As we go through the current SBS v7 migration we have hit a few different issues.
This SBS is using a GoDaddy certificate where everything is seemingly set up correctly, but ActiveSync does not agree.
The security certificate on the server is not valid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server.Support code: 0x80072F0D
So far, we have ran through and verified that the GoDaddy certificate and Intermediate Certificate Authority certificates are installed correctly.
We set up a test e-mail account to help with our troubleshooting using the Microsoft Exchange Remote Connectivity Analyzer.
This is the result:
When we drill into the Test Details section to come up with the reason we see:
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed.
Missing intermediate certificate in Certificate Chain. Subject = SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US, See KB 927465 for more details.
The process that we went through to make sure that SBS v7 had its certificate hierarchy in place was the following:
- Open the Certificates.msc that is found on the desktop.
- Right click on the Intermediate Certificate Authorities root folder and Import.
- Import the gd_cross_ntermediate.crt _first_
- Import the gd_intermediate.crt _second_
- Verify that the needed GoDaddy certificate is properly keyed.
- Delete any GoDaddy certificates that are not needed.
Once we cleaned things up our ActiveSync connection test was successful:
Note that we are using a test user account that was created just for this task. Once we have all of our troubleshooting issues taken care of we will delete this account.
The KB referenced in the above failed test results:
- MS KB: 927465 Error message when you try to synchronize a Windows Mobile-based device by using Exchange ActiveSync for Exchange 2003 or for Exchange 2007 or for Exchange 2010: "Synchronization failed"
Note that if ISA/TMG is running in front of the SBS network that the OS ISA runs on top of must also have the intermediate certificates installed according to the above instructions.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book