?
Solved

New Mobile Phone with Windows and Activesync on it - connecting to exchange 2003

Posted on 2006-06-07
22
Medium Priority
?
1,923 Views
Last Modified: 2010-08-05
One of our managers just bought a mobile phone (Motorola Q phone I believe) with the Pocket PC version of windows on it.  There is a setting to configure an exchange server, but I am not sure how it is supposed to connect to the exchange server.  Does it connect to the exchange server via the Internet, or does it only connect to an exchange server when it is connected to a PC on our LAN?  Obviously, his main PC is connected to our LAN and a member of our domain.  So, when the Pocket PC is asking for server address, do I used the public IP of our network (which forwards all mail traffic to our internal Exchange server) or do I use the 192.168...number of our exchange server?

Thanks for any help you can give!
Jeff
0
Comment
Question by:jbobst
  • 11
  • 10
22 Comments
 
LVL 4

Expert Comment

by:ari24
ID: 16853902
It syncs wirelessly through verizons network which connects you to the internet. Use your public IP.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16854488
If you use the IP address only in the ActiveSync configuration then all traffic is going across in the clear. That includes usernames and passwords.

For a secure deployment you should be using an SSL certificate. SSL will require a host, not an IP address. If you already have SSL for OWA, then it covers Exchange ActiveSync as well.

As for the actual connection, there are two ways that the device can connect to Exchange.
1. Active Sync on the desktop. This is how it used to be - email, contacts etc are synchronised when the device is connected.
2. Over the air, via Exchange Active Sync. This requires Exchange 2003, and only synchronises inbox, tasks, calendar and contacts. For notes and files you have to use the desktop version.

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16855209
Thanks for the help so far... A couple more questions and some more info...

I do run Exchange 2003 (service pack 2), and we do use OWA...with a SSL certificate.  I have tried to connect this mobile device, but it doesn't seem to work.  What I am wondering is, can this mobile phone device connect over the internet to our exchange server and sync up?  Or does it have to be in the cradle or somehow on our LAN network to allow this?  If this user is sitting in a restaurant somewhere, he wants to be able to use the phone to sync up with our exchange server and check his email.  This may not be possible without the phone being plugged into the craddle which is connected to a computer on our internal network, but I am hoping it can connect anywhere where there is cellular Internet service.

If it can connect anywhere (where there is cellular Internet), how do I start the debug process on my exchange server?  I checked the mobile devices area, and everything there is enabled (in the default mode).  Could there be a problem with my firewall blocking access potentially?  Like I said, we do successfully use OWA with an SSL certificate, so if this mobile device uses the same route, then there shouldn't be any problems.

Thanks.
Jeff
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 104

Expert Comment

by:Sembee
ID: 16857464
The whole point of Windows Mobile on the phone is for email access on the move. No cradle - all you need is internet access on the phone.
First thing I would suggest is to get hold of the emulator. http://www.sembee.co.uk/archive/2006/05/19/17.aspx
It will make things much easier for you to do your initial troubleshooting. Get the emulator on your network.

While you are playing with that, see if OMA works.
Using a regular web browser on your desktop, browse to https://servername.domain.com/oma (where servername.domain.com is the name on your SSL certificate). You should get a username and password prompt. Enter the username in the format of domain\username and then the password. You should get a text version of OWA showing some folders.

If you get any error messages, or a certificate prompt, then it likely the feature will not work on the handheld. Repeat the test, but make sure that show friendly HTTP error messages is disabled in the Internet Explorer options so that you can see the real error.

Exchange Active Sync uses the same structure as OMA, so the above test will show if it is likely to work or not.

If OMA works on your desktop, then try it on the emulator. Same idea - any error messages or certificate prompts and the process will fail.

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16871507
Simon,

Thanks for the help, and sorry about the delay in getting back to you.  First, I tried to https://servername.domain.com/oma and it did not work.  It actually gave me a logon screen, but when I logged on, there was an error saying "Your account is not configured for wireless access. Please contact your administrator".  I check my user account in AD, under the Exchange Features, and it had Outlook Mobile Access enabled.  I am trying to download the emulator, but I am very confused by the download options.  It's not as simple as downloading an .exe file and running setup apparently.  Hopefully with that error message, you can maybe point me in the right direction.

