We've been unable to get three different smart phones, with three different
carriers (Verizon, TMobile, Cingular), to connect directly to our SBS2003.

Our previous stumbling block was related to the certificate. The most
recent technician from HTC (whom Cingular sent us to), was somehow able to
create a certificate (he just asked me for our server's address), and email
it to me. I installed it on the device (a Cingular 8125). Now when we try
to connect, it prompts for the user's password. I fill it in, it returns
two seconds later with the same prompt.

SBS 2003, Exchange service pack 2.
User is member of Mobile Users, VPN Users, Remote Web Workplace Users
Sonicwall firewall
OWA works fine, even on the smart phone.

I've tried it with SSL checked and unchecked on the phone.

The phone is also having another problem. We bought it back in April,
couldn't get direct connection to server to work, so have been using Xpress
Mail, which is a third-party app running on the user's workstation, manually
pushing mail to the device. This stopped working a few weeks ago. A few
rounds with tech support later, in which Xpress Mail was reinstalled, and it
worked once yesterday. Since then, it gives a network connection timeout
error, which has stumpted tech support and caused them to open a ticket
number. Who knows if this is related to the unsatisfied authentication
prompt we get when attemting activesync to exchange server.

We're ready to move to Blackberrys, and I'm considering trying to get BES
running on SBS, reading the posts on that. But we wouldn't go down that
road if we could get activesync to actually sync.

Any help/thoughts/comments will be thoroughly appreciated!!!

Matthew

In news:uQBYPcaQHHA.3412@TK2MSFTNGP05.phx.gbl,
Matthew <mappleNOSPAMPLEASE@inch.com> typed:
You have to use SSL for Activesync, and if you 'rolled your own' SSL cert
it's always more of a pain (although quite doable in most situations). If
you're positive you've got the cert exported & imported properly (and I
suggest you try that again) it would sure be a lot cheaper to buy a 'real'
certificate than to invest in BES and BBs... and for myself I wouldn't want
to run BES on SBS directly, much as I like BES.

Re the 8125, the native messaging & Activesync stuff should work - get rid
of the third party software as you do not need it.

Check out Step 4 in here:
http://www.microsoft.com/technet/pro...loy/winm5.mspx

For some devices, you will need the spaddcert utility -
http://support.microsoft.com/?id=841060

If you're going to buy an SSL cert, I would probably go with Geotrust -
cheaper than Verisign or Thawte, but far more likely to work on all devices
than the el-cheapo ones such as Godaddy.

Thank you for your advice.

I had assumed that since we were at the password stage, and since we can use
OWA without being prompted, the certificate we have was doing its job. I
will keep trying to "roll my own" on Monday, and post back the results.

Thanks again!!!

Matthew


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.aty ahoo.com> wrote in message
news:Ok80ZtiQHHA.2252@TK2MSFTNGP02.phx.gbl...

I cannot get the SPADDCERT utility to work. On both the Cingular and the
TMobile phones, the phone says "This is not a valid certificate file.
Please select a valid file."

I will try to contact Cingular again to see if they can help with this.

Thanks,

Matthew

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.aty ahoo.com> wrote in message
news:Ok80ZtiQHHA.2252@TK2MSFTNGP02.phx.gbl...

A few more hours with a few more support technicians later, and we're no
closer.

They walked me through the following:

I opened a browser, went to our OWA site.
Installed our server's certificate on the workstation.
Exported the certificate though Internet Explorer to the desktop.
Copied the certificate to the mobile device.
Installed the certificate on the device. Install said it was successful.
Deleted the server from the device. Re-added it.
Still getting prompted for the user's password.
Installed the certificate again on the device, using SPADDCERT.
Same result.

This is on a Cingular phone. I took this knowledge to another user's phone
here, a TMobile phone. Followed the same steps above, came to the same
result.

I know it's not supposed to work like this, but neither I nor many tech
supprt people have been able to get it to work. Since both phones give the
same result, I'm suspicious that something is amiss with our server setup.

I also found out that Blackberry Enterprise Server Express, free with the
purchase of a new Blackberry, can be installed on the same box as SBS, with
up to 15 clients. I think I'm going to try that today.

Thanks,

Matthew


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.aty ahoo.com> wrote in message
news:Ok80ZtiQHHA.2252@TK2MSFTNGP02.phx.gbl...

Countless tech support people, hours and hours on this, I was about to give
up.

Then I figured I'd try fiddle with one thing. When you're configuring the
login credentials on the device, you have to supply the domain. I figured
it was our domain, sa-intl.org. All the tech people we spoke with figured
the same. I just tried putting in the name of our network domain,
SAI-LOCAL, and it works. I do not understand why, nor why no one else
thought of this at Cingular or HTC.

Anyway, we are relieved, hope this helps someone else.

Thanks,

Matthew


"Matthew" <mappleNOSPAMPLEASE@inch.com> wrote in message
news:uQBYPcaQHHA.3412@TK2MSFTNGP05.phx.gbl...