03-26-2013 03:44 AM
30 12
tools
  1. gunboatd's Avatar
    but it's not the interface or the device (Samsung Focus). I can't get exchange to work properly. From what I've gleaned from the Windows Answers forums, WP7 does not allow you to accept a certificate that does not exactly match the Issuer and the Server (my issuer is "Domain.MySite.Com" but the mail server is "Mail.MySite.Com."

    It's a real pain in the *** considering that iOS, Android, and webOS allow to you ignore the warning regarding the mismatch. I also have no interest in paying a yearly fee to a place like GoDaddy or any other signed SSL providers.

    All the help request on various WP7 forums ask for similar assistance and everyone ends their posts with "Got it! It works! Thanks for your help!", but they dont take a minute to describe what they do and MS's own tech support give long meandering answers that dont contain any clear examples of how the certs should be set up. I'm not even sure that my discovered cause is the actual cause, because MS tech support is so vague. It's incredibly frustrating.

    Has anybody encountered a similar problem and were you able to resolve it?

    thanks,

    justin
    06-24-2011 01:05 PM
  2. thed's Avatar
    I'm not sure if this applies but have you tried manually creating and installing the certificate on your phone? I'm not sure if you have the ability to do this with your setup but it might help.

    [WP7] Using an Exchange Account With a Custom Certificate
    06-24-2011 02:05 PM
  3. gunboatd's Avatar
    Thanks for the reply. your instructions on your link is something i actually did via my gmail acct. i sent myself the cert that has been successful on all the other phones (but mine) and then I set the root cert to myself.

    so my question is, without telling the world what your issuer and mail server are, does your "Issued By"/"Issued To" fields in your cert match what you have in your mail server field on your account setup? As i said, my cert is from

    Domain.MySite.com

    But my mail server is located at

    Mail.MySite.com

    And that discrepancy is what seems to cause the problems. And i haven't found anybody who can confirm whether they are using certs with that discrepancy. Are you?

    Thanks

    Justin


    I'm not sure if this applies but have you tried manually creating and installing the certificate on your phone? I'm not sure if you have the ability to do this with your setup but it might help.

    [WP7] Using an Exchange Account With a Custom Certificate
    06-24-2011 02:15 PM
  4. gunboatd's Avatar
    as another side note, i followed the directions, via the link via your link about going to IIS on the server and exporting the entire chain.

    i exported the entire chain, including the key and emailed it to myself. when i went to download it from outlook on the phone, it requested the server password, which i input. then i restarted the Focus, but it didn't fix the error (80072F06)
    06-24-2011 02:38 PM
  5. UpTownDC's Avatar
    Where did you get your Cert? Some Cert's can have sub domains...if you had that type of Cert if would work for you. Example mydomain.com with a sub domain of mail.mydomain.com Send me a PM I might be able to help you out.
    06-24-2011 02:40 PM
  6. enahs555's Avatar
    I would keep the device, and have your email forward to a gmail account and use gmail to access it on your phone. That way you also have a buffer between your real email account; so in the event of a lost or stolen phone, you have at most only compromised a disposable gmail account and the emails already downloaded to the phone.


    I mean, I have a throw away gmail account in between my real gmail account on my phone, let alone work emails and such. So if I lose my phone or if it is stolen, nobody has my real email address or account information or access!
    06-24-2011 02:44 PM
  7. gunboatd's Avatar
    I would keep the device, and have your email forward to a gmail account and use gmail to access it on your phone. That way you also have a buffer between your real email account; so in the event of a lost or stolen phone, you have at most only compromised a disposable gmail account and the emails already downloaded to the phone.


    I mean, I have a throw away gmail account in between my real gmail account on my phone, let alone work emails and such. So if I lose my phone or if it is stolen, nobody has my real email address or account information or access!
    no way. contacts and tasks and notes and calendars are all on my work account. there is no way i'd move to google.
    06-24-2011 02:50 PM
  8. thed's Avatar
    .Domain.MySite.com



    But my mail server is located at



    Mail.MySite.com



    And that discrepancy is what seems to cause the problems. And i haven't found anybody who can confirm whether they are using certs with that discrepancy. Are you?



