Dear All,Ihavesetup atest server with Exchange 2007 x64. We are getting certificate error every time when we try to sync the phone with Exchange Serve. I have got Active Sync working with Exchnage 2007 behind ISA server. This time I am using hardware firewall instead of ISA. Even if I connectinternet connection directly to my exchange server it gives me certificate error. I am using Windows Server Certificate service to create certificates. The certifcate is added in Trusted root authority. Can any one help me with a document on configuring active sync without ISA behind hardware firewall. Its really urgent I am stuck up very badly.Regards,NzmNzm

Does the firewall you are now using use any type of reverse proxy? Or does it pass the inbound HTTPS requests directly to the Exchange Server? When you try to connect to the Exchange server from outside of your company, look at the certificate that your browser is seeing. Is it the certificate you expected to see (eg. was this the certificate you issued for the Exchange server? Or is it the self-signed certificate that comes with the Exchange server?)Jim McBee - Blog - http://mostlyexchange.blogspot.com

Currently I am using simple Linksys RV042 as this is my test server. There is no reverse proxy which is configured. I checked teh certificate from connecting to Exchange server from outside, I have installed the same certificate on my winows mobile phone. When I browse owa on my phone it gives certificate warning and then allow me to logon but can't does not download email. I have configured Active Sync with Exchange 2007 and Exchange 2003 at two different places but both were behind ISA firewall. This time I am going to use Fortinet firewall.Nzm.Nzm

Hi Nzm, ActiveSync cant work if certificate is not configured properly. Here are three requirements: 1. Trusted Root Certificate - If you are using an internal CA or self signed certificate, you must install the CA Root certificate on the Mobile Device. 2. Server Host Name - The server's external host name must match the name specified in the server certificate. 3. The Valid Date - The certificates have a valid start day and end date. The certificate must not have expired. You mentioned you received a warning when accessing OWA, the warning will tell you which criteria doesnt meet the requirement. Related resources: Exchange Remote Connectivity Analyzer https://www.testexchangeconnectivity.com/ , run a test and it will guide what you should do Deploying Windows Mobile 6 Devices with Microsoft Exchange Server 2007 http://technet.microsoft.com/en-us/library/cc182308.aspx thanks, Elvis

Hi Elvis,Thank you very much for all you help. I followed the same document and run the test. The only thing was I added the certificate in Internediate Certification Authorities and it started working fine. The only issue is that Exchaneg 2007 adds security policy onmobile device forcefully. Because of which evry time the devcie asks for the unlock code, how do Istop Exchange 2007 not to enforce the policy on the device.Thank you very much again for you help.Regards,NzmNzm

Hi Nzm,Glad to see your original issue is resolved. Regarding the policy, you can set it at EMC | Organization congiguration | Client Access | Exchange ActiveSync Mailbox Policies | Password tab. thanks,Elvis

Hi Elvis,I removed Require Password option from password tab, now it does not enforce me to enter password on mobil device.Thank a lotNzmNzm