Updated - Windows Phone 7 and the use of Certificates - Do you know error 80072F0D ?

Hi everyone,


We have been observing several questions where the users are not able to connect to their Exchange Server 2007/ 2010 environments using Windows Phone 7.


There are some questions regarding this issue but mostly, the main cause, is the lack of the OWA, also known as Outlook Web Access, address in the Certificate’s Subject Name, or SN.


Imagine you have an OWA address like https://mail.testdomain.com, e.g., and your Certificate is issued to the Subject Name Testdomain.com.
The synchronization will fail with error 80072F0D, certificate error.


In order to overcome this you should get a new Exchange Certificate with the mail.testdomain.com as the Subject Name and the other names as SubjectAlternative Names, or SAN.


In order to achieve this, you will have to use this commandlet in Exchange Management Shell, in case you are using an Internal Certification Authority, or CA :


New-ExchangeCertificate -GenerateRequest -Domainname mail.company.com, ServerName FQDN, autodiscover.company.com,ServerName -FriendlyName mail.company.com -PrivateKeyExportable: $True -pathc:\Certificate.req

( the above command is a One line command )


After this step, you should run this command :


Certreq -submit -attrib "CertificateTemplate:webserver" c:\Certificate.req


If the certificate template is set to issue without additional approval you will be requested to save the certificate to a File as soon as the certificate has been submitted. Then, just install the Certificate locally.


If this is not the case then, open the Certification Authority Management Console and double click this new Certificate located under the Pending requests and select to issue the certificate.


Then go to the Issued certificates folder and export the Certificate in *.cer format.



Once this has been done you will need to copy the *.cer file back into Exchange Server and will need to install the Certificate.


To import:

Open an MMC console – add/remove snap-in – choose “Certificates” – select “local computer”.

Right click the local computer store and choose the option to import.



Now, on the Exchange Management Shell, you will need to enable the new certificate to be seen as the new default certificate.


Use the Get-ExchangeCertificate to view the thumbprint of the Certificate and copy it to Notepad.


Then, use the commandlet :


Enable-ExchangeCertificate –Thumbprint “insert copied Thumbprint here” – Services: Imap, Pop, SMTP, IIS


Note : you will only need to Enable the certificate for the services you are using. If you don’t use Pop or Imap, then don’t include them :)


At this point the new certificate has been assigned to the Exchange Server services.


Open OWA on the Exchange Server and view the certificate. Then, on the Details tab, click Copy to file . . . This will allow you to export the full Certification chain to a *.cer file.


On the Windows Phone device, you will need to configure an e-mail account other than Exchange. We usually create a Windows Live Id account and sent this exported *.cer file to it.


Once the mail arrives, just click on the certificate and it shall be installed.


You’re done :)


You will now be able to configure the device and synchronization is now supposed to start happening.


I would like to thank Jean-Pierre Ramalho for his outstanding collaboration from the PKI side of the question.


If you prefer, you can also read this post in portuguese at :


Erro 80072F0D ao tentar sincronizar um dispositivo móvel Windows Phone 7 com o Exchange server 2007/2010 - Blog da Equipa de Suporte Platforms PT - Site Home - TechNet Blogs

I hope this have helped you.


Have a nice weekend,


João Ribeiro