Phones stop giving access to email. Logs in ZENworks show communications error

  • 7011419
  • 23-Nov-2012
  • 29-Nov-2012

Environment

ZENworks Mobile Management 2.5
ZENworks Mobile Management 2.6
Windows Server 2008

Situation

Phones have stopped providing access to the ActiveSync Server. Logs in ZMM show communications error.

Authentication Internal Error Data:
User: pparker HTTP Status: 0 API Error Code: 12175
URI String:
URL Parameters: Parameter name: CMD Parameter Value: Cmd, Parameter name: DEVICEID Parameter Value: DeviceId, Parameter name: DEVICETYPE Parameter Value: DeviceType, Parameter name: USER Parameter Value: User
In Header: Accept-Encoding: gzip, Content-Type: application/xxxxxxxx, MS-ASProtocolVersion: 2.5
Out Header:

Resolution

It was discovered that the following patch from Microsoft was applied to the ZMM server: http://support.microsoft.com/kb/2661254

The purpose of patch KB 2661254 is to block any certificate below a key length of 1024. While the default key length for ZMM is 2048, if the zone chooses to is establish itself with a certificate key length below 1024 patch KB 2661254 will block all communication.

Once patch KB 2661254 was removed from the Windows Primary ZMM server, ActiveSync communication was successfully reestablished.