• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 654
  • Last Modified:

Mobile PC ActiveSync and SSL

I have a few Sprint MobilePC phones and we are connecting them to the Exchange Server 2003 with ActiveSync.  I have the functionality working but it does not work with SSL for some odd reason.  I did the MS work around with KB817379 but the mail that is being sent and recieved is not secure, at least from what I can see.  MS talks about setting up a front end server and a back end server to get SSL to work but I can't afford to by another copy of Exchange and knowing MS, they want to have additional licenses (sigh)  Am I missing something there?  Is there a way to have the Sprint MobilePC phones connect to the server utlizing SSL without have to install and additional server?  Yes, I know it can be done over the web, that works well but has more steps that what our clients want to do.  

Second part, since SP2 allows for things like ActiveSync to work directly with the server, will this also work with a BlackBerry as well or are they still requiring their own server?

Tia,
Andrew
0
itbossman
Asked:
itbossman
  • 4
  • 4
1 Solution
 
SembeeCommented:
Blackberry is not Windows Mobile. So a Blackberry will still require a BES. The service pack two changes were just for Windows Mobile devices.

The quickest way to discover if you are using SSL is to simply shut off port 80 on the firewall. OMA/EAS make internal calls on port 80, so you cannot restrict it internally. However all external traffic will go over 443. On my home network I have just port 25 and 443 open to the internet - nothing else and push works fine.

Does OMA work over ssl?

https://servername.domain.com/oma (where servername.domain.com is the name on your certificate).

You don't have to deploy a frontend/backend scenario although Microsoft would like you to. I have lots of sites running with just a single server.

Simon.
0
 
itbossmanAuthor Commented:
Simon,

  Here is the catch, if I access e-mail over the web interface, SSL works fine if I go to oma or even just to our webiste.  The problem is the view on the screen, there is a lot of extra "junk" vs using the built in messaging client.  The built in client connects just fine but again, I can not see where it is using SSL.  If I uncheck the "my server requires an SSL connection" I can still get e-mails.  Being in the healthcare business, HIPAA has a huge role in the security of confidential e-mails.  

  I was looking on handango.com to see if there was an add-on to handle SSL but nothing stood out, any suggestions?  Another fun part is, if we can not solve this, who do I call, the phone vendor or Microsoft?  Gotta love it!

Thanks,

Andrew
0
 
SembeeCommented:
If you call Microsoft, they will tell you that Windows Mobile is an OEM product and they cannot help.

Who issued your certificate? Is it a purchase certificate or a home grown certificate? Windows Mobile isn't brilliant for managing the certificates, but with some patience you can work around the problems. There are lots of people using SSL with Windows Mobile without any issues.

Simon.
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
itbossmanAuthor Commented:
Simon,

  The certificate is from comodo and is working fine.  I am sure people are using the SSL feature but those that are using it seem to be running a front end and back end exchange server.  That seems impractical and not cost effective for smaller business offices.  If "lots of people are using SSL with Windows Mobile" then why can't I find an easy answer?  I don't believe all of them are running two servers just for this functionality.

Andrew
0
 
SembeeCommented:
I have lots of sites with a single server that are using SSL, including my server at home.
While Microsoft's documentation make it read as if you need to use multiple servers for everything that is not the case.
Remember if we all followed Microsoft's ideal world for an Exchange deployment every site would have at least eight servers and probably ten servers.

To clarify, you can browse to OMA on the device, using SSL and it works fine. You do not get any certificate prompts?
Are you using forms based authentication on the server? If so, then you need to make some changes to allow the use of SSL and FBA. http://support.microsoft.com/default.aspx?kbid=817379

Simon.
0
 
itbossmanAuthor Commented:
If I am using OMA, I can go to the site but that is no different than logging into the mail web page and access e-mail, correct?  Is there a way to access e-mail utilizing the built in messaging tool within the pocket pc OS?  It has a check box for "requires SSL" but I have checked out the KB article but we are not using FBA other than the standard login screen.  The funny thing is that I can access e-mail using the built in messaging tool whether I check the SSL box or not.

Andrew
0
 
SembeeCommented:
OMA is simply a plain text version of Outlook Web Access. It is designed for access from devices with limited bandwidth and/or limited screen size and resolution.

However, OMA uses the same core components as Exchange Active Sync. Therefore it is far easier to troubleshoot OMA then EAS. OMA shows you error messages, for example with the SSL certificate, whereas EAS just fails and doesn't really tell you a great deal.

Simon.
0
 
itbossmanAuthor Commented:
Simon,

  I found the answer to my question - I needed to enable SSL on the ActiveSync IIS virtual server.

Andrew
0
 
DarthModCommented:
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now