KB817379 looks insainly dangerous to do. mobile access to exchange server

I am trying to get my mobile device to access the Exchange server, and I get a "85010014" error message. I looked in the event log, and the message below was there. I read the suggested fix  (KB817379) for it, and also the fix from a dude on [ http://groups.google.com/group/microsoft.public.pocketpc.activesync/browse_frm/thread/96a012d52673c49b/22bdad20f97e9745?lnk=st&q=activesync+3005+http+400&rnum=1]
but that seems insainly difficult and dangerous. COuld anyone please help me tell me what this is all about?

// Jo

ERROR MESSAGE IN EVENT LOG:
The mailbox server [SERVERNAME] has its [exchange] virtual directory set to require SSL.  Exchange ActiveSync cannot access the server if SSL is set to be required.  For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).
somewhereinafricaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
I have to say that solution on Google Groups is a bit over the top.

What makes you think that 817379 is dangerous? It is a few registry changes and an export import of a virtual folder. Takes about 15 minutes I do it three or four times a week, often on remote control.

I do find that 817379 misses some steps that can cause problems so I have my own variation of the article here: http://www.amset.info/exchange/mobile-85010014.asp

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
somewhereinafricaAuthor Commented:
I have read that one too. Way more organized and easy to overview :-)

Here are my concerns:

step 1 - When I do this on a live server, what will the implacation be? If i disable the formbase, will that not disable the whole darn thing?

Step 2 - Again, if i remove the SSL certificate, what will happen to people that are trying to work on it? (I understand that a few minutes later I will put the thing back, but what happens during that time, I'm just asking...)

Step 3 - Removing 'require SSL' means that people could access via port 80 using http://servername, but that is not a secuirty risk in it self? I mean if someone uses it over port 80, the information might be tapped in to. But in it self it is not a security risk (i could close down port 80 on the firewall as you suggest further down to combat that)


My OMA has never worked (as in that the dude before me probably did a bad job), is having OMA not working going to be solved by this step too, or should i concentrate on getting OMA to work first and then deal with this?
0
SembeeCommented:
There will be some disruption to users of OWA while you make the changes. That cannot be helped.
If you disable forms based authentication then users get the standard username/password pop up box if they try to access the server during that time.

If you remove the SSL certificate then anyone accessing the server on SSL will have their connection dropped.

I don't use require SSL on any of my deployments because I don't open port 80 to the world. The simple fact is that require SSL on the directories is not compatible with OMA/EAS because it makes calls on port 80. That is partly what the additional virtual directory is supposed to fix.
As with everything in security, you secure what can be secured without impacting the use of the service too much. I personally prefer to secure the server by not allowing port 80 in than relying on require SSL to force the users on to https.

Simon.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

somewhereinafricaAuthor Commented:
Simon, I have just sent you a request on your contact address on your site, please contact me a.s.a.p.
0
SembeeCommented:
I believe one of my staff has responded to the email.
I also need to draw your attention to this section of the help guide regarding assistance outside of the site.
http://www.experts-exchange.com/help.jsp#hi99

Simon.
0
somewhereinafricaAuthor Commented:
ok, sorry about that. I did not mean to get you in to trouble.
0
somewhereinafricaAuthor Commented:
ok, so these steps that you suggest that I make. What will be the impact on people connecting with OWA and the 'real' outlook client? does any of these changes affect that?
0
SembeeCommented:
The full Outlook clients, as long as they are not using RPC over HTTPS will not be affected.
Anyone using OWA will be kicked out while you are working on the server. Once the changes are made, OWA will operate as before.

Simon.
0
somewhereinafricaAuthor Commented:
Do you think our inability to use OMA is linked with this too?
0
SembeeCommented:
OMA and EAS share the same backend. In most cases if OMA doesn't work then EAS will not work either.

Simon.
0
somewhereinafricaAuthor Commented:
Simon, what is it in effect that this maneuver does?
0
SembeeCommented:
When you access EAS or OMA it makes an internal call to the /exchange virtual directory to read the contents of the mailbox being accessed. The change redirects that call to another folder which has a different configuration which allows the internal process access while maintaining the security of the folders and forms based authentication.

Simon.
0
somewhereinafricaAuthor Commented:
and this only affects the OMA/mobile devices access?
Not the rest of the people accessing RPC over HTTPS or the OWA?
0
SembeeCommented:
It will affect those people while you do the work, but after that there is no change in the operation of either feature.

Simon.
0
somewhereinafricaAuthor Commented:
thanks oodles dude, apprechiate it, really do...
0
somewhereinafricaAuthor Commented:
Simon, dude, it worked, thanks a million...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming

From novice to tech pro — start learning today.