and click Next[/li]
[li]Select Local computer and click Finish[/li]
[li]Click OK[/li]
[li]Under Personal\Certificates, right-click the CA certificate->All Tasks->Export...[/li]
[li]Go through the Certificate Export Wizard. Be sure and export the certificate in DER format[/li]
[li]Send it to the phone via a different account (or through ActiveSync desktop connection) and install the certificate[/li]
[/ol]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top