Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ActiveSync and SSL on/off problem syncing

Posted on 2006-06-13
10
Medium Priority
?
850 Views
Last Modified: 2011-09-20
hi folks,

I've just configured Exchange 2003 for direct push email out to mobiles.  When I initially setup the phone via activesync I leave SSL unticked and fill in the boxes and sync just fine.  

Then I install a certificate on the mobile phone and edit the active sync settings so it uses SSL and away it goes... works fine over the air.  

The problem is then that when you reconnect the phone to your PC to sync with the cable it fails (because it's now using SSL).

Does anyone know how to configure either ActiveSync or the phone to be happy with SSL over the air and no SSL when cable syncing?

0
Comment
Question by:unichaun
  • 4
  • 4
10 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16897172
When the device is put in the cradle it uses the same settings as it does for over the air, only the traffic is routed through your PC instead. You cannot change whether it is using http or https as (desktop) ActiveSync picks up the information from the device.

Does the name on the SSL certificate resolve on your LAN?
If not, then you need to make it so. I always deploy a split DNS configuration so that the same name works inside and outside. (http://www.amset.info/netadmin/split-dns.asp)

Simon.
0
 

Author Comment

by:unichaun
ID: 16992339
sorry for the delay in replying, i've been away.

Yes it resolves but it doesn't require SSL, whereas when you're external it does.  I'm figuring there's something in IIS I need to set to require SSL when cradling the device but I'm not what it is.  Maybe it's the OMA bit????
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16996237
You can't use require SSL with Windows Mobile devices, because there is an internal call on port 80. If you have require SSL on, then that can cause a problem.

Have you perhaps done something odd with your port mappings for SSL?
When the device is cradled, can you browse to https://host.domain.com/oma (where host.domain.com is the name on the certificate). Make sure that you have the pass through option enabled in ActiveSync so that it uses the host computer's network connection.
Try the same test from IE on the desktop.

Simon.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:unichaun
ID: 17001128
Actually you can enable SSL on Windows Mobile devices... there is a selection box in teh configuration to do so... and to access email OTA I need to have SSL enabled.  It's only when it's cradled that this doesn't work.

As far as accessing OMA web pages goes... when the device is cradled it won't work with https://.... I get connection refused by my proxy server.  It does work though if I use http://.

ON the desktop I get the same.... http: works but https doesn't (connection refused).

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17001220
I didn't say that you couldn't enable SSL. What you cannot do is REQUIRE SSL - they are very different.

I would look at your proxy server configuration. Ensure that the exclusions are set correctly for the internal connections.

Simon.
0
 

Author Comment

by:unichaun
ID: 17001343
ah ok.... I'll have a look.... thanks.  
0
 

Author Comment

by:unichaun
ID: 17029819
What I've figured out today is that when I connect OTA/wirelessly the smartphone hits our front end exchange server and works just fine.  

When I cradle the device and connect with IE to the /OMA website I get a proxy error saying "connection refused" and the IP address of the back end exchange server.  So it seems like it's going directly to my exchange server instead of hitting the front end exchange server first which appears to be why SSL works OTA but when cradled it's not hitting the same server and is being denied.  

Any ideas how I can fix this? We're using ISA as proxy/firewall.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 17064918
There is a new version of ActiveSync for the desktop which looks like it may cover this problem.
See if that fixes the issue.

From the readme file...

- Improved Desktop Pass Through behaviour with ISA proxy failures.


http://www.microsoft.com/downloads/details.aspx?FamilyID=7269173a-28bf-4cac-a682-58d3233efb4c&DisplayLang=en

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question