Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 852
  • Last Modified:

ActiveSync and SSL on/off problem syncing

hi folks,

I've just configured Exchange 2003 for direct push email out to mobiles.  When I initially setup the phone via activesync I leave SSL unticked and fill in the boxes and sync just fine.  

Then I install a certificate on the mobile phone and edit the active sync settings so it uses SSL and away it goes... works fine over the air.  

The problem is then that when you reconnect the phone to your PC to sync with the cable it fails (because it's now using SSL).

Does anyone know how to configure either ActiveSync or the phone to be happy with SSL over the air and no SSL when cable syncing?

0
unichaun
Asked:
unichaun
  • 4
  • 4
1 Solution
 
SembeeCommented:
When the device is put in the cradle it uses the same settings as it does for over the air, only the traffic is routed through your PC instead. You cannot change whether it is using http or https as (desktop) ActiveSync picks up the information from the device.

Does the name on the SSL certificate resolve on your LAN?
If not, then you need to make it so. I always deploy a split DNS configuration so that the same name works inside and outside. (http://www.amset.info/netadmin/split-dns.asp)

Simon.
0
 
unichaunAuthor Commented:
sorry for the delay in replying, i've been away.

Yes it resolves but it doesn't require SSL, whereas when you're external it does.  I'm figuring there's something in IIS I need to set to require SSL when cradling the device but I'm not what it is.  Maybe it's the OMA bit????
0
 
SembeeCommented:
You can't use require SSL with Windows Mobile devices, because there is an internal call on port 80. If you have require SSL on, then that can cause a problem.

Have you perhaps done something odd with your port mappings for SSL?
When the device is cradled, can you browse to https://host.domain.com/oma (where host.domain.com is the name on the certificate). Make sure that you have the pass through option enabled in ActiveSync so that it uses the host computer's network connection.
Try the same test from IE on the desktop.

Simon.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
unichaunAuthor Commented:
Actually you can enable SSL on Windows Mobile devices... there is a selection box in teh configuration to do so... and to access email OTA I need to have SSL enabled.  It's only when it's cradled that this doesn't work.

As far as accessing OMA web pages goes... when the device is cradled it won't work with https://.... I get connection refused by my proxy server.  It does work though if I use http://.

ON the desktop I get the same.... http: works but https doesn't (connection refused).

0
 
SembeeCommented:
I didn't say that you couldn't enable SSL. What you cannot do is REQUIRE SSL - they are very different.

I would look at your proxy server configuration. Ensure that the exclusions are set correctly for the internal connections.

Simon.
0
 
unichaunAuthor Commented:
ah ok.... I'll have a look.... thanks.  
0
 
unichaunAuthor Commented:
What I've figured out today is that when I connect OTA/wirelessly the smartphone hits our front end exchange server and works just fine.  

When I cradle the device and connect with IE to the /OMA website I get a proxy error saying "connection refused" and the IP address of the back end exchange server.  So it seems like it's going directly to my exchange server instead of hitting the front end exchange server first which appears to be why SSL works OTA but when cradled it's not hitting the same server and is being denied.  

Any ideas how I can fix this? We're using ISA as proxy/firewall.


0
 
SembeeCommented:
There is a new version of ActiveSync for the desktop which looks like it may cover this problem.
See if that fixes the issue.

From the readme file...

- Improved Desktop Pass Through behaviour with ISA proxy failures.


http://www.microsoft.com/downloads/details.aspx?FamilyID=7269173a-28bf-4cac-a682-58d3233efb4c&DisplayLang=en

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now