Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Connectivity issue between WM6.0 and Exchange 2003 SP2

Network Sharing , TCP/IP, Internet, Wireless, Exchange, IIS, ISA and Print

Connectivity issue between WM6.0 and Exchange 2003 SP2

Postby guest » Sun Jan 13, 2008 11:56 pm

Situation: you are trying to configure ActiveSync for a Mobile 6 user. Several errors were received.

First, I want to answer your questions:

Question 1: Is the Microsoft Exchange Server ActiveSync Certificate-Based
Authentication Tool required to run?

Answer: We do not need to install this tool since there is only one Mobile
user

Question 2: Should the SPN be added on the ISA server or on the
Exchange server?

Answer: Adding SPN is only needed when the Exchange organization is a
Front-End (FE) and Back-End (BE) structure. This structure has at least two
Exchange servers. From your description, it seems there is only Exchange
Server in your organization. If this is true, we do not need to add SPN

Question 3: How to configure ISA 2006 for ActiveSync?

Answer: When deploying ISA Server 2006 for Exchange ActiveSync, we can use
the New Exchange Publishing Rule Wizard on the Firewall Policy tasks. This
new wizard shows us the specific settings that must be configured to allow
for Exchange ActiveSync access. Follow the instructions in the New Exchange
Publishing Rule Wizard for ISA Server 2006 to configure your Exchange
deployment to use Exchange ActiveSync.

Now, I want to confirm the following questions to narrow down the cause:

1. How you want to configure the Mobile to ActiveSync with the Exchange
server, through a wireless connection or using a desktop computer, cradle,
and desktop synchronization software?

2. Please let me know more information about the symptoms. For example,
please let me know the error received?

3. What is the certificate you are using, a self assigned or issued by
third party vendor?

- Looks like i might have been trying to enroll in wrong type of certificate.
in Windows mobile device center, i used to try
"DomainControllerAuthentication" and I even created new type of certificate
and they didn't work. But since you mentioned, this time i tried "USER" type
and it was enrolled and exchange server was also enrolled successfully!!!!!
and exchange sync also appears to be working okay! Although, i am a little
bit confused on how ISA is handling certificate authentication since i
didn't make any specific adjustment (unless it did so already during
publishing wizard).

thank you for pointing me to the right direction!

That leaves two questions only:
- do we need to have OMA's publishing rule enabled on ISA for ActiveSynch to
work?
- As far as device security goes, if the device is lost or stolen, what
security measures should be taken? I assume, we have to revoke the
certificate, and then user has to change password. anything else that may
compramise the security? How can we maximize the security?

thanks for your time,

- Glad to see the certificate was enrolled successfully by using "USER" type
and ActiveSync starts working.

According to my experience, we do not need to perform configurations
manually for the certificate authentication of ActiveSync. The Exchange
Publishing Rule Wizard on the Firewall Policy tasks accomplishes this. What
we need to do is including the "/Microsoft-Server-ActiveSync/*" path when
configuring the Exchange Publishing Rule.

I think we do not need to enable the OMA publishing rule for ActiveSync if
your mobile users do not use OMA (Outlook Mobile Access).

For security of ActiveSync, I would like to share with you the following
article

Security Considerations on the Exchange Server
http://www.microsoft.com/technet/soluti ... ain/SecEnt
Messaging/5cdd2ec2-39fe-421b-86cf-1ac05eb05490.mspx?mfr=true

When the mobile device is lost or stolen, we do not need to revoke the
certificate or let the user change his/her password. We can just use the
Exchange ActiveSync Mobile Administrative Web tool to perform a remote wipe
on any devices reported as lost or stolen.

Remote device wipe is a feature that enables the Exchange server to set a
mobile device to delete all data the next time that the device connects to
the Exchange server.

To download the Exchange ActiveSync Mobile Administrative Web tool:

Microsoft Exchange Server ActiveSync Web Administration Tool
http://www.microsoft.com/downloads/deta ... d145-4dbf-
a2cc-e0b4c6301453&displaylang=en
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Return to Networking

Your Ad Here

Who is online

Users browsing this forum: Google [Bot] and 5 guests