Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Microsoft ActiveSync Client Certificate Settings

Microsoft ActiveSync Client Certificate Settings

Microsoft ActiveSync Client Certificate Settings

Hey guys,

I'm running into a few snags with my Airwatch/Exchange integration. With one requirement particularly.

One thing it asks for is to Accept client certificates in Microsoft Server Active Sync settings in IIS manager. That's fine and all, but when I do that breaks normal phones connecting directly to exchange over SSL. When I change the setting back to ignore client certificates it fixes it.

According to Airwatch this setting needs to be in place in order for my client certificate coming from mobile devices enabled on Airwatch to bypass uid/password authentication and sync directly with exchange through the Airwatch server using the specified certificate.

I can see that Airwatch devices are getting that certificate, however they are prompted for uid/password authentication still when the password gets updated. I'm thinking this has something to do with the SSL settings set to required and ignore client certificates.

The rest of the settings look fine, Airwatch has access to the CA and cert, users are showing up in AW and gaining access to their emails. Kind of stuck here.

Thanks in advance

RE: Microsoft ActiveSync Client Certificate Settings

BTW here is what I'm working off of at the moment, it came from Airwatch. I verified 3 of the 4 are setup.

System Requirements:
1. The following tasks must be completed before proceeding with the steps outlined in this document:
 A Certificate Authority server must be setup and configured as described in the Setting Up a Microsoft CA for Use with AirWatch document. The CA must be an Enterprise CA as opposed to a Stand Alone CA (Stand Alone does not allow for the configuration and customization of templates). (check)

2. A Network Device Enrollment Service, also referred to as MSCEP server setup and configured as described in the document Configuring NDES
o NDES is only available in the Enterprise version of Microsoft Server 2008 and 2008 R2. (?)

3. Microsoft Exchange with ActiveSync enabled. (check)

4. Internet Information Services (IIS) on the EAS server must have the option “Client Certificate Mapping Authentication” installed. (check)

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close