[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ActiveSync requiring SSL question

Posted on 2007-08-02
9
Medium Priority
?
1,291 Views
Last Modified: 2008-01-09
Hello

I am running Exchange ActiveSync and using RPC over HTTP/S, as well as OWA. I noticed that OWA requests were being accepted using HTTP instead of requiring HTTPS. So I looked at some documentation, tested and found that when I hit the "require SSL" and "require 128 bit" on the Exchange virtual directory, it breaks the EAS and I get the 3029 Event ID in the Event Viewer. Playing around a bit I also noticed that when I just require the SSL withouth the 128 bit, EAS works properly and OWA only responds to HTTPS requests.
So my configuration in IIS is this: on the RPC directory it has require SSL and 128 encryption. On the Default Web Site, OMA, and Microsoft-Server Active Sync directories, there is no requirement for SSL. On the Exchange directory there is require SSL but no 128 bit encryption.

Is there anything adverse to running it this way? My RPC works, HTTPS-only works, and Active sync works.

thanks.
0
Comment
Question by:Trevor Local
  • 5
  • 4
9 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 19618989
Surprised that is working. Require SSL on the /exchange virtual directory usually breaks EAS.
The way that I secure my servers is quite simple - I don't open port 80. The only port that works is 443 which is https.
Have you reset IIS since you set the require SSL option? Before getting too excited about it working you should do that.
Are you using forms based authentication? That can also break EAS.

Simon.
0
 

Author Comment

by:Trevor Local
ID: 19619145
ahh- I didn't have to do iisreset, as it's not working now. I am not using forms based authentication.

So I can just block port 80 at the firewall, and that will still allow me to use the SSL for EAS/OMA and also RPC over HTTP/S, but not accept the HTTP requests?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 19619215
I would suggest that you do use forms based authentication, otherwise your OWA is at risk from the back button or old sessions.
If you simply allow port 443 through the firewall, then user have to use https in the URL and the Windows mobile devices will come in on 443 with the SSL option enabled in their configuration. You do not need port 80 open for any of the Exchange web based services to work.

Simon.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Trevor Local
ID: 19619665
OK I turned on forms based auth. and now ActiveSync fails. When enabling forms I got a warning box about if SSL encryption is not being offloaded, to configure SSL and restart IIS. So I disabled forms auth. and it's still failing. OWA and RPC are working.
0
 

Author Comment

by:Trevor Local
ID: 19619686
OK actually forms are disabled and EAS is working.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 19619885
Forms Based Authentication will cause EAS to fail, because it makes changes to the authentication process on the /exchange virtual directory.
However that is easy to overcome and would not be a reason not to use FBA.
Microsoft discuss the work around in KB 817379
I have my own version at http://www.amset.info/exchange/mobile-85010014.asp

Simon.
0
 

Author Comment

by:Trevor Local
ID: 19619970
I'll give your instructions a shot. As for removing the SSL cert., do I export it to a .pfx file and reimport that later?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 19621506
You don't need to do anything as drastic as that.
Simply choose the option in the wizard to remove the certificate. The certificate will remain in the certificate store. Then when you are done, use the wizard again and choose the option to assign an existing certificate.

Simon.
0
 

Author Comment

by:Trevor Local
ID: 19863740
thanks again Simon!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question