• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ActiveSync - Can't Get Certificates

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> ActiveSync - Can't Get Certificates Page: [1]
Login
Message << Older Topic   Newer Topic >>
ActiveSync - Can't Get Certificates - 14.Aug.2008 4:44:54 PM   
PCC

 

Posts: 199
Joined: 13.Nov.2001
From: Michigan
Status: offline
This is not really an ISA Server issue.  But I have not been able to find an answer anywhere else so I thought I would try here.

I have an Enterprise CA setup that is handing out all my certificates for everything.  Workstations, users, published web sites, etc.

I want to request certificates from my CA through ActiveSync for my smartphones.  When I click on the "Get Certificates" option I can see my certificates in Active Directory.  However when I click on the Enroll button and then click Continue on the smartphone it says "certificate enrollment could not be completed....".

I can get a certificate fine through the web enrollment but this does not work.

Any suggestions?
Post #: 1
RE: ActiveSync - Can't Get Certificates - 15.Aug.2008 9:22:13 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete (?),

What kind of certificate do you need? A CA cert or a client cert?

What are you using the certificates for in this scenario?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PCC)
Post #: 2
RE: ActiveSync - Can't Get Certificates - 15.Aug.2008 9:32:58 AM   
PCC

 

Posts: 199
Joined: 13.Nov.2001
From: Michigan
Status: offline
Hi Tom,

I'm having some odd problems with VPN using PPTP.  The VPN will connect fine but if I try to browse a server it says that I am not authorized.  I read somewhere on Microsofts technet website that using client certificates and L2TP for VPN gets rid of this problem.  So I want to load a client certificate for VPN authentication.

I manually loaded a CA certificate and a certificate for my OWA website for use with Exchnange ActiveSync but those certificates aren't helping with the VPN problem.

Thanks,
Pete

(in reply to tshinder)
Post #: 3
RE: ActiveSync - Can't Get Certificates - 16.Aug.2008 9:22:49 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

L2TP/IPsec won't fix the problem. In order to not be prompted, you need to log on via dial-up networking, or make the ISA firewall a domain member.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PCC)
Post #: 4
RE: ActiveSync - Can't Get Certificates - 18.Aug.2008 8:33:25 AM   
PCC

 

Posts: 199
Joined: 13.Nov.2001
From: Michigan
Status: offline
Tom,

The ISA server is a domain member.  And I have the VPN setup using the dial-up setting and PPTP.  There is no prompt when the VPN connects because the users credentials are entered in the VPN settings and the VPN connection itself connects fine.  But when I connect to a server with the File Explorer to browse files I am prompted for user credentials again, which I don't really mind because you can save the user credentials the first time you connect.  The problem is that when I get the prompt when connecting to the server I enter the user credentials and it tells me "Access Denied".  So I have a VPN connection but I can't do anything with it.

This page ( http://blogs.msdn.com/windowsmobile/archive/2007/02/07/certificate-improvements-in-windows-mobile-6.aspx ) suggests that loading certificates might make this problem go away.  I figured the easiest way for a user to get the certificates would be through the ActiveSync application.

Pete




(in reply to tshinder)
Post #: 5
RE: ActiveSync - Can't Get Certificates - 18.Aug.2008 9:03:36 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

Ah! You're talking about VPN connection from Windows Mobile clients? In that case, I'm not sure how it works, never tried doing that.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PCC)
Post #: 6
RE: ActiveSync - Can't Get Certificates - 18.Aug.2008 9:37:04 AM   
PCC

 

Posts: 199
Joined: 13.Nov.2001
From: Michigan
Status: offline
Tom,

LOL....  Well get crackin' because I can't figure it out!

Just kidding of course.  But if you do happen to find anything out about this please let me know.

Thanks,
Pete

(in reply to tshinder)
Post #: 7
RE: ActiveSync - Can't Get Certificates - 19.Aug.2008 8:23:51 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

You bet! If the client has an option to "log on via dial-up networking" you might try that. It works with other versions of Windows.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PCC)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> ActiveSync - Can't Get Certificates Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts