Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ActiveSync - Can't Get Certificates
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ActiveSync - Can't Get Certificates - 14.Aug.2008 4:44:54 PM
|
|
|
PCC
Posts: 185
Joined: 13.Nov.2001
From: Michigan
Status: offline
|
This is not really an ISA Server issue. But I have not been able to find an answer anywhere else so I thought I would try here.
I have an Enterprise CA setup that is handing out all my certificates for everything. Workstations, users, published web sites, etc.
I want to request certificates from my CA through ActiveSync for my smartphones. When I click on the "Get Certificates" option I can see my certificates in Active Directory. However when I click on the Enroll button and then click Continue on the smartphone it says "certificate enrollment could not be completed....".
I can get a certificate fine through the web enrollment but this does not work.
Any suggestions?
|
|
|
|
|
RE: ActiveSync - Can't Get Certificates - 15.Aug.2008 9:22:13 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pete (?),
What kind of certificate do you need? A CA cert or a client cert?
What are you using the certificates for in this scenario?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: ActiveSync - Can't Get Certificates - 15.Aug.2008 9:32:58 AM
|
|
|
PCC
Posts: 185
Joined: 13.Nov.2001
From: Michigan
Status: offline
|
Hi Tom,
I'm having some odd problems with VPN using PPTP. The VPN will connect fine but if I try to browse a server it says that I am not authorized. I read somewhere on Microsofts technet website that using client certificates and L2TP for VPN gets rid of this problem. So I want to load a client certificate for VPN authentication.
I manually loaded a CA certificate and a certificate for my OWA website for use with Exchnange ActiveSync but those certificates aren't helping with the VPN problem.
Thanks,
Pete
|
|
|
|
|
RE: ActiveSync - Can't Get Certificates - 16.Aug.2008 9:22:49 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pete,
L2TP/IPsec won't fix the problem. In order to not be prompted, you need to log on via dial-up networking, or make the ISA firewall a domain member.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: ActiveSync - Can't Get Certificates - 18.Aug.2008 8:33:25 AM
|
|
|
PCC
Posts: 185
Joined: 13.Nov.2001
From: Michigan
Status: offline
|
Tom,
The ISA server is a domain member. And I have the VPN setup using the dial-up setting and PPTP. There is no prompt when the VPN connects because the users credentials are entered in the VPN settings and the VPN connection itself connects fine. But when I connect to a server with the File Explorer to browse files I am prompted for user credentials again, which I don't really mind because you can save the user credentials the first time you connect. The problem is that when I get the prompt when connecting to the server I enter the user credentials and it tells me "Access Denied". So I have a VPN connection but I can't do anything with it.
This page ( http://blogs.msdn.com/windowsmobile/archive/2007/02/07/certificate-improvements-in-windows-mobile-6.aspx ) suggests that loading certificates might make this problem go away. I figured the easiest way for a user to get the certificates would be through the ActiveSync application.
Pete
|
|
|
|
|
RE: ActiveSync - Can't Get Certificates - 18.Aug.2008 9:03:36 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pete,
Ah! You're talking about VPN connection from Windows Mobile clients? In that case, I'm not sure how it works, never tried doing that.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: ActiveSync - Can't Get Certificates - 18.Aug.2008 9:37:04 AM
|
|
|
PCC
Posts: 185
Joined: 13.Nov.2001
From: Michigan
Status: offline
|
Tom,
LOL.... Well get crackin' because I can't figure it out!
Just kidding of course. But if you do happen to find anything out about this please let me know.
Thanks,
Pete
|
|
|
|
|
RE: ActiveSync - Can't Get Certificates - 19.Aug.2008 8:23:51 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pete,
You bet! If the client has an option to "log on via dial-up networking" you might try that. It works with other versions of Windows.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
