SOLVED: Exchange sync error 0x80072F0D

Search This thread

oscarsalgar

Senior Member
May 28, 2007
114
3
Bogotá
Hello,

My company uses Exchange server 2003 sp2. I've tried to sync my TyTN II several times but I always get this message: "The security certificate on the server is invalid. Contact your system administrator or ISP to install a valid certificate on the server and try again".

I'm actually able to access https://myserver.com/OMA (not http) using my nickname and password, but I don't even know what that means. I talked to the IT guys and they just sent me to a Microsoft page where it says: "This problem may occur because the device manufacturer locked the Windows Mobile 5.0-based device. This lock prevents you from installing Secure Sockets Layer (SSL) certificates correctly".

So, their only answer was: contact your manufacturer to see if the device is locked (??). (Although they also said I didn't need a SSL certificate)

¿Could anybody please help me to understand this? ¿Do I have to install a certificate? ¿Do the IT guys have to do it? I really need to solve this so any information is welcome

thanks a lot.
 
Last edited:

DeepThought

Senior Member
Jul 6, 2006
781
1
Austria, Vienna
If it is a "self-signed" certificate (and not an official one bought f.e. via verisign.com), than you have to install it on your device to make it "valid". Additionally the Hostname provided in the certificate must exactly match the hostname of your exchange-server otherwise it won't work either. HTH
 

DeepThought

Senior Member
Jul 6, 2006
781
1
Austria, Vienna
PS.: you can find out both when you access your companys exchange server via OWA (OutlookWebAccess). Once you're logged on you can examin the certificate and look if the hostname matches, if the certificate is still valid (every certificate has an expiration date) and who the "certification authority" is.
 

jon_k

Senior Member
Dec 16, 2007
132
0
You can still use OWA if the company allows you to use it unencrypted. Just uncheck use SSL during setup.

I'd be curious if anyone would know how to rip the public key from Firefox or something so it can be imported to the phone to make it work.

I have been told if you can get your exchange admin to send you the .CERT file from the IIS webserver you can run that on your phone and get it to work. However, I believe that has the public and private key pairs, which is a security risk to your entire organization if you have the private pair!
 

foobar1977

Senior Member
Jan 23, 2008
105
0
You can still use OWA if the company allows you to use it unencrypted. Just uncheck use SSL during setup.

domain credentials over unsecured channel, bad mojo man :rolleyes:

Your IS guys should have a certificate for you to install which will resolve the problemI have a root ca certificate for my company installed on my phone so I have no problem using any certificate they sign.

As already said, check the hostname matches extacly and check the expiry date of the certificate.
 

oscarsalgar

Senior Member
May 28, 2007
114
3
Bogotá
Hey Guys, thanks for all your answers!

I'm logged on the OWA server and the certificate says "Equifax Secure global eBusiness CA-1". The expiration date is 24/02/2010. Does anybody know how can I install this on my device? I checked the hostname and it matches perfectly
 

odie3

Senior Member
Sep 7, 2005
570
0
Texas
ghostdogs.net
If it is like the certificate I have to use to get my Tilt/Office Exchange to work, then you just double click on it and it should say "Installed" or something like that. After that, assuming you have everything else setup, it should work like a charm.
 

WeldingRod

Senior Member
Jun 4, 2006
53
0
Well I was able to save, and copy the certificate by going to my companies OWA site.

I copied it via memory card, and was able to install it. Upon installing it I'm not asked for an option of where to install it (root vs. intermediate, etc)

Unfortunately by default it is going to intermediate.

I hope that this will fix it once I figure out how to install it into root.

For now it has not fixed my problem, still get an error synchronizing with the server.

Edit:

Strange, I re-installed the certificate, to make sure it was from the "head" title branch (my company has an extra level to the branch so I tried both), and this time instead of soft-reset, I completely shut-down the phone.
Powering it back up, it now sync's fine, and there is a 2nd verisign cert with a different expiration installed in the root store. My poor outlook is still syncing data as it catches up for the last couple weeks!

Doh.
 
Last edited:

longst

New member
Nov 4, 2008
2
0
Stockholm
Well I was able to save, and copy the certificate by going to my companies OWA site.

I copied it via memory card, and was able to install it. Upon installing it I'm not asked for an option of where to install it (root vs. intermediate, etc)

Unfortunately by default it is going to intermediate.

I hope that this will fix it once I figure out how to install it into root.

For now it has not fixed my problem, still get an error synchronizing with the server.

Edit:

Strange, I re-installed the certificate, to make sure it was from the "head" title branch (my company has an extra level to the branch so I tried both), and this time instead of soft-reset, I completely shut-down the phone.
Powering it back up, it now sync's fine, and there is a 2nd verisign cert with a different expiration installed in the root store. My poor outlook is still syncing data as it catches up for the last couple weeks!

Doh.

I also had this problem, and the sync. still does not work... if someone has some idea
Thank you
 

sfpcservice

Senior Member
May 2, 2007
61
4
hello everyone,

I got this to work by installing the .cer certificate from the self signed website certificate AND installing a .cer from the server's self signed ROOT CERTIFICATE. The root certificate is usually located on the C: drive of the server with certificate services installed. Your IT guy should know where this is. You just copy the root cert to a file just as you would the website cert. Install both on the phone...the website cert will go to "intermediate" and the rott cert will go into the "root" store. Once I did this, no more error codes and my activesync shows "connected" instead of the last time it was synced.
 

c@ss@

New member
Apr 24, 2010
3
0
Hi

Had the same problem and it's solved thanks to this solution mentioned by oscarsalgar

It's working perfect !!!

Thank you very much
 
Last edited:

lollonais

Senior Member
Nov 15, 2008
68
0
K'uvo man, gracias puesh hermano, me salvaste la vida puesh. Triple hijueputa q me ayudo este post man. Gracias pelado!!