?
Solved

steps for setting up OMA, Exchange ActiveSync

Posted on 2006-05-01
27
Medium Priority
?
1,201 Views
Last Modified: 2008-01-09
One of our bosses just got a Treo 700w and wants mobile access to his email.  I have never configured this before, so I'm hoping some experts can help to whittle down the process to some basic steps (perhaps with links for the details).

This is what I've gathered thus far:

1. Exchange 2003 SP2 must be installed (which it is)
2. OMA must be configured (which I know nothing about)
3. Active Sync plug-in for exchange must be installed (again, nothing)
4. Some kind of cert (SSL or otherwise?) must be configured.

Could someone get me on the right track with some brief explanations and maybe some links?
0
Comment
Question by:David Williamson
  • 13
  • 8
  • 2
  • +2
26 Comments
 
LVL 6

Expert Comment

by:matthew_wade
ID: 16578579
Here is a link to a current thread that is already discussing this very topic...

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21829622.html

Matthew
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16578620
awesome, thank you!
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16578696
I read through that post, and there's some good info, but it starts way further into the process than I am.  I am at the beginning!  I don't have anything done except SP 2.  As far as the rest, I know nothing more than what I've written.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 104

Expert Comment

by:Sembee
ID: 16579032
On a bog standard Exchange install there is very little else to do.

Open ESM, Global Settings and right click on Mobile Services. Choose Properties and enable every option.

You should now be able to step through the wizard on the device, entering your external OWA address when prompted, followed by a username and password.

It gets more complicated if you are using SSL.

Simon.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16579342
Can the mobile active sync be accomplished without using SSL?  I've enabled OMA, and it works without encryption.  As far as the external address, does it need to be the site name and /oma?  Or will IIS simply know somehow that its a PDA connecting, and send it to the right place?

I went ahead and got a 30 day trial cert from a instantssl.com, but when I set up OMA to require encryption, it is trying to grab a different SSL cert that was already installed on the server for a different site.  Can more than one SSL cert be installed on IIS 6 at a time?

Also, someone metioned to me about installed an active sync plug-in to the Exchange server.  What is that all about?
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16579399
Now it appears as if both OMA and OWA are not working.  Hmmmm.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16579624
I think I may have figured this part out.  The other site that was also using SSL was configured to use the same SSL port (443) as the Default Web Site.  I stopped the other site, which then allowed me to start the Default Web Site and connect to it successfully.

How about the other stuff?  The Active Sync plug-in for Exchange?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16579670
A couple of things...

1. It doesn't have to use SSL, but you are well advised to do so. Otherwise username and password information is going across in the clear.
2. Don't enable REQUIRE SSL, on either /oma, /Microsoft-Server-ActiveSync or /exchange as that breaks the feature.
3. When you enter the address, it needs to be the server address only - no http, no /oma or anything like that. Just the address - the device and Exchange does the rest.

Simon.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16579785
Thank you.  I have unchecked 'require ssl'.  So is there anything else that must be done besides configure the device?

The only reason that I asked about adding /oma to the url is that in order to get to OWA, we have to put 'domain_name/exchange' as the address.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16579825
You only have to add the /oma if you are browsing to the OMA system.
You only put in the server address - nothing else.

Simon.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16579830
got it.  
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16601352
I don't know whether I need to start a new question or what, but now I'm just trying to get the PDA to sync from my desktop (via USB) to the exchange server.  I keep getting error 80070002.  I've looked around on the web, and haven't had much luck.  Any ideas?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16601369
Thats an SSL or certificate error.

Have you got require SSL enabled on either /exchange, /Microsoft-Server-ActiveSync or /oma virtual directories in IIS Manager? If you have, remove them.

Is the SSL certificate purchased or home grown?
If it is home grown, is it installed on the device?

Simon.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16601386
the cert is not installed on the device.  It is not homegrown; I got it from instantssl.com (comodo).  Its a 30 day trial type.

SSL is not required on either the  /exchange, /Microsoft-Server-ActiveSync or /oma virtual directories.

On the device, does the server name have to match the cert name, or can it be the private IP or computer name?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16607018
Certificates work on three checks...

