Android Devices not connecting through Web Application Proxy to Exchange

Quick overview:

After publishing Exchange through the WAP rather than TMG we found that iPhones were able to connect to ActiveSync but not Android devices.

The errors we were getting on Android were strange ones: “Unable to connect, Security Error occurred”. No errors logged on the Exchange servers regarding ActiveSync at all.

This blog explains it all:

• http://blogs.technet.com/b/applicationproxyblog/archive/2014/06/19/how-to-support-non-sni-capable-clients-with-web-application-proxy-and-ad-fs-2012-r2.aspx

So, in a nutshell, to support Non-SNI Capable Clients you need run a Netsh command with your certificate hash.

To get this info open up an elevated prompt on your WAP server and run the following command:

• netsh http show sslcert

Look for the certificate hash under the correct certificate name.

Next, you need the AppID parameter. You can use the ones provided in the link above. Once you have this information you can now run the following command from the same elevated prompt:

• netsh http add sslcert ipport=0.0.0.0:443 certhash=<your cert hash> appid={f955c070-e044-456c-ac00-e9e4275b3f04}

It will import successfully. Make sure you do this on all your WAP servers if you're running a cluster.

Give it a few minutes and then test ActiveSync. The account setup or sync should work fine now.