Running Exchange in SSL and NON SSL Mode

Hi Experts,

I seem to be having a problem trying the get the new Apple iPhone 3G working with our exchange server. I have to say, we previous had the iPhones working with exchange but in NON SSL mode, but our company changed it requirements for its email a few days ago and decided to go with RPC over HTTP as we have a number of staff why need access to their client externally. Prior anyone who need external access they have been getting access via VPN.

Is there a way to create two websites in IIS for excahnge, one to for HTTP (port 80) and another for HTTPS (port 443)?

Like this i can run my external users on HTTPS (RPC over HTTP) and the users using iPhones can use normal HTTP.

If anyone can help or have any other idea, it would be greatly appreciated


Thank you on advance ...



Trevor

LVL 1
trevsoftAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dfxdeimosCommented:
There are several different technologies at work here, so we need to be clear about what we are using.

Remote Outlook clients are going to be using RPC over HTTPs to retreive and send e-mail. RPC over HTTPs has to be used with SSL, therefore you have to have the certificate associated with the public address of your Exchange server installed on the clients.

Smartphones (in general) use ActiveSync. ActiveSync has it's own Virtual Directory in IIS and you can use either SSL or non SSL connections to access it. If you choose to use SSL (recommended) then you will also have to have the appropriate certificate installed on your smartphone device.

The iPhone uses IMAP4 and SMTP to interface with your Exchange server. Here is a good write up on how to configure your Exchange server and iPhone to allow interaction between the two:

http://blog.monkeykit.com/2007/08/31/how-to-setup-imap4-exchange-2003-email-to-sync-with-your-iphone/
0
trevsoftAuthor Commented:
Hi dfxdeimos,

Thank you for replying :)

Is IMAP4 the answer, cant we just have the iphones run in NON SSL.

Is there a way to seperate the two services, ie: RPC over HTTP (using HTTPs) and ActiveSync (HTTP).

I understand that not using SSL isnt recommended, but tis is just for the iPhones, im going to keep the RPC running on SSL thats a must.

If we can seperate both services that would probably be more preferable in the short term until we can see what we need to do to run the iPhones under SSL.

Trevor
0
dfxdeimosCommented:
As far as I know the only way to interact with an Exchange with an iPhone is via the IMAP4 / SMTP method described in the link I posted.

RPC over HTTPs and Activesync ARE two seperate services. They operate independantly of each other. You can modify the directory security properties of Activesync in IIS to not require SSL (not recommended as you reaffirmed).
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

trevsoftAuthor Commented:
Hi dfxdeimos,

So if i do the modification above, its not going to modify my RPC over HTTP current setup?


Trevor
0
dfxdeimosCommented:
That seems to be the case.

Of course it is always best practice to have a good backup / keep track of your changes in case anything gets FUBAR.
0
trevsoftAuthor Commented:
Hi dfxdeimos,

Yeah that worked great, but i cant seem to bring my contacts and calendar entrries.

All IMAP is doing is bringing in my email, do you have any other ideas?



Trevor
0
dfxdeimosCommented:
Hmmm.... I am now reading that you should be able to connect to Exchange with the iPhone via ActiveSync without going through the whole IMAP4 thing. What version of the iPhone / OS do you have?
0
trevsoftAuthor Commented:
Hi dfxdeimos,

Im running the iPhone 3G (this years release) and the OS version on the phone is v2.1



Trev
0
dfxdeimosCommented:
When you create anew e-mail account on the iPhone, don't you have the option of connecting to an Exchange server.
0
trevsoftAuthor Commented:
Hi dfxdeimos,

Yes i do, but when you create the account, it verifies against the exchange server but when i go to check my email, it comes up saying that it failed to connect to my exchange server.

Before i implemented the SSL certificate, i was connecting fine in NON SSL mode, which is why im saying can i run exchange in both modes.


Trevor
0
dfxdeimosCommented:
Here is a tutorial for implementing ActiveSync on the iPhone that talks about the use of SSL certificates. Have a look through these steps and see if there is a difference in the way you are configured.

http://www.azaleos.com/blog/index.php?q=node/43
0
trevsoftAuthor Commented:
Hi dfxdeimos,

I dont want to use the IMAP service as it doesnt allow me to download the contacts and calenders from exchange server.

Trevor
0
dfxdeimosCommented:
Sorry, I think that was an incorrect link. I was trying to say that if you install the root certificate from the CA that issued your Exchange certs on your iPhone then you should connect through Exchange.

That is the proper way to do things. If you go through non-ssl you will be exposing your password in clear text over the internet. Not good.
0
trevsoftAuthor Commented:
HI dfxdeimos,

Thats what im saying, i dont want to sue IMAP, i actually want to connect to exchange via native mode and not using SSL.

Hence why im asking if we can run IIS in both modes (SSL and NON SSL) Mode



Trevor
0
dfxdeimosCommented:
Have you tried going in IIS on the Exchange server and changing the ActiveSync virtual directory to not requiring SSL?

I just have to say again that you SHOULD be using SSL, otherwise you are potentially creating a security risk. If you transfer the proper root certificate to the iPhone then you use the NATIVE implementation of Exchange support on the phone (calendar, contacts, etc). All you would have to do is go through the regular Exchange account setup wizard on your iPhone.
0
trevsoftAuthor Commented:
Hi dfxdeimos,

Na that didnt work, even though i said not to use SSL in IIS, it still has the certificate installed.

I think what i need to do is seperate the websites in IIS, leave the default one for the RPC over HTTP and create a new one for excahnge server OMA


Trevor
0
dfxdeimosCommented:
Dude, they are ALREADY seperate. RPC over HTTPs exists within the RPC folder under the Exchange virtual directory. ActiveSync lives under its directory under the Exchange Virtual Directory, et al.

Just because the certificate is still installed doesn't mean that it is using SSL. If SSL is unchecked you can still navigate to the https address and you will see the cert, but the standard http will be available also. Also, you should be entering the address in the iPhone without the http or https prefix.

The right way to do it (and what would work in your situation) is installing the proper root certificate on the iPhone and connecting via the built in Exchange mailbox setup program on the iPhone. That is the path to get your mail, contacts, and calendar items syncing to phone.

If you don't want to do it that way then I am out of ideas.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.