Jason Lee

We have been working to get our Exchange 2003 SP2 server to provide content to our mobile devices but we haven’t been able to get it to work with SSL enabled.  After about an hour on the phone with Microsoft we found that one simple check box was breaking everything. 

Since we have only one server functioning as our Front and Back-end Exchange servers we had already applied the SSL & FBA work around by creating a new virtual directory in IIS on the Exchange server.  For more information about this see Microsoft KB article 817379.  But the over the air sync didn’t work unless we connected over port 80 and didn’t use port 443.  So needless to say, rolling out Windows Mobile sync wasn’t ok without SSL…

So we first checked our SSL certificates, the wild-card certificate is supported under Windows Mobile 6.  The catch was to import the root, intermediate and wild-card certificates not just our public certificate. But this didn’t solve the problems so a call to MS.

So here are our case notes from calling Microsoft Support:

Resolution

=======

1. We found that KB 817379 had been followed and created a new virtual directory called ExMobile in IIS
2. On the ExMobile virtual directory we found that Require SSL option checked.
3. Since Microsoft-Server-Active-Sync virtual directory communicates with the ExMobile directory on TCP port 80 only by design, so forcing SSL on the ExMobile virtual directory will break the communication and therefore ActiveSync does not work
4. We therefore disabled the Require SSL option on the ExMobile virtual directory
5. Found that on the ExMobile virtual directory it was configured to “Accept client certificates”
6. So we changed that to the default setting “Ignore Client Certificates”.
7. Ran IISRESET command
8. Now we tried to sync the mobile device and found that it was able to successfully synchronize with the Exchange Server wirelessly without any issues.

So maybe someone can learn from our heart burn…

Church IT, Hardware