Solved

ActiveSync and SSL on/off problem syncing

Posted on 2006-06-13
10
809 Views
Last Modified: 2011-09-20
hi folks,

I've just configured Exchange 2003 for direct push email out to mobiles.  When I initially setup the phone via activesync I leave SSL unticked and fill in the boxes and sync just fine.  

Then I install a certificate on the mobile phone and edit the active sync settings so it uses SSL and away it goes... works fine over the air.  

The problem is then that when you reconnect the phone to your PC to sync with the cable it fails (because it's now using SSL).

Does anyone know how to configure either ActiveSync or the phone to be happy with SSL over the air and no SSL when cable syncing?

0
Comment
Question by:unichaun
  • 4
  • 4
10 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16897172
When the device is put in the cradle it uses the same settings as it does for over the air, only the traffic is routed through your PC instead. You cannot change whether it is using http or https as (desktop) ActiveSync picks up the information from the device.

Does the name on the SSL certificate resolve on your LAN?
If not, then you need to make it so. I always deploy a split DNS configuration so that the same name works inside and outside. (http://www.amset.info/netadmin/split-dns.asp)

Simon.
0
 

Author Comment

by:unichaun
ID: 16992339
sorry for the delay in replying, i've been away.

Yes it resolves but it doesn't require SSL, whereas when you're external it does.  I'm figuring there's something in IIS I need to set to require SSL when cradling the device but I'm not what it is.  Maybe it's the OMA bit????
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16996237
You can't use require SSL with Windows Mobile devices, because there is an internal call on port 80. If you have require SSL on, then that can cause a problem.

Have you perhaps done something odd with your port mappings for SSL?
When the device is cradled, can you browse to https://host.domain.com/oma (where host.domain.com is the name on the certificate). Make sure that you have the pass through option enabled in ActiveSync so that it uses the host computer's network connection.
Try the same test from IE on the desktop.

Simon.
0
 

Author Comment

by:unichaun
ID: 17001128
Actually you can enable SSL on Windows Mobile devices... there is a selection box in teh configuration to do so... and to access email OTA I need to have SSL enabled.  It's only when it's cradled that this doesn't work.

As far as accessing OMA web pages goes... when the device is cradled it won't work with https://.... I get connection refused by my proxy server.  It does work though if I use http://.

ON the desktop I get the same.... http: works but https doesn't (connection refused).

0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 104

Expert Comment

by:Sembee
ID: 17001220
I didn't say that you couldn't enable SSL. What you cannot do is REQUIRE SSL - they are very different.

I would look at your proxy server configuration. Ensure that the exclusions are set correctly for the internal connections.

Simon.
0
 

Author Comment

by:unichaun
ID: 17001343
ah ok.... I'll have a look.... thanks.  
0
 

Author Comment

by:unichaun
ID: 17029819
What I've figured out today is that when I connect OTA/wirelessly the smartphone hits our front end exchange server and works just fine.  

When I cradle the device and connect with IE to the /OMA website I get a proxy error saying "connection refused" and the IP address of the back end exchange server.  So it seems like it's going directly to my exchange server instead of hitting the front end exchange server first which appears to be why SSL works OTA but when cradled it's not hitting the same server and is being denied.  

Any ideas how I can fix this? We're using ISA as proxy/firewall.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17064918
There is a new version of ActiveSync for the desktop which looks like it may cover this problem.
See if that fixes the issue.

From the readme file...

- Improved Desktop Pass Through behaviour with ISA proxy failures.


http://www.microsoft.com/downloads/details.aspx?FamilyID=7269173a-28bf-4cac-a682-58d3233efb4c&DisplayLang=en

Simon.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
how to add IIS SMTP to handle application/Scanner relays into office 365.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now