Thanks.
Jeff
0
 
LVL 1

Author Comment

by:jbobst
ID: 16874194
I downloaded the phone emulation tool, but it doesn't seem to work.  I get an image of a cell phone...the buttons are able to be "pushed in", but the "phone" is not powered on.  When I try to power it on, I get an error saying "No VPC network adapters enumerated or no host network adapter with provided MAC address found".  I really don't know what I am doing in regards to this emulator, but since my OMA doesn't even work through a browser, I am guessing that something is not configured properly on the Exchange/IIS server.

Any other thoughts???  I am getting desperate :)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16874255
The emulator isn't as straightforward as it immediately seems. I am in the process of re-writing my web page on the subject to clear things up.

You need to install the network adaptor which is also on the download page, plus you cannot have a physical Pocket PC connected at the same time.

Do you get the same message when you browse to oma via desktop internet explorer?
Anything in the event log of the Exchange server at the same time as the attempt to login?

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16874466
Simon,

Here is the event log message I get when I try to go to the oma via a web browser:

User jbobst@acoustic.local does not have a valid mailbox that ends with the SMTP proxy address acoustic.local. Please make sure that the correct SMTP proxy address is set on the Outlook(R) Mobile Access virtual directory in Internet Information Services.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16874577
Does the user account have an email address that ends in acoustic.local ?
If you have a different domain for email than the Exchange domain, then you need to ensure that both are listed in the user accounts.

username@domain.local
username@domain.com

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16874637
Our addresses end in acoustictech.com.  Do I then put a new smtp address with @acoustic.local in the Active Directory Users and Computers, email addresses area?  Or is this done in the IIS server on the Exchange server?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16874648
You should have that domain in your recipient policy.
If you don't, add it in to the default recipient policy, but don't make it the default address.

Recipient Policy should do everything for you - you don't need to set the addresses on each by default.

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16874666
I do have the acoustic.local as my default policy in my recipient policy.  I also have the acoustictech.com in the recipient policy too...with a priority of 1.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16874715
OK - what about the user accounts? Is there an address ending in .local on the account? Is the option to allow recipient policy to update email addresses enabled?

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16874724
No, just the SMTP username@acoustictech.com, and an X400 address.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16874741
Add one in.
You will have to check anyone else who whop will be using Windows Mobile devices.
Wait about half an hour before trying so that the change replicates.

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16896725
Simon,

Sorry for the delay on this thread.  I added an smtp address of myusersname@acoustic.local.  It didn't work either, but I did get a different error message.  So here are the results for the two scenario's I currently have:

Scenario 1.  A user WITHOUT the addtional smtp address of username@acoustic.local - When they try to connect their browser to http://exchangeserver/oma, they receive an error message saying "Your account is not configured for wireless access. Please contact your administrator."  The Exchange server reports the following error in the event log:

Event ID 1901, Source MSExchangeOMA
User username@acoustic.local does not have a valid mailbox that ends with the SMTP proxy address acoustic.local. Please make sure that the correct SMTP proxy address is set on the Outlook(R) Mobile Access virtual directory in Internet Information Services.

Scenario 2.  A user WITH the addtional smtp address of username@acoustic.local - When they try to connect their browser to http://exchangeserver/oma, they receive an error message saying "  A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator."  The Exchange ser reports the following error in the event log:

Event ID 1503, Source MSExchangeOMA
An unknown error occurred while processing the current request:
Message: The remote server returned an error: (403) Forbidden.
Source: Microsoft.Exchange.OMA.ExchangeDataProvider
Stack trace:
   at Microsoft.Exchange.OMA.ExchangeDataProvider.OmaWebRequest.GetRequestStream()
   at Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeServices.GetSpecialFolders()
   at Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeServices..ctor(UserInfo user)

Message: Exception has been thrown by the target of an invocation.
Source: mscorlib
Stack trace:
   at System.Reflection.RuntimeConstructorInfo.InternalInvoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean isBinderDefault)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at Microsoft.Exchange.OMA.UserInterface.Global.Session_Start(Object sender, EventArgs e)

