Invalid security certificate error 0x80072F0D when you sync Windows Mobile


When you use Microsoft ActiveSync or Windows Mobile Device Manager to synchronize a Microsoft Windows Mobile device with Microsoft Mobile Information Server (IIS) or with Microsoft Exchange Server, you receive the following error message:
The security certificate on the server is invalid. Contact your system administrator or ISP to install a valid certificate on the server and try again.
Support Code:
Microsoft Outlook Web Access and Microsoft Outlook Mobile Access work correctly. However, you are unable to synchronize your data when connected to the computer, you cannot sync directly with the Exchange Server through desktop pass-through.


If your device is Windows Mobile 5.0 the issue may be caused by the device being locked by the manufacturer. This lock prevents you from installing Secure Sockets Layer (SSL) certificates correctly.

If you have checked with the manufacturer and your device is not locked or if you are using Windows Mobile 6.0 or later version then this problem may be caused by a mismatched or missing certificate on the device or on the Exchange Server with which you are synchronizing.


Step 1: Install the latest version of ActiveSync or Windows Mobile Device Manager.

Windows XP or earlier operating systems

Some specific causes of this error have been resolved in ActiveSync 4.5. If you are using Windows XP or earlier versions of the operating system, upgrade to ActiveSync 4.5.

Windows Vista or later operating systems

If you receive this error on Windows Vista or later operating systems, upgrade to the latest version of Windows Mobile Device Manager.

Step 2: Contact the device manufacturer or mobile operator

The device manufacturer and wireless carriers or mobile operators determine the security policies shipped on their devices. Contact your device vendor or mobile operator to ensure that the device you have will work with the certificates you need to use.

Step 3: Make sure you can access the mail on OWA

Make sure that your client access server is working properly. To do so, open Internet Explorer and go to Outlook Web Access (OWA) and log on. The default URL for OWA is HTTPS://server_name/OWA.

Step 4: Check the root certificates installed on the client.

To view or delete the certificates on your device, follow these steps:
  1. Tap Start, tap Settings, tap System tab and then tap Certificates.
  2. Tap the Personal, Intermediate, or Root tab, depending on the type of certificate that you want to view.
  3. Do one of the following:
    • Tap and hold the certificate whose details that you want to view. After you see a menu, tap View.
    • Tap and hold the certificate that you want to delete. After you see a menu, tap Delete.
  4. Tap OK
WARNING: Deleting a root certificate on your device can make it impossible to use SSL protocols and to synchronize with an Exchange server.
For more information about synchronization failures, click the following article numbers to view the articles in the Microsoft Knowledge Base:

927465 Error message when you try to synchronize a Windows Mobile-based device by using Exchange ActiveSync for Exchange 2003 or for Exchange 2007 or for Exchange 2010: "Synchronization failed"

915840 How to install root certificates on a Windows Mobile-based device

More Information

If your trouble is with Exchange 2003 or 2007, your answer may be found in the following article:

For more advanced technical information:


Forums Visit our Windows Phone Forums for more helpful hints and ideas.