Last November, my ASUS laptop forced me to update to Windows 8.1.  Since then, I cannot connect to my organization's mobile EAS using the Mail/Calendar/People app.  The Mail app says "We could not connect to .... because of problems with its digital certificates.  Contact your system administrator for info."  I also tried to delete the account and recreate it.  At the account info screen, it gave a related error message, stating "To connect to this account, you need a valid certificate on the PC. Contact your system administrator for more info."

In trying to recreate the account, I note that the 8.1 Mail app appears to have combined all EAS connections -- I seem to recall different options for connecting previously, including one that was more specific to mobile EAS connections.  My organization only supports connection to mobile devices, and I continue to be able to connect via Windows phone, Android (iOS devices also supported).

I have done some digging and see that in my Windows Certificate Manager, there is a Personal Certificate with an error message. It's a "Token Signing Public Key" for "Client Authentication" using an RSA Public Key, but under the Certification Path tab, the status states "The issuer of the certificate could not be found."  I suspect this is the certificate that my organization's server is sending but is no longer being recognized by Windows 8.1.

My organization has been unwilling to support me on this.  They point to the fact that all other devices work, my connection worked with Windows 8.0, and they don't have enough users that connect via Windows 8.1 laptops/tablets to troubleshoot on their end.  They also don't want to change setting that then cause other users to lose connectivity on the more commonly used mobile devices.

So, to trouble shoot myself, I have looked up posts on related issues and I have done all of the following to no avail:

- Make sure my Windows is up to date, including that latest Certificate/Credential update;

- Uninstalled the Mail/Calender/People App, restarted, and reinstalled it;

- Had MS Online support try to trouble shoot.  They created a test account and tried to connect using that to no avail.

Notably, I have two Windows 8.1 machines -- my wife and I got matching ASUS laptops that both upgraded to 8.1 from 8.0  -- and I am unable to connect to my organization's mobile EAS using either machine. 

To me, this is clearly a Windows 8.1 issue.  The Mail/Calendar/People app should interface with mobile EAS exactly the same way that other mobile OSes do.  Apparently this was the case with Windows 8.0, but no longer. 

The last thing I'll add is that my organization requires password and remote wiping when connecting to the mobile EAS.  But, this wasn't an issue when I had Windows 8.0 -- it connected fine and mandated password and remote wipe features.

NOTE: I originally posted this question on the Windows 8.1 Tehchnet forum and was told by an MS Engineer Soumya Sunda Debroy to repost in this forum. 

PLEASE ADVISE.  YOUR HELP IS APPRECIATED.

- Dan

Just curious, but have you run the Microsoft Remote Connectivity Analyzer?  Do you get any warnings about the certificates being used for ActiveSync?  I also know that in our organization, we had a brief issue with Android devices requiring SHA-2 certificates or else they would not connect.  We had to update the certificate on our load balancer (SSL offloading) to resolve this issue.  I did not run into this in my testing with Windows 8.1 however.

Any option to connect to your organization's email using Outlook with Outlook Anywhere?

Per the post above, I was pointed to Microsoft's remote connectivity analyzer and it appears to me that the GoDaddy Certificate -- which was compatible with Windows 8, is not compatible with Windows 8.1.  (See results below.

I've also seen posts in other threads to "Ignore SSL errors" -- my Mail app doesn't present me that option, even though I uninstalled and reinstalled it.  So, can anyone help?



	Testing the SSL certificate to make sure it's valid.
	The certificate passed all validation requirements.
	Additional Details   Elapsed Time: 171 ms.
	Test Steps   The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server damobile.sccgov.org on port 443.   The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.   Additional Details   Remote Certificate Subject: CN=*.sccgov.org, OU=Domain Control Validated, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US. Elapsed Time: 84 ms. Validating the certificate name.   The certificate name was validated successfully.   Additional Details   The host name that was found, damobile.sccgov.org, is a wildcard certificate match for common name *.sccgov.org. Elapsed Time: 0 ms. Validating certificate trust for Windows Mobile devices.   The certificate is trusted and all certificates are present in the chain.   Test Steps   The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.sccgov.org, OU=Domain Control Validated.   One or more certificate chains were constructed successfully.   Additional Details   A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US. Elapsed Time: 30 ms. Analyzing the certificate chains for compatibility problems with Windows Phone devices.   Potential compatibility problems were identified with some versions of Windows Phone.    <label for="testSelectWizard_ctl12_ctl06_ctl02_ctl02_ctl01_tmmArrow">Tell me more about this issue and how to resolve it</label>   Additional Details   The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US. Elapsed Time: 5 ms. The Microsoft Connectivity Analyzer is analyzing intermediate certificates sent by the remote server.   All intermediate certificates are present and valid.   Additional Details   All intermediate certificates were present and valid. Elapsed Time: 1 ms. Testing the certificate date to confirm the certificate is valid.   Date validation passed. The certificate hasn't expired.   Additional Details   The certificate is valid. NotBefore = 8/7/2013 12:51:02 AM, NotAfter = 8/17/2016 4:07:52 PM Elapsed Time: 0 ms.

	Checking the IIS configuration for client certificate authentication.
	Client certificate authentication wasn't detected.
	Additional Details   Accept/Require Client Certificates isn't configured. Elapsed Time: 149 ms.