OWA, OMA, SSL and Windows Mobile 5Windows Mobile Exchange Syncing – SSL & Forms Based issues
Error Codes this fixes: 0×85010014 and support Code:80072f0d
Basically there’s a lot of little gotchas with Windows Mobile 5 (and maybe earlier), and you need to seriously jump through hoops to get the thing happy. I wanted forms based authentication and I had to keep SSL enabled for OWA (Outlook Web Access). Unfortunately these two things break OMA (Outlook Mobile Access). What a freaking nightmare of stupid error codes. Either way – this is the really dirty (yet incredibly stable) guide to setting up OMA and getting push email to your mobile device. This setup works for both Windows Mobile 5 for PPC and Smartphone editions.
It’s pretty simple once you get it all figured out!! READ ON …
To avoid the SSL certificate is not correct/does not match the server issue (Support code: 80072f0d)- The certicate needs to match the FQDN of the server and you need to import the certificate onto your PPC. You can do this by exporting the trusted certificate out of the certificates mmc snapin on the server, then copying that export to your ppc.
To avoid the Support Code: 85010014 (general error code) problem you need to enable a new oma virtual directory on IIS and make a registry change on the server… this fixes the issue with SSL/Forms based authentication.
Here’s the microsft article on the SSL/Forms Based problem – Note this does not help your errors if you experience them from Outlook, this is if you are trying to sync a PPC to an Exchange server… the desktop outlook 85010014 error is something completely different.
Here’s the steps I took.
1. I created my Exchange server sync in ActiveSync … failure as expected.
2. Disabled SSL & forms based authentication on exchange — sucess as expectd
3. I Re-enabled SSL & forms based authentication on OWA
4. Exported the certificate for my server – (Start – Run – MMC – add certificates for the Computer/Server – find your certificate – export WITHOUT the private key and save as a .cer file (DER format).
5. Copy that file to your PPC, open file explorer on the PPC and import.
6. Soft Reset the PPC (Not required)
7. Go back to the exchange server and follow these steps (copied from link above)
NOTE: Modify the registry at your own risk!
This should be used only in an environment that has no Exchange Server 2003 front-end server. The registry changes should be made only on the server on which the mailboxes are located.
Create a secondary virtual directory for Exchange that does not require SSL, and then add a registry value to point to the new virtual directory. You must use Internet Information Services (IIS) Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these instructions:
NOTE: These steps affect both Outlook Mobile Access connections and Exchange ActiveSync connections. After you follow these steps, both Outlook Mobile Access and Exchange ActiveSync connections use the new virtual directory that you create.
1. Start Internet Information Services (IIS) Manager.2. Locate the Exchange virtual directory. The default location is the following:
Web SitesDefault Web SiteExchange
3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7. Under Select a configuration to import , click Exchange, and then click OK. A dialog box will appear that states that the "virtual directory already exists."
8. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10. Click the Directory Security tab.
11. Under Authentication and access control, click Edit.
12. Make sure that only the following authentication methods are enabled, and then click OK: • Integrated Windows authentication
• Basic authentication
13. Under IP address and domain name restrictions, click Edit.
14. Click Denied access, click Add, click Single computer, type the IP address of the server that you are configuring, and then click OK.
15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16. Click OK, and then close the IIS Manager.
17. Click Start, click Run, type regedit, and then click OK.
18. Locate the following registry subkey:
19. Right-click Parameters, click to New, and then click String Value.
20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.
NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21. In the Value data box, type the name of the new virtual directory that you created in step 8 preceded by a forward slash (/). For example, type /exchange-oma. Click OK.
22. Quit Registry Editor.
23. Restart the IIS Admin service. To do this, follow these steps:a. Click Start, click Run, type services.msc, and then click OK.
b. In the list of services, right-click IIS Admin service, and then click Restart.
Note: If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
You should now be able to sync to your device. In order for push email to work, the only other option you need to select is under Schedule. Select the options for "As Items Arrive".
Note: I still have the checkbox for "my server requires SSL" selected on my Smartphone. OWA also still uses forms based authentication and automatically requires a user to logon again after a period of inactivity. The mobile user does not experience this…
I’ve been running this setup for about a year – and not has a single problem with it.