I am running Exchange 2010 SP1R6 and trying to get ActiveSync working. At the moment I am running ExRCA and getting an HTTP 401 response at OPTIONS command. I am having to use a Self Signed SAN certificate for business reasons.

I am running Exchange 2010 SP1R6 and trying to get ActiveSync working. At the moment I am running ExRCA and getting an HTTP 401 response at OPTIONS command. I am having to use a Self Signed SAN certificate for business reasons.

Hi,

Although the self-signed certificate is supported for Exchange ActiveSync, it isn't the most secure method of authentication. For additional security, consider deploying a trusted certificate from a third-party commercial certification authority (CA) or a trusted Windows public key infrastructure (PKI) certification authority. See http://technet.microsoft.com/en-us/library/bb430761(v=exchg.141).aspx

To continue use the self-signed certificate, we need to  install the certificate on the mobile device and make it trusted by the device. For detailed steps, you might need to contact the support service of the mobile device.

Just for your reference:

http://blogs.msdn.com/b/echarran/archive/2007/12/30/exchange-server-2007-activesync-with-a-self-signed-certificate.aspx

Hope  it is hlepful

We are having to use a self-signed certificate for testing purposes and as a proof that the system works. After that the business team can make a decision about purchasing a certificate (as they are the ones with control over the money).

Installing the certificate on the device does not help. it still says username/password incorrec. I have tried these settings on our main activesync address and this works. It does not however work for our backup at another site (running on a seperate CAS)

Any more answers on this? We need to get this configured to increase resiliency at our second site

Can anyone else help out here? Still stuck.

We decided to use a domain joined ISA server rather than a DMZ TMG. This solved the issue.