01-30-2014 02:40 PM
I have been struggling for past 2 weeks to get this setup. no luck so far.
Can you help me by giving some pointers.
In Environment in short
1. I have setup the Exchange CAS, IIS for CBA as per the technet blogs
2. I have set up NDES on win 2k8 r2 and created a SCEP profile on BES 10.2
3. I can see that a cert is being issued by the CA while enrolling the device.
where domain.local is the internal AD FQDN and publicdomain.com is the domain of the user's email address
Our UPN is different from the user email address.
4. However at the end of activation process it still asks for AD user name and password
Please help me head in the right direction.
Note: at the end of activation, i get a prompt that the email provider may not be trustworthy before the AD username and password prompt. I have tried to add the CA root cert to the BAS share and tried to import it to the device using the USB cable as well. still no luck
Since most of our current Z10,Q10 users are using Basic auth. i just change the auth temporarily to required certs at night and try to activate my test devices. when i fail after multiple attempts, i change the active syn auth back to Basic
Next morning users just type their AD password and continue working