mobile email asking for password every week with certificate based authentication

Walter Wodzien 1 Reputation point
2021-01-28T18:50:00.13+00:00

We keep running into issues every Thursday between 9am-2pm CST, where mobile email clients 9iOS with native app) ask for a password, even though they are configured with certificate based authentication (CBA). All other days this works fine. We have the CRL published in Azure and there are no issues there that I can see. Any ideas what could be happening?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,390 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Eric Yin-MSFT 4,386 Reputation points
    2021-01-29T07:25:49.53+00:00

    Do you enable Basic authentification for the Activesync virtual directory? You cannot use multiple authentication methods and have client certificates enabled on the virtual directory. The client must either use client certificate or username and password to authenticate, not both.
    You can follow the guidance here to create another virtual directory for Basic authentification: CONFIGURE A SINGLE EXCHANGE SERVER TO HOST 2 ACTIVESYNC VIRTUAL DIRECTORIES
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    And SSL settings should be set to “Require” not “Accept”.
    Check the IIS log of Thursday and look for requests for /Microsoft-Server-ActiveSync, there might be an error code returned. You can refer to this documentation for detailed meaning: The HTTP status code in IIS 7.0 and later versions


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.