At AIS, many of the development staff have become addicted to the Android based phone and their easy to configure and use MS Exchange active sync integration. So when Verizon performed an OTA push of 2.2 (FROYO FRG01B) and all upgraded phones suddenly stopped synced with our Exchange server, moribund panic ensued.
The issue had to be fixed…. and fast! (lives were at stake here)
AIS is running
- Microsoft Exchange 2007 (All patches current)
- A client access server on the edge network (again, all patches current)
- SSL certificate from a trusted authority
All in all, a plain vanilla Exchange setup.
Tools of the trade
If you have never used Microsoft’s Exchange Remote Connectivity Tool, you really need to spend some time and check it out! This tool is a massive timesaver.
Firing up the Exchange Connectivity test website, we selected and performed the Exchange ActiveSync test.
And what do you know, an error appeared
Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren’t using this type of authentication.
A quick check of our autodiscover site showed the SSL setting are set to ignore
The Root Cause
After some research into the settings for all of the virtual directories installed as part of MS Exchange, we discovered the virtual directory Microsoft-Server-ActiveSync was set to “Accept”. It appears Microsoft’s default install of the ActiveSync end point defaults to “Accept”. With the new FRG01B build, the Android Exchange implementation does not play nicely with Client Certificates. Nice!
Set the Microsoft-Server-ActiveSync virtual directory’s SSL settings to “Ignore” client certificates via the following steps:
- Open Internet Information Services (IIS) Manager
- Open the website which contains the Microsoft-Server-ActiveSync virtual directory
This is usually located in the Default Web Site
- Click on the Microsoft-Server-ActiveSync virtual directory
- In the center action panel, double click on SSL Setting icon
- Click the “Ignore” Client Certificates radio button
- Restart IIS
- Reset your Mail profile on your handset.