ActiveSync and SSL on/off problem syncing

hi folks,

I've just configured Exchange 2003 for direct push email out to mobiles.  When I initially setup the phone via activesync I leave SSL unticked and fill in the boxes and sync just fine.  

Then I install a certificate on the mobile phone and edit the active sync settings so it uses SSL and away it goes... works fine over the air.  

The problem is then that when you reconnect the phone to your PC to sync with the cable it fails (because it's now using SSL).

Does anyone know how to configure either ActiveSync or the phone to be happy with SSL over the air and no SSL when cable syncing?

unichaunAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
There is a new version of ActiveSync for the desktop which looks like it may cover this problem.
See if that fixes the issue.

From the readme file...

- Improved Desktop Pass Through behaviour with ISA proxy failures.


http://www.microsoft.com/downloads/details.aspx?FamilyID=7269173a-28bf-4cac-a682-58d3233efb4c&DisplayLang=en

Simon.
0
 
SembeeCommented:
When the device is put in the cradle it uses the same settings as it does for over the air, only the traffic is routed through your PC instead. You cannot change whether it is using http or https as (desktop) ActiveSync picks up the information from the device.

Does the name on the SSL certificate resolve on your LAN?
If not, then you need to make it so. I always deploy a split DNS configuration so that the same name works inside and outside. (http://www.amset.info/netadmin/split-dns.asp)

Simon.
0
 
unichaunAuthor Commented:
sorry for the delay in replying, i've been away.

Yes it resolves but it doesn't require SSL, whereas when you're external it does.  I'm figuring there's something in IIS I need to set to require SSL when cradling the device but I'm not what it is.  Maybe it's the OMA bit????
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
SembeeCommented:
You can't use require SSL with Windows Mobile devices, because there is an internal call on port 80. If you have require SSL on, then that can cause a problem.

Have you perhaps done something odd with your port mappings for SSL?
When the device is cradled, can you browse to https://host.domain.com/oma (where host.domain.com is the name on the certificate). Make sure that you have the pass through option enabled in ActiveSync so that it uses the host computer's network connection.
Try the same test from IE on the desktop.

Simon.
0
 
unichaunAuthor Commented:
Actually you can enable SSL on Windows Mobile devices... there is a selection box in teh configuration to do so... and to access email OTA I need to have SSL enabled.  It's only when it's cradled that this doesn't work.

As far as accessing OMA web pages goes... when the device is cradled it won't work with https://.... I get connection refused by my proxy server.  It does work though if I use http://.

ON the desktop I get the same.... http: works but https doesn't (connection refused).

0
 
SembeeCommented:
I didn't say that you couldn't enable SSL. What you cannot do is REQUIRE SSL - they are very different.

I would look at your proxy server configuration. Ensure that the exclusions are set correctly for the internal connections.

Simon.
0
 
unichaunAuthor Commented:
ah ok.... I'll have a look.... thanks.  
0
 
unichaunAuthor Commented:
What I've figured out today is that when I connect OTA/wirelessly the smartphone hits our front end exchange server and works just fine.  

When I cradle the device and connect with IE to the /OMA website I get a proxy error saying "connection refused" and the IP address of the back end exchange server.  So it seems like it's going directly to my exchange server instead of hitting the front end exchange server first which appears to be why SSL works OTA but when cradled it's not hitting the same server and is being denied.  

Any ideas how I can fix this? We're using ISA as proxy/firewall.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.