    Thanks



    Justin
    I think i understand what you mean now, but unfortunately I haven't had a setup like this. You'll have to ask someone with more experience :[

    Sent from my HTC Trophy using Board Express
    06-24-2011 02:53 PM
  9. gunboatd's Avatar
    Where did you get your Cert? Some Cert's can have sub domains...if you had that type of Cert if would work for you. Example mydomain.com with a sub domain of mail.mydomain.com Send me a PM I might be able to help you out.
    i dont know about subdomains. i was checking out all the CNs in the details and mail.mysite.com is not among them. just a few minutes ago, i walked over to the server and exported the full cert including key and server password via IIS in the Admin Tools menu. so i have direct access to the server and i discussed it with our off-site IT guy and he said there is probably nothing i can do.

    do *you* run outlook exchange on your phone? did you encounter the same problem? How did you solve it? does your cert have subdomains? where would i find them?
    06-24-2011 02:54 PM
  10. gunboatd's Avatar
    I think i understand what you mean now, but unfortunately I haven't had a setup like this. You'll have to ask someone with more experience :[

    Sent from my HTC Trophy using Board Express
    thanks for your help!
    06-24-2011 02:55 PM
  11. UpTownDC's Avatar
    Since this is your work e-mail server....until they purchase and install the correct type of Certs that supports your setup then the Echange ActiveSync isn't going to work. Since the Exchange server name is different from the "server name" in the Cert...it will fail every time you attempt to pull mail from the Exchange box
    06-24-2011 02:56 PM
  12. UpTownDC's Avatar
    Yes I run Outlook from my phone and yes I did have the same problem before. But there is a way around this. What version of Exchange server is your Company using? If they don't wish to fork out money for a new Cert...then if your Company is running Exchange 2003 with latest service pack or higher....just have then enable and configure imap4 or pop3 on the exchange server. As long as your credentials are correct you will be able to receive your exchange e-mail on your WP7. That's how we have ours setup at this time.
    Jazmac and VernonEL like this.
    06-24-2011 03:05 PM
  13. gunboatd's Avatar
    Yes I run Outlook from my phone and yes I did have the same problem before. But there is a way around this. What version of Exchange server is your Company using? If they don't wish to fork out money for a new Cert...then if your Company is running Exchange 2003 with latest service pack or higher....just have then enable and configure imap4 or pop3 on the exchange server. As long as your credentials are correct you will be able to receive your exchange e-mail on your WP7. That's how we have ours setup at this time.
    youre running via imap/pop? i'd just as soon move to an android or ios device then, considering you can't sync contacts or tasks or calendars via imap. i'm well within the 30-day Buyer's Remorse clause. now i just need to decide which android (blech!) device to get.

    it's too bad, because i really like WP7 and the Samsung is a pretty device.
    Last edited by gunboatd; 06-24-2011 at 03:16 PM. Reason: mispelling
    06-24-2011 03:15 PM
  14. UpTownDC's Avatar
    Then have your Company purchase the correct Cert. for domain setup. It's not the WP7 that's the issue....it's your current Exchange setup and your Company Cert that's the issue.
    06-24-2011 03:21 PM
  15. UpTownDC's Avatar
    Your looking at about $199/yr for the single domain with unlimited sub domains(Wildcards) if you go thru GoDaddy....look around you might be able to find one cheaper. That's the type of Cert that you would need to to fix your current setup as is.. Good luck.
    06-24-2011 03:25 PM
  16. gunboatd's Avatar
    Your looking at about $199/yr for the single domain with unlimited sub domains(Wildcards) if you go thru GoDaddy....look around you might be able to find one cheaper. That's the type of Cert that you would need to to fix your current setup as is.. Good luck.
    well, that's enough to make it more worthwhile to get another OS. i understand that our cert might be a little funky, but i find it frustrating that webOS, iOS, and android phones are all using the same cert, but they are able to connect.

    i've looked into godaddy, which is pretty cheap, but i think we can generate a new certificate again and that might solve the problem.
    06-24-2011 07:18 PM
  17. Jay Bennett's Avatar
    Yeah Microsoft don't allow any communications (outside of the browser) with self-signed SSL, bit of a pain when you want to develop apps using HTTPS but I can understand the logic behind it.

