Snow Leopard and Exchange 2007 Integration Notes

Some notes on my experience so far with Apple’s 10.6 Snow Leopard OS and Microsoft Exchange Server 2007:


  • It’s brain-dead. It uses Autodiscover, so e-mail and password is all you need. You get prompted if you’d like it to also configure iCal and your address book.

  • I haven’t tried from home yet, but the external server path is not filled out. Internal picks up EWS/Exchange.asmx URL just fine, but external is blank. I double-checked our Exchange server and this parameter isn’t filled out so that makes sense. The difference here is Outlook assumes the external is the same as internal if this value is blank, but it appears Apple Mail will not. Be sure to set your –ExternalURL parameters on the virtual directories appropriately.


  • Responses to meetings come across as an .ics attachment, no special functionality here. This is especially bad if someone proposes a new time.

  • The Exchange RSS Feeds folder does not integrate with the RSS feeds section in Mail. This would have been nice.

  • Name suggestions are offered from the GAL and your contacts.

  • Rules do not sync.

  • UM voice mails have a built in media control. My codec is set to G.711 and I see embedded QuickTime controls in the message for playback.

  • The actually listing of your notes is displayed in the Marker Felt font. It’s horrendous and tough to read.

  • No out of office assistant.

  • You can add multiple Exchange accounts.


  • You can schedule meetings and invite attendees.

  • You can view free/busy details for attendees.

  • iCal does not differentiate between people and resources as attendees.

  • You can view responses for meetings. Accepted, tentative, declined or unknown.

  • Tasks sync to iCal “To-Dos”. The default view shows all completed items. Hit the iCal preferences to change this view.

  • You can view Delegate calendars and grant access to your calendars and tasks.

  • Name suggestions are offered from the GAL and your contacts.

Address Book

  • My contacts came across just fine.

  • I can’t see the GAL for some reason. The URL in the account settings looks correct, but the GAL is empty. Really strange considering I get GAL-suggestions when typing names in other applications.

I’m sure there are more to come, but despite some of the caveats this is still a huge improvement over Entourage. I’m looking forward to the Outlook for Mac client coming next year, but until then I’ll be using the native applications.

Installing Windows Mobile 6.0 Root Certificates

Recently I ran into a situation where we had purchased an Exchange certificate from a fairly common certificate authority (GeoTrust) and everything worked well with browsers automatically trusting the certificate... and then we picked up a Windows Mobile 6.0 device from Verizon. For whatever reason, Verizon or Microsoft has decided this particular CA was not trustworthy and isn't in the default list, so ActiveSync fails to connect to the Exchange server. Fortunately, we can force the device to trust the certificate. Windows Mobile 6.0 brought a change in how to install certificates. Users cannot install a certificate into the root certificates store on a phone unless the certificate is self-signed. This ensures that only true root certificates exist in the root store.

The pain here is that when you try installing a certificate such as the one used to secure Outlook Web Access it gets dumped in the personal store, and ActiveSync won’t connect because it can’t verify the certificate authority associated with the certificate. The solution is to get the certificate authority’s self-signed certificate into the root store. We can do this with the following steps:

1. Open Internet Explorer and navigate to the site securing OWA. Click the lock next to the address bar. ![C 00](

2. Click the **View Certificates** link. ![C 01](

3. Click the **Certification Path** tab at the top. ![C 02](

4. Click the top certificate name first (the root CA) and then click **View Certificate**. ![C 03](

5. Click the **Details** tab. ![C 04](

6. Click the **Copy to File…** button. ![C 05](

7. Click **Next** to start the Certificate Export Wizard. ![C 06](

8. Click **Next** to export the certificate as a DER encoded binary X.509 (.CER) ![C 07](

9. Browse to a location where you’d like to save the certificate and give it a name. ![C 08](

10. Click **Finish** to complete the Certificate Export Wizard. ![C 09](

11. You should see a dialog that the export was successful. ![C 10](

12. Now copy that .cer file you created to the device in some way. Via a storage card, USB cable, Bluetooth, whatever. Just get the .cer in the file structure of the phone somehow.

13. Power up the phone and click **Start**. ![W 01](

14. Find and open **File Explorer**. ![W 02](

15. Locate the .cer file you copied to the phone. I called mine root.cer. ![W 03](

16. Press **Menu** and then **Install**. ![W 05](

17. You should see a dialog that the install was successful. I’ve seen it fail on the first attempt before, so try a few times if you get an error. Press **OK**. ![W 06](

18. Navigate to the phone’s **Settings** option. ![W 07](

19. Click on **Security** and press OK. ![W 08](

20. Click on **Certificates** and press OK. ![W 09](

21. Click on **Root** and press OK. ![W 10](

22. Scroll to the end of the certificates list or keep pressing **More**. You should see the certificate you installed listed at the very end of the list. If it’s not there, try starting over and making sure you’re exporting the certificate authority’s certificate, and not yours. ![W 11](

You can now test ActiveSync and it should be able to connect to the Exchange server without ever needing to install your OWA certificate. It’s automatically trusted because the certificate authority now exists in your root certificates store.