Quick overview:
After publishing Exchange through the WAP rather than TMG we found that iPhone’s were able to connect to activesync however not Android devices.
The errors we were getting on Android were strange ones, “Unable to connect, Security Error occured”. No errors logged on the exchange servers regarding ActiveSync at all.
This blog explains it all:
- http://blogs.technet.com/b/applicationproxyblog/archive/2014/06/19/how-to-support-non-sni-capable-clients-with-web-application-proxy-and-ad-fs-2012-r2.aspx
So in a nutshell, to support Non-SNI Capable Clients you need run a Netsh command with your certificate hash.
To get this info open up an elevated prompt on your WAP server and run the following command:
- netsh http show sslcert
Look for the certificate hash under the correct certificate name.
Next you need the appid parameter, you can use the ones provided in the link above. Once you have this information you can now run the following command from the same elevated prompt.
- netsh http add sslcert ipport=0.0.0.0:443 certhash=<your cert hash> appid={f955c070-e044-456c-ac00-e9e4275b3f04}
It will import successfully. Make sure you do this on all your WAP servers if you running a cluster.
Give it a few minutes and then test ActiveSync. The account setup or sync should work fine now.
Hope it helps.