Message: Exception of type Microsoft.Exchange.OMA.DataProviderInterface.ProviderException was thrown.
EventMessage:
UserMessage: A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
Source: Microsoft.Exchange.OMA.UserInterface
Stack trace:
   at Microsoft.Exchange.OMA.UserInterface.Global.Session_Start(Object sender, EventArgs e)
   at System.Web.SessionState.SessionStateModule.RaiseOnStart(EventArgs e)
   at System.Web.SessionState.SessionStateModule.CompleteAcquireState()
   at System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source, EventArgs e, AsyncCallback cb, Object extraData)
   at System.Web.AsyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16907714
Have you got require SSL enabled on the /exchange virtual directory in IIS Manager? It shouldn't be enabled on /exchange, /oma or /Microsoft-Server-ActiveSync

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16907826
In IIS, under the "Default Web Site", "Exchange", I have require SSL enabled.  I believe it has to be this way for our Outlook Web Access to work with HTTPS and our certificate.  However, under the "OMA", require SSL is not checked.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16907913
You HAVE to turn off the require SSL. There is no other way of resolving the problem.
OMA/EAS makes a call on port 80 to the /exchange virtual directory.

It doesn't affect the way that SSL works. If you want to force your users to use SSL, then simply don't open port 80 on the firewall. Only open port 443 and make them enter https - once they have got the access denied error a few times on http they will soon learn.

Or put a redirect on a hidden page on your web site (so http://www.domain.com/mail/default.asp redirects to https://mail.domain.com/exchange) - http://www.amset.info/exchange/owa-redirectpages.asp has an example code.

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16912469
I disabled the SSL encryption on my "exchange" website, and now my browser works!  Thanks for the help on that one.  I still don't quite understand why that shouldn't be checked, since we want to use SSL though.  I also vaguely remember that our certificate provider instructed me to put a check in that box, but I could be wrong.

Anyway, now that my browser can access the oma site, I am still unable to get this Motorola Q phone to sync up with it.  You probably don't have specific knowledge on the Moto Q phone, but maybe you have some tips or tricks on how to get these phones setup.  When it asks me for my server, I am putting in https://XXX.XXX.XXX.XX/oma, but it always seems to clear away the https:// part of the server name, leaving only the IP address/oma.  I have tried it with and without the "this server requires an encrypted (SSL) connection" checkbox enable, but it doesn't sync up either way (this checkbox I am referring to is on the mobile device).  So, I'll continue to research this phone an hopefully find my problem, but any additional advice you have would be greatly appreciated!

Jeff

By the way, when I use my browser to test the oma, I HAVE to specify https as http does not work.  Could that be the reason the mobile device doesn't work?  Or, is checking the SSL box basically adding the https to the server name?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 16913701
The option to require SSL doesn't affect your ability to use SSL. What it does is tell IIS to ONLY accept connections on SSL. It is often set to allow people to use redirects from http to https.

If you have only allowed port 443 through your firewall then I wouldn't expect the connection on http to work. As long as http traffic can move internally the feature should work.

I haven't seen the Moto Q and probably will not for a while as I don't think it is going to be released in GSM format for a while.

When you are configuring Exchange Active Sync, enter the servername ONLY.
If the certificate is in the name of servername.domain.com then that is what you put in.

servername.domain.com

NOT
https://servername.domain.com
https://servername.domain.com/sync
https://servername.domain.com/oma
servername.domain.com/oma
or the IP address.

Simon.
0
 
LVL 1

Author Comment

by:jbobst
ID: 16915705
ANSWER to question.

Simon, it finally is working.  I hired a local "exchange server expert" this morning from a local computer support shop.  I am not sure how much of an expert he is, but together we found KB article 817379, which details how to fix the problem when using SSL on the "exchange" site.  I should first say that in order to even get to this point, you were right about our http traffic.  I didn't have the http service going anywhere in my firewall, so that was keeping it from even connecting to our exchange server...thanks for the tip there.  Once we opened up http traffic to the exchange server, we finally saw error's in the event viewer from the user with the mobile device as it was trying to connect.  So, we finally got to a point where the device finally was getting through to our exchange server, but still wasn't working due to a SSL problem noted in the KB article.  Anyway, once I made the changes from the KB ariticle, it worked perfectly.  I am going to accept your last answer as the "accepted answer" so I can still give you the points.  Hopefully, anyone who is looking for a solution to this problem will see this post too.  Thanks for sticking this out with me and thanks for all the help!

Jeff
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month14 days, 3 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question