We help IT Professionals succeed at work.

Connecting Mobile device to exchange server through firewall and ISA

barrettt
barrettt asked
on
Medium Priority
759 Views
Last Modified: 2010-05-18
I have the following set up:
Sonicwall Pro230 Firewall ==> ISA/proxy server ==> exchange server

I only have one external ip address, and I want to set up mobile devices to be able to connect to Outlook and get calendar/contacts/email through a cellular data connection. Exchange is set up for OWA and OMA is currently turned on, but I cannot figure out how to configure a device to pass through the external ip address via (pop3/imap4/whatever) and get through the ISA proxy server to the exchange server. I've read a bunch of stuff about activesync, and desktop redirectors, but I would rather not have to leave pc's running to send the outlook data to the wireless devices. The devices I am trying to connect with are:
Treo 650 with Sprint service and a Cingular 8125. If more details are needed please ask.
Comment
Watch Question

Expert of the Year 2007
Expert of the Year 2006

Commented:
If it is Exchange 2003, which it sounds like it is, then you could use Exchange Active Sync. That comes in on the http protocol by standard, using the OMA infrastructure, so if you have OMA working outside then you should be able to use EAS.

EAS should not be confused with the desktop software - it is a pure server application.

Simon.

Author

Commented:
Whats EAS? and how do I test if OMA is working, because it seems to be set up correctly? Also what settings do I use in the mobile device to get connected is it by the outside IP address?
Thanks,
Expert of the Year 2007
Expert of the Year 2006

Commented:
EAS - Exchagne Active Sync.

OMA is a matter of browsing to the external IP address or preferably dns name and putting /oma on the end:

http://mail.domain.com/oma

Simon.

Author

Commented:
Ok, got it but, I get this error when I browse to that page (https://mail.domain.com/oma):
Unable to connect to your mailbox on server xxx. Please try again later. If the problem persists contact your administrator.
Expert of the Year 2007
Expert of the Year 2006

Commented:
Is the OMA virtual directory allows through ISA?
Does it work inside?

Simon.

Author

Commented:
No, it won't even open on that server. The mail server has IIS5 running on it, and OWA works fine on both sides. Any ideas?
Expert of the Year 2007
Expert of the Year 2006

Commented:
This is Exchange 2003?
Do you have a /oma virtual directory in IIS manager?

Simon.

Author

Commented:
Yes Exchange 2003, and there is a /oma directory under the default website listing.
Expert of the Year 2007
Expert of the Year 2006

Commented:
And what happens when you browse to the /oma directory from a standard web browser? Make sure that you have friendly http error messages turned off.

Simon.

Author

Commented:
I get a 404 error or just a blank page depending on if I use https or http, could it be an IIS setting?

Author

Commented:
Ok, I retested and all I get is a blank page after it asks for my username/password three times (and I am definetly not typing this in wrong)

Author

Commented:
Another update. I have OMA working now but only internally. I cannot browse to it from outside my network, any ideas?
Expert of the Year 2007
Expert of the Year 2006

Commented:
If it works inside, but not outside, then it has to be the ISA server blocking the connection. You will have to look at the ISA configuration to see why.

Simon.

Author

Commented:
I've checked this. Outlook web access works on the same server without any visibile settings in ISA?! Any ideas?
Thanks.
Expert of the Year 2007
Expert of the Year 2006

Commented:
Unfortunately not. I don't deploy ISA as I prefer to use a real firewall.

Try this guide: http://www.petri.co.il/configure_isa_to_publish_owa.htm

Simon.

Author

Commented:
I'll check out that link, but we don't use ISA for blocking its used for logging internet browsing. We have a Sonicwall 230 PRo that does the filtering.
Expert of the Year 2007
Expert of the Year 2006

Commented:
If you are using ISA for logging internet browsing, then why don't you just bypass it for inbound traffic.

With some clever rules on the firewall you can ensure that no user traffic goes out unless it has come through the filter (ISA), while allowing the outbound traffic to work correctly. I do that all the time when deploying packages like surf control.

Simon.

Author

Commented:
I've got some more info now. We actually have three exchange servers 1. is for adding disclaimer and has third party tool for spam filtering, 2. has all the mailboxes and currently works with OWA outside the network and cannot get OMA to work at all, 3. new server to eventually replace 2, has two test mailboxes which work but OWA and OMA only work internally. There are rules in the firewall to allow mail and such through to server 1, which then (I assume routes it automatically through to server 2 or 3 depending on location of mailbox). So why does OWA work for server2 and not 3??
Expert of the Year 2007
Expert of the Year 2006

Commented:
Are any of those servers configured as a frontend server?
If not, then that would be the problem.

OWA will try to redirect the user to the correct backend server. If the real name of the server doesn't resolve on the Internet, AND hasn't been published through your ISA, then it will all break.

If the server that has the disclaimer and spam filtering application has been set as a frontend server, then that is the one that should be published through OWA.
In fact, even if it hasn't - if it doesn't contain any mailboxes I would be looking at using it as a frontend.

Simon.

Author

Commented:
I'm kind of new to Exchange, how would I tell if server 1 which has no mailboxes (from last comment) is a front-end server? Thanks for all the help (and patience)
Expert of the Year 2007
Expert of the Year 2006
Commented:
It will say so in Exchange System Manager.
You can confirm by finding the server, right click on the server, choose Properties and see if the box "This is a frontend server" has been enabled.

Simon.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Update, server 1 is Exchange 2000 Standard edition so it is not a front-end server.

Author

Commented:
For anyone else interested, I am awarding Sembee the points and closing this question. I have discovered the OMA will not work well with Windows 2000 which has iis5, and I have gotten it to work through windows 2003 with iis6 thanks to his help and numerous searchs on the internet.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.