Solved

ActiveSync and SSL on/off problem syncing

Posted on 2006-06-13
10
814 Views
Last Modified: 2011-09-20
hi folks,

I've just configured Exchange 2003 for direct push email out to mobiles.  When I initially setup the phone via activesync I leave SSL unticked and fill in the boxes and sync just fine.  

Then I install a certificate on the mobile phone and edit the active sync settings so it uses SSL and away it goes... works fine over the air.  

The problem is then that when you reconnect the phone to your PC to sync with the cable it fails (because it's now using SSL).

Does anyone know how to configure either ActiveSync or the phone to be happy with SSL over the air and no SSL when cable syncing?

0
Comment
Question by:unichaun
  • 4
  • 4
10 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16897172
When the device is put in the cradle it uses the same settings as it does for over the air, only the traffic is routed through your PC instead. You cannot change whether it is using http or https as (desktop) ActiveSync picks up the information from the device.

Does the name on the SSL certificate resolve on your LAN?
If not, then you need to make it so. I always deploy a split DNS configuration so that the same name works inside and outside. (http://www.amset.info/netadmin/split-dns.asp)

Simon.
0
 

Author Comment

by:unichaun
ID: 16992339
sorry for the delay in replying, i've been away.

Yes it resolves but it doesn't require SSL, whereas when you're external it does.  I'm figuring there's something in IIS I need to set to require SSL when cradling the device but I'm not what it is.  Maybe it's the OMA bit????
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16996237
You can't use require SSL with Windows Mobile devices, because there is an internal call on port 80. If you have require SSL on, then that can cause a problem.

Have you perhaps done something odd with your port mappings for SSL?
When the device is cradled, can you browse to https://host.domain.com/oma (where host.domain.com is the name on the certificate). Make sure that you have the pass through option enabled in ActiveSync so that it uses the host computer's network connection.
Try the same test from IE on the desktop.

Simon.
0
 

Author Comment

by:unichaun
ID: 17001128
Actually you can enable SSL on Windows Mobile devices... there is a selection box in teh configuration to do so... and to access email OTA I need to have SSL enabled.  It's only when it's cradled that this doesn't work.

As far as accessing OMA web pages goes... when the device is cradled it won't work with https://.... I get connection refused by my proxy server.  It does work though if I use http://.

ON the desktop I get the same.... http: works but https doesn't (connection refused).

0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 104

Expert Comment

by:Sembee
ID: 17001220
I didn't say that you couldn't enable SSL. What you cannot do is REQUIRE SSL - they are very different.

I would look at your proxy server configuration. Ensure that the exclusions are set correctly for the internal connections.

Simon.
0
 

Author Comment

by:unichaun
ID: 17001343
ah ok.... I'll have a look.... thanks.  
0
 

Author Comment

by:unichaun
ID: 17029819
What I've figured out today is that when I connect OTA/wirelessly the smartphone hits our front end exchange server and works just fine.  

When I cradle the device and connect with IE to the /OMA website I get a proxy error saying "connection refused" and the IP address of the back end exchange server.  So it seems like it's going directly to my exchange server instead of hitting the front end exchange server first which appears to be why SSL works OTA but when cradled it's not hitting the same server and is being denied.  

Any ideas how I can fix this? We're using ISA as proxy/firewall.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17064918
There is a new version of ActiveSync for the desktop which looks like it may cover this problem.
See if that fixes the issue.

From the readme file...

- Improved Desktop Pass Through behaviour with ISA proxy failures.


http://www.microsoft.com/downloads/details.aspx?FamilyID=7269173a-28bf-4cac-a682-58d3233efb4c&DisplayLang=en

Simon.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, scripts 30 77
Distribution groups exchange 2013 6 47
Exchange on iphone 16 48
Exchange 2010 - Best practice MDB Data size 8 49
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now