1. Date - is the certificate valid
2. Trust - do I trust the issuer
3. Name - does the name in the URL match the name on the certificate.

Thus - to answer your second question - the name you enter in the URL in EAS must match the name on the certificate, otherwise the process will fail. It cannot handle any certificate prompts over security.

The root certificate support in Windows Mobile 5.0 is not as extensive as on the desktop. My preferred certificate supplier (RapidSSL) does not have their root in the device either, so I have to install the root certificate on to the device to get it to be trusted. I suspect this may be the case with you.

You can easily check. Browse to https://servername.domain.com/oma (where servername.domain.com is the name on the certificate) on the handheld. Do you get a certificate prompt? If you do, then it isn't trusted. You should be able to download the root certificate from the SSL certificate provider. You just need to get it in to the right format to be accepted by the device. I have the instructions on my web site here: http://www.amset.info/pocketpc/certificates.asp

Simon.
0
 
LVL 6

Expert Comment

by:matthew_wade
ID: 16607100
Here is a nice link I just found today and thought you might find it very useful:

Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2

http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx

Matthew
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16632682
Sembee,

I installed the cert on the device according to your instructions.  Now, when browsing to our mail_domain/oma, there is no longer a cert warning.

I tried to do active sync on the desktop again, and got the same error.  The server name I'm using does match the name on the cert, but where does the PDA get its name resolution?  The ip that name resolves to is different depending on whether you're inside our network or not.  If the PDA is plugged in to my desktop, the IP is a 192.168 private address.  That is why I'm wondering how the PDA is resolving the address, or if the desktop is resolving it.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16633268
If the device is plugged in to a desktop then the sync will be going through the desktop.
When the device is off the network, then the sync will be going over the internet.
As long as you have the name resolution set correctly so that it works both on and off LAN, then you should be fine. I have the same setup on my home network.

Simon.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16633597
the name resolution does work correctly for both the LAN, and the outside world.  When plugged into the desktop, the server name resolves the correct private IP, and outside our LAN, the server name resolves to our public IP. Yet, connecting the PDA to the desktop gives me 'support code: 80070002'.  I've successfully installed the cert on the PDA, according to your instructions.  What else could be the problem?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16635488
That error code I believe is cannot find the item.
There was a question last week where it was a corrupt item in one of the folders.
Another time it has been resolved by a hard reset of the device.

If you have been playing around with the device, then I would be tempted to hard reset it, and then configure it with a new account. Verify that it works that way first.

Simon.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16635555
I will hard reset it and try to configure it again.  I'll let you know.
0
 

Expert Comment

by:aqan
ID: 16771766
theamzngg: did the hard reset work..
0
 

Expert Comment

by:aqan
ID: 16772302
In many forums I read that the root certificate is required to make this work but I could not get hold of it, So I'm trying to make this work using the certificate from IE Certificate store. But NO GO.
Sembee: looks like you have a good knowledge on this topic. is there a difference between root certificate and the certificate you copy from IE Certificates store.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16772657
The device has to accept the certificate that is being presented to it.
This is by either having a root certificate in the device, or the certificate itself installed.
I have done lab deployments using self generated certificates, and all I have done is exported the certificate to a file from Internet Explorer, then imported it in to the device. My instructions above cover how to get the certificate in to the right format.

For production use, I always use commercial certificates, where there is a root certificate either built in to the device, or I can easily import it in to the device.

Simon.
0
 
LVL 2

Author Comment

by:David Williamson
ID: 16793499
The reset didn't do anything, but, after installing a thing I got from cingular called Xpress, it started working.  This was after I made sure that the cert was installed on the PDA.  Its not really clear if that is what started it working or not, but that was one of the last things that was done.
0
 

Accepted Solution

by:
GranMod earned 0 total points
ID: 16977683
PAQed with points refunded (500)

GranMod
Community Support Moderator
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let us take a look at the scenario, you have a database that is corrupt and you run the ESEUTIL command only to find you are unable to repair it. How do you now get the data back?
Disk errors can be the source of sundry problems for the Exchange server, the most common one being that the database fails to mount.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question