[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Mobile PC ActiveSync and SSL

Posted on 2006-07-22
10
Medium Priority
?
652 Views
Last Modified: 2012-05-05
I have a few Sprint MobilePC phones and we are connecting them to the Exchange Server 2003 with ActiveSync.  I have the functionality working but it does not work with SSL for some odd reason.  I did the MS work around with KB817379 but the mail that is being sent and recieved is not secure, at least from what I can see.  MS talks about setting up a front end server and a back end server to get SSL to work but I can't afford to by another copy of Exchange and knowing MS, they want to have additional licenses (sigh)  Am I missing something there?  Is there a way to have the Sprint MobilePC phones connect to the server utlizing SSL without have to install and additional server?  Yes, I know it can be done over the web, that works well but has more steps that what our clients want to do.  

Second part, since SP2 allows for things like ActiveSync to work directly with the server, will this also work with a BlackBerry as well or are they still requiring their own server?

Tia,
Andrew
0
Comment
Question by:itbossman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
10 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17161487
Blackberry is not Windows Mobile. So a Blackberry will still require a BES. The service pack two changes were just for Windows Mobile devices.

The quickest way to discover if you are using SSL is to simply shut off port 80 on the firewall. OMA/EAS make internal calls on port 80, so you cannot restrict it internally. However all external traffic will go over 443. On my home network I have just port 25 and 443 open to the internet - nothing else and push works fine.

Does OMA work over ssl?

https://servername.domain.com/oma (where servername.domain.com is the name on your certificate).

You don't have to deploy a frontend/backend scenario although Microsoft would like you to. I have lots of sites running with just a single server.

Simon.
0
 

Author Comment

by:itbossman
ID: 17186390
Simon,

  Here is the catch, if I access e-mail over the web interface, SSL works fine if I go to oma or even just to our webiste.  The problem is the view on the screen, there is a lot of extra "junk" vs using the built in messaging client.  The built in client connects just fine but again, I can not see where it is using SSL.  If I uncheck the "my server requires an SSL connection" I can still get e-mails.  Being in the healthcare business, HIPAA has a huge role in the security of confidential e-mails.  

  I was looking on handango.com to see if there was an add-on to handle SSL but nothing stood out, any suggestions?  Another fun part is, if we can not solve this, who do I call, the phone vendor or Microsoft?  Gotta love it!

Thanks,

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17187642
If you call Microsoft, they will tell you that Windows Mobile is an OEM product and they cannot help.

Who issued your certificate? Is it a purchase certificate or a home grown certificate? Windows Mobile isn't brilliant for managing the certificates, but with some patience you can work around the problems. There are lots of people using SSL with Windows Mobile without any issues.

Simon.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:itbossman
ID: 17215514
Simon,

  The certificate is from comodo and is working fine.  I am sure people are using the SSL feature but those that are using it seem to be running a front end and back end exchange server.  That seems impractical and not cost effective for smaller business offices.  If "lots of people are using SSL with Windows Mobile" then why can't I find an easy answer?  I don't believe all of them are running two servers just for this functionality.

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17222821
I have lots of sites with a single server that are using SSL, including my server at home.
While Microsoft's documentation make it read as if you need to use multiple servers for everything that is not the case.
Remember if we all followed Microsoft's ideal world for an Exchange deployment every site would have at least eight servers and probably ten servers.

To clarify, you can browse to OMA on the device, using SSL and it works fine. You do not get any certificate prompts?
Are you using forms based authentication on the server? If so, then you need to make some changes to allow the use of SSL and FBA. http://support.microsoft.com/default.aspx?kbid=817379

Simon.
0
 

Author Comment

by:itbossman
ID: 17233615
If I am using OMA, I can go to the site but that is no different than logging into the mail web page and access e-mail, correct?  Is there a way to access e-mail utilizing the built in messaging tool within the pocket pc OS?  It has a check box for "requires SSL" but I have checked out the KB article but we are not using FBA other than the standard login screen.  The funny thing is that I can access e-mail using the built in messaging tool whether I check the SSL box or not.

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17234193
OMA is simply a plain text version of Outlook Web Access. It is designed for access from devices with limited bandwidth and/or limited screen size and resolution.

However, OMA uses the same core components as Exchange Active Sync. Therefore it is far easier to troubleshoot OMA then EAS. OMA shows you error messages, for example with the SSL certificate, whereas EAS just fails and doesn't really tell you a great deal.

Simon.
0
 

Author Comment

by:itbossman
ID: 17317171
Simon,

  I found the answer to my question - I needed to enable SSL on the ActiveSync IIS virtual server.

Andrew
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17519676
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question