ActiveSync Tester Diagnostic

Diagnosis - The certificate name is incorrect.
The name on the certificate does not match the name of your Exchange Server/Firewall which will prevent a mobile handset from establishing an SSL secured connection. During SSL session establishment, the client verifies that the certificate name (e.g server.example.com) is the same name as the Exchange server name entered on the device ActiveSync configuration. The fully qualified domain name (FQDN) of the server specified in the ActiveSync setup must be the same as that specified in the certificate.

Solution #1 - Use AccessMyLan
You can avoid having to purchase and configure digital certificates on your Exchange server and handsets by using AccessMyLan to secure all communications between your mobile handsets and your Exchange server. The AccessMyLan service also removes the need to reconfigure your firewall to allow connections from the Internet to your Exchange server.
Enable secure ActiveSync now by taking the AccessMyLan Free Trial ».

Solution #2 - Fix Certificate Problems
Digital Certificates are used to establish secure communications between systems on the Internet. A digital certificate deployed on a server is used by clients to validate the identity of the server and also to establish secure communications between the client and the server.

Click on the View Certificate button in the ActiveSync Tester results screen to view the certificate presented by the server and why the certificate is causing an issue. (This feature is not available on iOS.)

  • If the certificate is not trusted, you should either purchase a certificate from a Certification Authority (CA) trusted by your ActiveSync device or install the root certificate of the issuing Certification Authority on the device.
  • If the certificate is not valid for the requested usage, a server SSL certificate must be installed on the server.
  • If the certificate is self-signed, you will need to install the certificate as a trusted root on the device or purchase a certificate from a trusted CA.
  • If the certificate has expired and the date and time on your device is set correctly, you will need to renew the certificate or purchase a certificate from a trusted CA.
  • If the certificate revocation list (CRL) distribution point is not accessible, you need to either make the distribution point accessible (possibly by opening ports on your firewall) or deploy a new certificate without CRL issues on the server.

For more information on AccessMyLan and ActiveSync, consult the AccessMyLan Knowledge Base »

Disclaimer: All diagnostic and resolution information and associated links are provided as-is and AccessMyLan accept no repsonsibility for the accuracy or validity of any actions proposed. While feedback and suggestions are appreciated, we can not provide assistance to resolve generic ActiveSync configuration issues.