SEG: WebListener The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

Error:

HTTP 500 - Internal Server Error on the device or browser to https://localhost/microsoft-server-activesync

Web Listener Log:

09/13/2013 13:36:10        WIN-5NB36B57T4D        eb07a03e-b877-443d-94ec-3fa225fe8cea        [0000000-0000000]   (6)          Warn
AW.Eas.Web.Listener.ProxyGateway.GetMailServerResponse        WebException encountered while getting server response (callback) from mail server to SEG. 
WebExStatus: 'TrustFailure', RequestTid: '59e4a406-edf4-48c9-aad7-1cf02268f9aa', Status Code: , Status Description: ,
ExMessage: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'
 
09/13/2013 13:36:10        WIN-5NB36B57T4D        eb07a03e-b877-443d-94ec-3fa225fe8cea        [0000000-0000000]   (6)          Warn
AW.Eas.Web.Listener.ProxyGateway.GetMailServerResponse        *** EXCEPTION ***
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

 1.png

 

Cause:

The SEG server lacks the trust to the mail server endpoint

 

Resolution:

These errors indicate the connection to the Mail server is using an SSL certificate that the SEG server does not trust. To validate this, open the web.config file for the Web Listener (\AirWatch\AirWatch X.X\AW.EAS.Web.Listener) and identify the “exchangeActiveSyncUrl”. 

 2.png

Paste this URL into a browser on the SEG server to view any certificate errors. 

3.png

Next, validate that the certificated is a public 3rd party SSL cert, the “Issue to” or “Subject Alternative Name” matches the DNS name listed in the web.config file above, the certificate is not expired or revoked, and the full certificate chain is displayed. To confirm your certificate details, use the following steps:

  1. View the certificate information from the browser for more details. 
  2. Check the certificate to ensure it meets the requirements above. 

If your certificate is not from a public 3rd party provider, you need to ensure that your SEG server trusts this certificate. 

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.