We recently migrated one of our CAS servers to new hardware. Everything
went smoothly save for the activesync component. Any mailboxes homed on the
server that accesses the CAS get the following error when they attempt to
sync their devices over the Internet...
"The server certificate has expired. This can be caused by your clock being
incorrectly set. Would you like to set your clock now?"
Regardless of whether they click YES or NO (clicking "yes" just confirms
that the device did have the correct time set) the result is the same..
"The security certificate on the server has expired. Check that the date and
time on your device are correct."
If i move any of the mailboxes to an MBX serviced by a different CAS,
activesync works fine.
I checked the certificate (VeriSign) and it is indeed valid through 2010.
The time on the server is correct as with the devices. The same cert also
secures the OWA site on the new CAS and it works fine. If you click the
lock icon to view the certificate info, it shows the VeriSign cert with the
correct valid dates.
I've tried removing and reapplying the cert, but i get the same result. I'm
sure i've seen this before but for the life of me i can't recall what the
solution was. I know for sure that it didn't involve manually deploying the
cert to individual devices (a strategy i've seen recommended online in
various places.) There's no errors or alerts in the event logs on either
the CAS or the MBX. When i run get-exchangecertificate, it shows two; the
VeriSign which covers IIS and a self-signed one that covers IMAP and POP.
They're both valid and it looks identical to the CAS server that's working
correctly.
Our environment is entirely Exchange 2007 SP1, service rollup 5.
Help!
|
Similar Threads
Linear Mode
