ActiveSync 4.1:

SUPPORT SOLUTION:
When you synchronizing a Microsoft Windows Mobile device using Exchange ActiveSync, synchronization fails. You receive the following error message:The security certificate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server. Support Code: 0X80072F0DIf you access the Outlook Web Access or Outlook Web App URL on the bowser of the Windows Mobile-based device you receive the following security warning:The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.This issue can occur because the root CA certificate is not present on the device. Also, if you are using a certificate issued by a CA server in your organization, or by third-party vendor, you find that the CA is not listed in the Root certificate store on the device.Another possible cause is that the root CA certificate was installed on the device, but the certificate was placed in the Intermediate certificate store, instead of the Root certificate store. This problem can occur if the hash algorithm of the certificate is not supported on the device.To resolve this problem use one of the following methods:Install the root CA certificate on the deviceFor more information about installing root certificates on a Windows Mobile-based device, please see the following article:915840 
(http://support.microsoft.com/kb/915840)
How to install root certificates on a Windows Mobile-based deviceVerify the Hash Algorithm is supportedIf the root CA certificate is present on the device and is listed in the Intermediate certificate store instead of the Root certificate store, make sure the hash algorithm of the certificate is supported.For example, the Secure Hash Algorithm 256 (SHA-256) is not supported on Windows Mobile 5.0, 6 and 6.5 devices. If the hash algorithm of your certificate is SHA256, you must issue a new certificate using one of the supported algorithms.NOTE: The default hash algorithm for a Windows certification authority is Secure Hash Algorithm 1 (SHA-1). This algorithm is supported on Windows Mobile devices.For the list of supported algorithms please visit the following Web site:http://technet.microsoft.com/en-us/library/cc182264.aspx
(http://technet.microsoft.com/en-us/library/cc182264.aspx)
To check the hash algorithm of the root CA certificate, you can:1. Open the certificate from the Exchange Management Tools, the Certificates snap-in of the MMC (certmgr.msc) or a web browser.2. In the Certificate Properties window, switch to the Certification Path tab and select the root CA from the Certification Path tree.3. Click the View Certificate button and in the new properties window switch to the Details tab.4. Next, check the value of the Signature Hash Algorithm.For more information about the fields, extensions, and properties that define an issued certificate, please visit the following Web site:http://technet.microsoft.com/en-us/library/cc738650(WS.10).aspx
(http://technet.microsoft.com/en-us/library/cc738650(WS.10).aspx)
Note This is a “FAST PUBLISH” article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use
(http://go.microsoft.com/fwlink/?LinkId=151500)
for other considerations.

For File Repair and Data Recovery, visit File Repair / Data Recovery