Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Thu, 3 Apr 2008 09:07:01 -0700,    group: microsoft.public.exchange.clients        back       


Is Outlook Mobile REALLY able to use client certificate?    
Is Outlook Mobile REALLY able to use client certificate when connecting to 
Exchange 2003 or 2007 server? I mean - *client* certificate. 

I used two PDAs for testing:
1 - PDA emulator with Windows Mobile 6 Professional CE OS 5.2.1235 (Build 
17740.0.2.0) 
2 - a real HTC PDA with Windows Mobile 6 Professional CE OS 5.2.1620 (Build 
18125.0.5.2)
Both Exchange servers run on Windows 2003 R2 SP2 with the latest patches. 


What I’ve found: if IIS is set to require or just to accept client 
certificates, ActiveSync on PDA fails with the message: “Please correct your 
Exchange credentials”.
Even if only the Microsoft-Server-ActiveSync virtual directory is set accept 
client certificates, ActiveSync on PDA fails with the same message (no other 
virtual directories require certificates).
PDA works just fine if IIS doesn’t require client certificate.

What’s even more frustrating: it’s an intermittent problem only!!! Sometimes 
it requires to enter the password once, sometimes 5 times – and after that 
works fine for some time. It almost always asks for the “correct” password 
after rebooting the PDA. After rebooting, it establishes an SSL session to 
the Exchange/IIS server (some 20 packet back and forth) and after that tells 
that the password was incorrect so “Please correct your Exchange Server 
credentials”. I guess if the client certificate or password would be wrong, 
it wouldn’t require 20 packets to find out about that.

Connecting to OWA (from IE mobile) on the same server with the same client 
certificate works just fine (either with: clients certificates are required 
or accepted).

I did it as in:
http://www.microsoft.com/technet/solutionaccelerators/mobile/maintain/SecModel/bd8cc6b6-0038-4e56-b1d4-b7b9af9ea6ef.mspx?mfr=true

Is it a bug or is it “by design”?
date: Thu, 3 Apr 2008 09:07:01 -0700   author:   GinGin

Re: Is Outlook Mobile REALLY able to use client certificate?    
In article ,
 GinGin  wrote:

> Is Outlook Mobile REALLY able to use client certificate when connecting to 
> Exchange 2003 or 2007 server? I mean - *client* certificate. 
> 
> I used two PDAs for testing:
> 1 - PDA emulator with Windows Mobile 6 Professional CE OS 5.2.1235 (Build 
> 17740.0.2.0) 
> 2 - a real HTC PDA with Windows Mobile 6 Professional CE OS 5.2.1620 (Build 
> 18125.0.5.2)
> Both Exchange servers run on Windows 2003 R2 SP2 with the latest patches. 
> 
> 
> What I’ve found: if IIS is set to require or just to accept client 
> certificates, ActiveSync on PDA fails with the message: “Please correct your 
> Exchange credentials”.
> Even if only the Microsoft-Server-ActiveSync virtual directory is set accept 
> client certificates, ActiveSync on PDA fails with the same message (no other 
> virtual directories require certificates).
> PDA works just fine if IIS doesn’t require client certificate.
> 
> What’s even more frustrating: it’s an intermittent problem only!!! Sometimes 
> it requires to enter the password once, sometimes 5 times – and after that 
> works fine for some time. It almost always asks for the “correct” password 
> after rebooting the PDA. After rebooting, it establishes an SSL session to 
> the Exchange/IIS server (some 20 packet back and forth) and after that tells 
> that the password was incorrect so “Please correct your Exchange Server 
> credentials”. I guess if the client certificate or password would be wrong, 
> it wouldn’t require 20 packets to find out about that.
> 
> Connecting to OWA (from IE mobile) on the same server with the same client 
> certificate works just fine (either with: clients certificates are required 
> or accepted).
> 
> I did it as in:
> http://www.microsoft.com/technet/solutionaccelerators/mobile/maintain/SecModel
> /bd8cc6b6-0038-4e56-b1d4-b7b9af9ea6ef.mspx?mfr=true

It's supposed to work on WM6. If you're having problems with 
intermittent behavior, I'd suggest that you call MS and get PSS engaged. 
They can help you find the solution, probably a lot faster than you 
could on your own. EAS is kind of hard to troubleshoot, and adding certs 
just makes it harder.

Cheers,
-Paul
date: Mon, 07 Apr 2008 11:37:15 -0400   author:   Paul Robichaux [MVP-Exchange]

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us