Recently, at work, we redid our Exchange 2003 server. After the change, ActiveSync on my Windows Mobile Pocket PC 6700 Sprint Phone stopped working. Previously, we used a homegrown certificate, so I had to copy it to my device and install it. But during this change, we switched to a third party cert. This is where the problems started.
Internet Explorer, Firefox, and other applications keep a list of known valid trusted (and untrusted) root cert authorities. Every so often they update their lists to add new root cert authorities. Easy enough.
The cert we were using was from a newish root cert auth. IE7 had it listed and worked fine going to Outlook Web, no cert errors. Firefox on the other had would give a message saying that it couldn’t figure out what the cert was all about.
On the Pocket PC, if I went to Outlook Mobile Access (OMA), I would get the same type of error, where it couldn’t validate the cert. Also, because of this, the over the air (OTA) ActiveSync stopped working, and I was getting error 0x80072F0FD, saying that the certificate was invalid. (But – it wasnt!!)
Needless to say, I couldn’t just register the cert for our server, I had to register every cert in the cert path, which ended up being 3 certs. By doing this, my device knew that the root cert auth was valid and then allowed me to sync.
Really, Microsoft should be sending out these updated trusted root cert authorities in updates to the device or for ActiveSync, or at least make it easier to find info on it and know what is going on. A lot of time was spent troubleshooting an issue that shouldn’t really have taken as long if the information was readily available.
On the geek note, after I got ActiveSync working, I hard reset my device, and then installed the AKU3.3 hacked upgrade patch in USB bootloader mode (make sure to go into bootloader mode – hold down record and power button and do a soft reset). Sprint might or might not release it, but it has a bunch of bug fixes and speed performance tweaks. Also, once I did that, when the device came up, and before the Sprint bundles started to install, I did a soft reset. What does this do for you? Well, #1 you don’t get any Sprint bundles, and also things they disable are available to you. The one thing you need to do to make your device fully functional is add an ISP connection to #777 so the EV-DO works.
And then, finally, I installed the WM6/Crossbow theme and the Vista dialer pad skin. Sweet! 🙂
Steve Novoselac's Blog 