Prevent SSL-related synchronization errors on emulated mobile devices

Note: If you don't have basic network connectivity between the Windows Mobile device emulator and the Exchange Client Access server (CAS), these troubleshooting techniques won't work.

Trust between Exchange CAS and the emulated Windows Mobile device

If you're using a commercial certificate authority (CA), such as VeriSign, Thawte, Go Daddy, etc., your emulated Windows Mobile device should be able to trust your Exchange Client Access server. However, an administrator may try to save a few bucks by creating an enterprise CA and using it to supply the SSL certificate for the CAS. Although this technique works, the emulated mobile device will not automatically trust the certificate. This will cause the synchronization process to fail.

First, you must configure the Windows Mobile device to trust your enterprise certificate authority, which is easier than it sounds. When you create an enterprise CA, Windows automatically creates a special website that is hosted by that server. You can use this website to request a copy of the server's certificate, which will cause the emulated mobile device to trust the certificate authority and all servers bearing a certificate from that certificate authority.

To access the certificate authority:

1. Open Internet Explorer (IE) on the emulated mobile device, and navigate to https://yourserver/certsrv. For example, my enterprise certificate authority is named Mirage, so I entered https://mirage/certsrv. Using HTTPS is important, because a standard HTTP connection won't work.
2. After connecting to the certificate authority's website, you will be prompted to enter a set of authentication credentials. Then, scroll to the bottom of the next page (see Figure A).

Figure A. Choose the option to download a CA certificate.

3. Click the Download a CA certificate, certificate chain or CRL link.
4. Next, choose the option to download the CA certificate in Base 64 format (see Figure B).

Figure B. Download the CA certificate in Base 64 format.

5. When prompted, select Open file after download.
6. Click Yes to download the certificate. When the download completes, the certificate will be installed automatically. Depending on how your network is configured, you may also need to download the Base 64 version of the CA certificate chain.

Performing the following steps ensures that the emulated mobile device trusts your enterprise CA:

1. Navigate to Start -> Settings.
2. From the System tab, open the Certificates applet.
3. Next, go to the Root tab, and scroll to the bottom of the list of certificates. You should see your certificate authority at the bottom of the list (Figure C).

Figure C. Your certificate authority should appear at the bottom of the certificate list on the Root tab.

Exchange ActiveSync settings

Now that you've downloaded the necessary certificate, synchronization should work. If it doesn't, there are two additional settings you can check. To do so, open Exchange ActiveSync and go to Menu -> Configure Server (Figure D).

Figure D. The Exchange ActiveSync settings must be correct in order for synchronization to work.

The first thing you should notice in Figure D is the server name. If you aren't using SSL encryption, then Exchange ActiveSync is easy to configure. You can use a NetBIOS name, a fully qualified domain name (FQDN) or an IP address. When you use SSL, however, the name that you specify here must match the name that is specified in the Exchange server's SSL certificate.

Note: I've entered Mirage in the Server Address field. Mirage is a lab server that is hosting the client access server role; it's also acting as an enterprise certificate authority. You would never have a configuration like this in a real-world scenario. The name you specify here should be the name of your CAS, not the name of your enterprise certificate authority.

Try entering the Client Access server's fully qualified domain name first. If that doesn't work, then use its NetBIOS name as I have done in the Figure D.

You'll also want to make sure that the This Server Requires an Encrypted (SSL) Connection check box is selected. If you don't select this check box, synchronization will fail -- even if all of the settings are correct.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Server (IIS) and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Devices Troubleshooting Apple iPhone and Exchange Server integration issues Extracting Exchange ActiveSync data from IIS log files Sharing a user's Outlook calendar with a public folder calendar OWA Light vs. Exchange ActiveSync on Windows Mobile devices Connecting an Apple iPhone to Exchange Server on Windows SBS 2003 Why can't I send Exchange email from a BlackBerry 7100i mobile device? Troubleshoot Windows Mobile device emulator synchronization errors Configure Microsoft SharePoint mobile access via Exchange Server 2007 Synchronizing the Windows Mobile emulator with Exchange Server 2007 Configure a mobile device to receive POP3 email from Exchange Server Microsoft Exchange Server Sync and Replication Issues Troubleshooting Apple iPhone and Exchange Server integration issues Exchange Server 2007 replication and database transaction basics Troubleshoot Windows Mobile device emulator synchronization errors Share and sync calendar data between two Exchange Server sites Troubleshoot Outlook 2007 error 0X8004010F on Exchange Server 2007 Synchronizing the Windows Mobile emulator with Exchange Server 2007 Synchronizing Apple iPhone email with Microsoft Exchange Server Exchange Server 2007 hardware planning for continuous replication Tutorial: SAN storage for Microsoft Exchange Server Exchange Server 2007 high availability strategies and SANs Microsoft Exchange Server Sync and Replication Issues Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary