MarkyMayhemMemberJul 27, 2014 at 11:32 am #164048
I just got onsite to try and fix this issue, and really need some help!
sorry about the weird brackets and – instead of . in the urls, the forum software through I was posting legit URLs, and I am new LOL
The short version: SBS 2008 running AD, Exchange 2007 etc was setup/migrated from a 2003 server before I came on the scene. It used a self signed certificate.
Shortly after I came to this company they switched ISPs, and IP addresses. I reprogrammed the IP info in their Cisco ASA5500 and evreything was fine however they had to access activesync on their androids and iphones by ip. this worked fine. They just changed ISPs again. I change the IP info in the gateway, now the phones don’t sync. They get a cert. error that can’t be bypassed.
No problem, I buy a 3 year SSL for mail-mydomain-com get it installed and imported etc. Still no dice. The import process didn’t go all that smoothly either I may add.
Also – previously in outlook inhouse, my users exchange accounts were setup with SRV01 or domain.local as the server name, and had no issues. I’ve replaced the self signed cert with a commercial SSL for mail-mydomain-com. Now my users get an error in outlook asking for them to accept the cert to continue. It shows 3 check boxes, the first 2 green and the last red. The red check says: The name on the certificat is invalid or does not match the name of the site. We used to use SRV01-mydomain-local – that is how it is now setup still in the outlook configs, whereas our new SSL is mail-mydomain-com
I am reluctant to change anything there – it still works although adding the certificate only removes the error in outlook for a short time, then my users are presented with the error message again, and can continue.
Anyway back to activesync – I think these errors are all related to the new SSL –
When I run the connectivity tester from MS I get all the way through to the last bit, and get the error:
Testing HTTP Authentication Methods for URL [https]://mail-mydomain-com/Microsoft-Server-Activesync/
HTTP authentication test failed
An HTTP 500 response was returned for Unknown.HTTP Response Headers
When I go to [https]://mail-mydomain-com I get what looks like an FTP file listing with only:
10/12/2010 3:58 PM
6/13/2008 5:51 PM 28 robots.txt
7/25/2014 9:46 AM 1119 Web.configin_it
When I go to [https]://mail-mydomain-com/Microsoft-Server-Activesync/
Server Error in ‘/Microsoft-Server-ActiveSync’ Application.
Description: The application attempted to perform an operation not allowed by the security policy.
To grant this application the required permission please contact your system administrator or change
the application’s trust level in the configuration file.
Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.
An unhandled exception was generated during the execution of the current web request.
Information regarding the origin and location of the exception can be identified using
the exception stack trace below.
[SecurityException: That assembly does not allow partially trusted callers.]
I am totally lost here. Any help would be much appreciated! I think I screwed up something
in realizing the self signed SSL, and when I look in my IIS console, the tree for Active Sync
Is not listed under Default Website, but under Web Services
Thanks again, anyone and everyone!
You must be logged in to reply to this topic.