We have a few Windows Mobile 5.0 devices appearing and need to get them hooked up to our Exchange 2003 system. We have the infrastructure already in place as we use Outlook Web Access and Outlook Mobile Accesss. We have our front-end servers load balanced and port 443 mapped through from the outside world.
Like its predecessor Windows Mobile 2003, WM 5.0 lacks a wide selection of trusted root certificates installed by default. If you’re using a non-maintream or self-issued certificate you’ll need to do a little extra configuration to get ActiveSync working over the air. With WM 2003 there was a tool to disable certificate checking but it’s not compatible with WM 5.0. Instead follow these instructions:
In Internet Explorer go to your Outlook Web Access site and ensure your certificate is installed. To check the name of it you can double click on the padlock icon in the bottom right of the browser.
Now in the Internet Options in IE go to the Content tab and click the Certificates button.
Now go to the Trusted Root Certificate Authorities and find your certificate.
Select the certificate and click on the Export button. Follow the wizard and select ‘DER Encoded Binary x.509′ when prompted.
Choose a suitable file name and finish the wizard.
You’ll now need to copy the exported certificate to your PocketPC device either via a memory card or by USB. Once it’s on your PPC simply tap it with the stylus and follow the prompts to install it.
With the certificate successfully installed you should be able to synchronise over the air.
This entry was posted
on Thursday, November 10th, 2005 at 1:13 pm and is filed under Exchange, Windows Mobile 5.0.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
November 29th, 2005 at 6:18 pm
nice, it seems that this worked and i was able to apply my certificate correctly to the device, however active sync over usb still doesn’t seem to want to happen (haven’t tried wap access yet).
it seems that my problem might still be that i don’t have an exchange server “trusted” certificate. could this be? everything that i have read about my problems thus far seem to point to this being the issue.
thank you.
d
November 30th, 2005 at 8:04 am
What errors do you get when you try ActiveSync over USB? Does syncing over the air work correctly? Have you tried upgrading to ActiveSync 4.1 as it fixed a bunch of ‘quirks’ with the version that shipped with the WM 5.0 devices. You can get it here: http://www.microsoft.com/windowsmobile/downloads/activesync41.mspx.
January 2nd, 2006 at 3:34 am
If you’re using Active Sinc 4.1 all you need to to is follow the help “Connect to a network or the Internet through ActiveSync”
Use ActiveSync to “pass through” this computer. That means the connected device can use the computer’s network connection as if it were its own. You can use this feature to perform tasks such as downloading non-Outlook e-mail messages, to connect directly with Exchange Server, or to browse the Internet.
Important Note For additional security, disable network bridging on the PC (specifically, bridging to a Remote NDIS adapter) before connecting to the PC to pass though to the Internet or a network. For more information on network bridging, see Windows Help on the PC.
Click Connection Settings.
Select Open ActiveSync when my device connects.
In the This computer is connected to list, select a connection to which this computer should connected when passing through ActiveSync.
January 17th, 2006 at 9:01 pm
Hi!
I coul install the cert without problems but the active sync tells me that the certifcate is invalid. Code 0×80072F0D. Any ideas?
Phil
January 31st, 2006 at 6:08 am
Hi Phil,
I am facing the same, I could install the cert without problems but the active sync tells me that the certifcate is invalid. Code 0×80072F0D. Any ideas?
February 15th, 2006 at 10:07 pm
We have the same issue here… even tried installing an intermediary cert (Starfield) from the exchange box in addition to the “regular” cert, but still getting 0×80072F0Dx. Haven’t tried a sync over the air, but USB still gives us this same issue
March 7th, 2006 at 9:12 am
It’s what it says… it’s not valid. It has to be trusted for it to work.
March 10th, 2006 at 10:54 pm
Worked perfectly Thanks !!!
March 19th, 2006 at 10:54 am
I have the same problem. We don’t have the possibility to use Autorized CA, anyone have some idea?
April 5th, 2006 at 2:33 am
Did you export the cert in base64 format? All other formats are not
supported on the Pocket PC or Smartphone.
May 8th, 2006 at 7:28 pm
Worked great. But if you’re using Windows Mobile 5.0, don’t export in base64 format - be sure to use “DER Encoded Binary x.509″ as suggested above.
May 8th, 2006 at 10:41 pm
Aha! For those using Starfield (GoDaddy) issued certs, you must install the ValiCert root certificate. To download the ValiCert root follow the first 3 steps above to get to your installed certificates. Next view the certificate for your OWA server. Click the Issuer Statement button. You should be taken to a page with all sorts of ValiCert info and options. Near the bottom of the page is a CER file in DER format. Download and copy to your WM device. Install the cert by double-tapping in File Explorer or equivalent. That’s it!
This worked perfectly for me and I can now securely sync via ActiveSync over USB or OTA.
May 13th, 2006 at 12:52 am
Hi, I get an error message when i try to install the certificate on my PPC: “Security permission was insufficient to update your device”
May 13th, 2006 at 1:59 am
I am having the same problem as above. I exported the cert and installed it on my treo700 and I still get the 80072F0D certificate error. I’ve tried everything I can find and nothing seems to work.
I am connecting via USB on my laptop.
Any other suggestions…
Thanks
May 25th, 2006 at 1:18 pm
Finally got my Orange M600 to do the active synch dance. Mucho thanks to all!
Had to get the root certificate (in DER format) exported from my Domain controller not just the one that is displayed by Iexplorer when browsing the OWA pages. After I got both certs installed onto the phone, I could browse to OWA on the phone without any cert prompt and active sync works beautifully!!
April 4th, 2007 at 8:39 pm
Did the steps above, but still not working. How important is it to have both certificates (from the browser and from the server installed on your device. We all sync OTA, not via USB, but all get the same notification.
Supplier does not come with answers. Please help!!
April 20th, 2007 at 9:28 pm
I’m also having the same issue. What is the “domain” cert mentioned above?
June 8th, 2007 at 8:21 pm
one thing to note with Starfield certificates - you’ll need to export 3 cer files: the site, the intermediate and the root
1. follow the above directions to get your site cert.
2. click the “Certification Path” tab and select the intermediate certificate - in the tree structure, it’s the one just above your site (i.e. the parent). use the above directions to export the cer file
3. still in the “Certification Path” tab, select the root certificate - in the tree structure it’s the next one up (i.e. the grandparent). use the above directions to export the cer file.
Windows mobile 5 and above may already have the root certificate from Starfield… so really the trick is to get the site cert AND the intermediate cert.
June 13th, 2007 at 12:32 pm
If people still have trouble with the 80072F0D error try this.
On the server, goto DOS prompt: locate C:\program files\IIS Resources\SelfSSL\
Run the following command (selfssl.exe /? shows help) : selfssl.exe /k:1024 /v:1825 /s:1 /p:443 /n:CN=mail.domain.com
1825 days is valid for 5 years!
Then export the cert. from the IIS MMC, standard website, properties, directory security, show cert., tab details, copy to file, next, no, choose DER (.cer file). Copy the file to PDA and doubleclick in explorer(on PDA) so it will be imported.
All should work again.
September 5th, 2007 at 12:59 pm
Thank you, it works fine with SBS2003/Exchange and HTC/TYTN WM5 (5.1.465).
December 14th, 2007 at 11:23 am
Thanks alot !
In 546879652 words Microsoft are not able to explain this.
June 16th, 2008 at 6:44 am
worked perfectly on HTC Touch Cruise, WM6