Hi All,
we had working exchange 2019 installation for more than a year. Activesync configured with certificate based authentication and everything was working fine. All of the sudden yesterday all mobile devices stopped synchronizing with the server. When troubleshooting the issue we found out that activesync is working with basic authentication (login and password) but no longer working with certificates. No configuration changes was made at the moment, PKI working fine in the domain.
Today we installed new exchange 2019 server in the same domain hoping CBA will work on it, but all in vain. The server behaves exactly like the old one. When we trying to open url https://server/microsoft-server-activesync and use certificate for authentication then we get 403 error, if we use login and pass everything is ok.
CBA was setup with https://docs.microsoft.com/ru-ru/exchange/plan-and-deploy/post-installation-tasks/configure-certificate-based-auth?view=exchserver-2019, and we have the same configurations in other lorganizations where there are E2013 and E2016 - all works fine.
Please help, need new ideas.