Solved

KB817379 looks insainly dangerous to do. mobile access to exchange server

Posted on 2007-03-26
16
2,922 Views
Last Modified: 2013-11-13
I am trying to get my mobile device to access the Exchange server, and I get a "85010014" error message. I looked in the event log, and the message below was there. I read the suggested fix  (KB817379) for it, and also the fix from a dude on [ http://groups.google.com/group/microsoft.public.pocketpc.activesync/browse_frm/thread/96a012d52673c49b/22bdad20f97e9745?lnk=st&q=activesync+3005+http+400&rnum=1]
but that seems insainly difficult and dangerous. COuld anyone please help me tell me what this is all about?

// Jo

ERROR MESSAGE IN EVENT LOG:
The mailbox server [SERVERNAME] has its [exchange] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).
0
Comment
Question by:somewhereinafrica
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 18792120
I have to say that solution on Google Groups is a bit over the top.

What makes you think that 817379 is dangerous? It is a few registry changes and an export import of a virtual folder. Takes about 15 minutes I do it three or four times a week, often on remote control.

I do find that 817379 misses some steps that can cause problems so I have my own variation of the article here: http://www.amset.info/exchange/mobile-85010014.asp

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18792220
I have read that one too. Way more organized and easy to overview :-)

Here are my concerns:

step 1 - When I do this on a live server, what will the implacation be? If i disable the formbase, will that not disable the whole darn thing?

Step 2 - Again, if i remove the SSL certificate, what will happen to people that are trying to work on it? (I understand that a few minutes later I will put the thing back, but what happens during that time, I'm just asking...)

Step 3 - Removing 'require SSL' means that people could access via port 80 using http://servername, but that is not a secuirty risk in it self? I mean if someone uses it over port 80, the information might be tapped in to. But in it self it is not a security risk (i could close down port 80 on the firewall as you suggest further down to combat that)


My OMA has never worked (as in that the dude before me probably did a bad job), is having OMA not working going to be solved by this step too, or should i concentrate on getting OMA to work first and then deal with this?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792282
There will be some disruption to users of OWA while you make the changes. That cannot be helped.
If you disable forms based authentication then users get the standard username/password pop up box if they try to access the server during that time.

If you remove the SSL certificate then anyone accessing the server on SSL will have their connection dropped.

I don't use require SSL on any of my deployments because I don't open port 80 to the world. The simple fact is that require SSL on the directories is not compatible with OMA/EAS because it makes calls on port 80. That is partly what the additional virtual directory is supposed to fix.
As with everything in security, you secure what can be secured without impacting the use of the service too much. I personally prefer to secure the server by not allowing port 80 in than relying on require SSL to force the users on to https.

Simon.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:somewhereinafrica
ID: 18792294
Simon, I have just sent you a request on your contact address on your site, please contact me a.s.a.p.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792390
I believe one of my staff has responded to the email.
I also need to draw your attention to this section of the help guide regarding assistance outside of the site.
http://www.experts-exchange.com/help.jsp#hi99

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18792427
ok, sorry about that. I did not mean to get you in to trouble.
0
 

Author Comment

by:somewhereinafrica
ID: 18792475
ok, so these steps that you suggest that I make. What will be the impact on people connecting with OWA and the 'real' outlook client? does any of these changes affect that?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792498
The full Outlook clients, as long as they are not using RPC over HTTPS will not be affected.
Anyone using OWA will be kicked out while you are working on the server. Once the changes are made, OWA will operate as before.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18792519
Do you think our inability to use OMA is linked with this too?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18792617
OMA and EAS share the same backend. In most cases if OMA doesn't work then EAS will not work either.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18799474
Simon, what is it in effect that this maneuver does?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18800407
When you access EAS or OMA it makes an internal call to the /exchange virtual directory to read the contents of the mailbox being accessed. The change redirects that call to another folder which has a different configuration which allows the internal process access while maintaining the security of the folders and forms based authentication.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18800469
and this only affects the OMA/mobile devices access?
Not the rest of the people accessing RPC over HTTPS or the OWA?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18800950
It will affect those people while you do the work, but after that there is no change in the operation of either feature.

Simon.
0
 

Author Comment

by:somewhereinafrica
ID: 18801001
thanks oodles dude, apprechiate it, really do...
0
 

Author Comment

by:somewhereinafrica
ID: 18805911
Simon, dude, it worked, thanks a million...
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Keyword email search on Exchange 2010 4 50
exchange 16 49
How to properly export data from two SAS datasets to one XML data file? 5 46
Office 365 Spam 3 33
Computer science students often experience many of the same frustrations when going through their engineering courses. This article presents seven tips I found useful when completing a bachelors and masters degree in computing which I believe may he…
This article explains how to install and use the NTBackup utility that comes with Windows Server.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question