Solved

Mobile PC ActiveSync and SSL

Posted on 2006-07-22
10
641 Views
Last Modified: 2012-05-05
I have a few Sprint MobilePC phones and we are connecting them to the Exchange Server 2003 with ActiveSync.  I have the functionality working but it does not work with SSL for some odd reason.  I did the MS work around with KB817379 but the mail that is being sent and recieved is not secure, at least from what I can see.  MS talks about setting up a front end server and a back end server to get SSL to work but I can't afford to by another copy of Exchange and knowing MS, they want to have additional licenses (sigh)  Am I missing something there?  Is there a way to have the Sprint MobilePC phones connect to the server utlizing SSL without have to install and additional server?  Yes, I know it can be done over the web, that works well but has more steps that what our clients want to do.  

Second part, since SP2 allows for things like ActiveSync to work directly with the server, will this also work with a BlackBerry as well or are they still requiring their own server?

Tia,
Andrew
0
Comment
Question by:itbossman
  • 4
  • 4
10 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17161487
Blackberry is not Windows Mobile. So a Blackberry will still require a BES. The service pack two changes were just for Windows Mobile devices.

The quickest way to discover if you are using SSL is to simply shut off port 80 on the firewall. OMA/EAS make internal calls on port 80, so you cannot restrict it internally. However all external traffic will go over 443. On my home network I have just port 25 and 443 open to the internet - nothing else and push works fine.

Does OMA work over ssl?

https://servername.domain.com/oma (where servername.domain.com is the name on your certificate).

You don't have to deploy a frontend/backend scenario although Microsoft would like you to. I have lots of sites running with just a single server.

Simon.
0
 

Author Comment

by:itbossman
ID: 17186390
Simon,

  Here is the catch, if I access e-mail over the web interface, SSL works fine if I go to oma or even just to our webiste.  The problem is the view on the screen, there is a lot of extra "junk" vs using the built in messaging client.  The built in client connects just fine but again, I can not see where it is using SSL.  If I uncheck the "my server requires an SSL connection" I can still get e-mails.  Being in the healthcare business, HIPAA has a huge role in the security of confidential e-mails.  

  I was looking on handango.com to see if there was an add-on to handle SSL but nothing stood out, any suggestions?  Another fun part is, if we can not solve this, who do I call, the phone vendor or Microsoft?  Gotta love it!

Thanks,

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17187642
If you call Microsoft, they will tell you that Windows Mobile is an OEM product and they cannot help.

Who issued your certificate? Is it a purchase certificate or a home grown certificate? Windows Mobile isn't brilliant for managing the certificates, but with some patience you can work around the problems. There are lots of people using SSL with Windows Mobile without any issues.

Simon.
0
 

Author Comment

by:itbossman
ID: 17215514
Simon,

  The certificate is from comodo and is working fine.  I am sure people are using the SSL feature but those that are using it seem to be running a front end and back end exchange server.  That seems impractical and not cost effective for smaller business offices.  If "lots of people are using SSL with Windows Mobile" then why can't I find an easy answer?  I don't believe all of them are running two servers just for this functionality.

Andrew
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 104

Expert Comment

by:Sembee
ID: 17222821
I have lots of sites with a single server that are using SSL, including my server at home.
While Microsoft's documentation make it read as if you need to use multiple servers for everything that is not the case.
Remember if we all followed Microsoft's ideal world for an Exchange deployment every site would have at least eight servers and probably ten servers.

To clarify, you can browse to OMA on the device, using SSL and it works fine. You do not get any certificate prompts?
Are you using forms based authentication on the server? If so, then you need to make some changes to allow the use of SSL and FBA. http://support.microsoft.com/default.aspx?kbid=817379

Simon.
0
 

Author Comment

by:itbossman
ID: 17233615
If I am using OMA, I can go to the site but that is no different than logging into the mail web page and access e-mail, correct?  Is there a way to access e-mail utilizing the built in messaging tool within the pocket pc OS?  It has a check box for "requires SSL" but I have checked out the KB article but we are not using FBA other than the standard login screen.  The funny thing is that I can access e-mail using the built in messaging tool whether I check the SSL box or not.

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17234193
OMA is simply a plain text version of Outlook Web Access. It is designed for access from devices with limited bandwidth and/or limited screen size and resolution.

However, OMA uses the same core components as Exchange Active Sync. Therefore it is far easier to troubleshoot OMA then EAS. OMA shows you error messages, for example with the SSL certificate, whereas EAS just fails and doesn't really tell you a great deal.

Simon.
0
 

Author Comment

by:itbossman
ID: 17317171
Simon,

  I found the answer to my question - I needed to enable SSL on the ActiveSync IIS virtual server.

Andrew
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17519676
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now