We're trying to set up ActiveSync for one of our customers running Exchange 2010, and it's failing the Remote Connectivity Analyzer diagnostic for "Exchange ActiveSync" at the certificate trust validation step:
"There's a missing intermediate certificate in the certificate chain. Subject = CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB. For more information, see Knowledge Base Article 927465. "
I've consulted the KB article it cites, which advises me to make sure all of the intermediate certificates are installed, and verify that nothing is expired. I went to our cert vendor, obtained the intermediate certs, and reinstalled them. Verified nothing was expired, and restarted IIS. Diag still failed. Rebooted the server to be safe, diag still fails.
Went to another customer that has working ActiveSync and an identical setup. Verified that the "Exchange Activesync" MS RCA diag passes successfully for them. Used the Certificates MMC snapin to verify that both their server and the
problem customer's server possess the exact same intermediate and root certs. I looked at "Trusted Root Certification Authorities"\"Certificates", "Intermediate Certification Authorities"\"Certificates", and "Third-Party
Root Certification Authorities"\"Certificates, and everything is the same. I opened and checked the certification path for each certificate in the problem customer's environment, and no errors were noted. Reverified that nothing in any
of those areas, or the "Personal" store, is expired yet.
What could be going on here? I feel like I'm probably missing something very obvious or minor, but I can't think of anything else to try at this point.