    It doesn't make sense for Exchange though, is an e-mail SSL connection going to cause that much damage to the phone?
    06-25-2011 08:46 AM
  18. UpTownDC's Avatar
    If your using a "regular cert"...the $49/yr kind....unless you change the main cert to mail.mycompany.com it still wont work for you. You will need to purchase a cert that allows "wildcards" for it to work correctly. That's what I ended up having to do for my company to get the fully functionality of Outlook2010 and Exchange.
    06-25-2011 10:06 AM
  19. gunboatd's Avatar
    GOT IT!

    It was a combination of things that i had tried before, but not in the same sequence.

    First, as TheD showed me in the link he posted, I used the IIS services on the server to export the entire cert and emailed it to myself (i included the key and everything, although i dont know it that was necessary; it means youre required to enter the server password when you download the cert from your mail).

    Then, i re-entered the acct info and i tried using the server address (including the domain), instead of the mail address and it worked right away. This was something i had tried before, but never before loading the full cert.

    So it's human error, as most things are. and the WP Central Forum was more helpful than Microsoft's Answers site. Can't say i'm surprised.
    Jazmac and VernonEL like this.
    06-27-2011 09:12 AM
  20. gibbyhome's Avatar
    gunboatd,
    glad you got this working and you will now stay with all of us at WP7
    I hope mango is more kind to your issues.
    06-27-2011 11:01 AM
  21. gunboatd's Avatar
    oh yeah, i'm staying here. i'll never use android and i'm tired of apple hardware. i love webos, but it's stagnant. since MS is bringing japanese input and twitter integration to WP7 in the fall, i have no reason to head off anywhere else.
    Vallos and TheDvlsAdvc8 like this.
    06-27-2011 12:21 PM
  22. VernonEL's Avatar
    GOT IT!

    It was a combination of things that i had tried before, but not in the same sequence.

    First, as TheD showed me in the link he posted, I used the IIS services on the server to export the entire cert and emailed it to myself (i included the key and everything, although i dont know it that was necessary; it means youre required to enter the server password when you download the cert from your mail).

    Then, i re-entered the acct info and i tried using the server address (including the domain), instead of the mail address and it worked right away. This was something i had tried before, but never before loading the full cert.

    So it's human error, as most things are. and the WP Central Forum was more helpful than Microsoft's Answers site. Can't say i'm surprised.
    Glad to see your persistance reap the benefits! Enjoy your Focus!
    06-30-2011 04:01 AM
  23. bear_lx's Avatar
    SUCCESS!!! whew...
    06-30-2011 08:27 AM
  24. Jazmac's Avatar
    gunboatd, you had me following this thread like an episode of Criminal Minds. I'm glad to hear you got it worked out man. I love the flow in this forum too. Something about the WP7 ecosystem is just amazing.
    VernonEL likes this.
    07-01-2011 10:39 AM
  25. gunboatd's Avatar
    i know this issue was resolved but i thought i'd amend it as there have been some major discoveries.

    my mail server is:
    mail.mycompany.com

    Up until now i had my cert that said
    domain.mycompany.com

    this meant that i was able to get emails on my phone only if i were at my company and connected to the network via the LAN. and when i said i had solved my problem, i really hadnt because when i left the office Wifi, I lost the ability to get my emails. bummer. and this went on for about 3 months.

    however i was talking to our off-site technical help and he said that it wouldnt be difficult for me to make a new cert with a different issuer and it wouldnt hamper any of the non-wp7 users or the other Remote Desktop Users.

    It's easy to do in the Internet and Email section of Server Admin (i'm running SBS2003). After you create the new cert, you go to ISS in your SBS and export the new cert. However, I've found that rather than export the .cer file, I export both the mail.mycompany.com.cer (DER encoded binary) and the mail.mycompany.com.pfx file. when you export the .pfx file you have to make sure to check the box that exports the entire cert chain. i don't know if it's necessary to do both, but everyone has said you always want the complete cert chain and the .pfx file is the only way to do that.

    So i got my new cert that is issued by mail.mycompany.com and BINGO i got a flood of emails in. and when i went home, i still got emails. it's productivity heaven! no more firing up Remote Desktop just to do some emails.

    so that was my solution. it was helped by the fact that i have direct access to my server and no IT guys looking over my shoulder. this may already be common knowledge, but i'll share the experience just in case.

    j
    09-20-2011 08:24 AM
30 12
LINK TO POST COPIED TO CLIPBOARD