Environment
ZENworks Mobile Management 2.5
ZENworks Mobile Management 2.6
Windows Server 2008
ZENworks Mobile Management 2.6
Windows Server 2008
Situation
Phones have stopped providing access to the ActiveSync Server. Logs in ZMM show communications error.
Authentication Internal Error Data:
User: pparker HTTP Status: 0 API Error Code: 12175
URI String:
URL Parameters: Parameter name: CMD Parameter Value: Cmd, Parameter name: DEVICEID Parameter Value: DeviceId, Parameter name: DEVICETYPE Parameter Value: DeviceType, Parameter name: USER Parameter Value: User
In Header: Accept-Encoding: gzip, Content-Type: application/xxxxxxxx, MS-ASProtocolVersion: 2.5
Out Header:
Authentication Internal Error Data:
User: pparker HTTP Status: 0 API Error Code: 12175
URI String:
URL Parameters: Parameter name: CMD Parameter Value: Cmd, Parameter name: DEVICEID Parameter Value: DeviceId, Parameter name: DEVICETYPE Parameter Value: DeviceType, Parameter name: USER Parameter Value: User
In Header: Accept-Encoding: gzip, Content-Type: application/xxxxxxxx, MS-ASProtocolVersion: 2.5
Out Header:
Resolution
It was discovered that the following patch from Microsoft was applied to the ZMM server: http://support.microsoft.com/kb/2661254
The purpose of patch KB 2661254 is to block any certificate below a key length of 1024. While the default key length for ZMM is 2048, if the zone chooses to is establish itself with a certificate key length below 1024 patch KB 2661254 will block all communication.
Once patch KB 2661254 was removed from the Windows Primary ZMM server, ActiveSync communication was successfully reestablished.
The purpose of patch KB 2661254 is to block any certificate below a key length of 1024. While the default key length for ZMM is 2048, if the zone chooses to is establish itself with a certificate key length below 1024 patch KB 2661254 will block all communication.
Once patch KB 2661254 was removed from the Windows Primary ZMM server, ActiveSync communication was successfully reestablished.