?
Solved

ActiveSync in Exchange 2007 on Server 2008

Posted on 2009-02-17
8
Medium Priority
?
1,090 Views
Last Modified: 2012-05-06
We are in the process of migrating from Exchange 2003 to 2007. We are a small organization so we have 1 2003 server and 1 2007 server with HS, CAS, & MB roles installed. Although frowned upon, we are maintaining 2 seperate links for OWA/ActiveSync access. Everyone that is on the 03 server works fine, both owa & activesync. We got the owa to work besides not having a trusted certificate, but ActiveSync will not work at all. We are currently trying to do it under http traffic since we don't have a certificate currently, but it still doesn't sync. Is that required? Under the External URL for activesync I have owa.domain.com and that's what I have in the phone as well. I don't have redirect on for OWA. I'm not real familiar with II7 so any help on settings would be appreciated.
0
Comment
Question by:TVAN01
  • 3
  • 3
  • 2
8 Comments
 
LVL 14

Expert Comment

by:Kaffiend
ID: 23663336
If you want ActiveSync to work using a self-generated cert, it is possible (I wouldn't recommend it, though.  A public certificate authority can issue you one for less than $100 per year, so why put yourself through the headache?)

What you basically need to do to make this (ActiveSync) work, is to import your certificate into each and every phone that you want to ActiveSync.  There are some phones out there that make it difficult to do this, but you should be able to do this for most windows Mobile phones.

HTTPS security is put there for a reason.  Use a private certificate if you must, but please don't remove SSL security to make it work.
0
 

Author Comment

by:TVAN01
ID: 23664383
Well, ideally we wanted to move the certificate off the old exchange unto the new exchange and rename the box and change the IP so it looks exactly like the old 2003 server, just on a new box, but for testing purposes we just wanted to get it to work for now. I totally agree, this self signed stuff is already turning out to be a bigger headache than I'd like it to be.
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 23665539
If your Exch 2007 box is not in production, you can make it (testing) work and not impact any of your users.  You might even find it good practice for when you do put it into production  :-)

If you have a spare public IP (so that the production server is not impacted in any way), access to DNS for your domain (create a record like testactivesync.yourpublicdomain.com), and are able to make changes to your firewall (port forward 443 for that DNS record), it would be a good exercise.

And, you can definitely re-use the existing cert when you are ready with the E2K7 box.

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 23665970
First - a self generated certificate is not supported with Exchange ActiveSync with Exchange 2007. You must use a commercial certificate.
Second - while you could move the certificate off the original machine, I wouldn't recommend it. While Exchange 2007 can be made to work with a single name certificate, the requirements to do so are very strict. If your public DNS host does not support SRV records then you cannot use the original certificate. You will need to switch to a SAN/UC certificate. You can get these for less than US$70/year from a GoDaddy reseller https://DomainsForExchange.net/ . The GoDaddy certificates are also trusted by most Windows Mobile devices. I have full instructions on getting the certificate here:
http://www.sembee.co.uk/archive/2008/05/30/78.aspx

Forget about renaming the server, unless you want to practise DR. That is not supported and will break Exchange.

-M
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 23666064
I respectfully disagree.  

While it may be more difficult, if you have your own internal Windows CA, you can use that to create a certificate that would work, with ActiveSync, as well as with Outlook 2007.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 23666187
While you can get it to work - it isn't supported.

This is Microsoft's official stance on the use of the self signed certificate: http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx

One of the key lines is this:

"Important:  The self-signed certificate is not supported for use with Outlook Anywhere or Exchange ActiveSync.  "

Using a Windows CA is simply a lot of hassle. You have to import the certificate in to every device - to save $60. Now I don't know what your hourly rate is like, but that doesn't seem worth the bother.

-M
0
 

Author Comment

by:TVAN01
ID: 23671192
Mestha,

We will probably go with something like you suggested. Well, pretty much exactly since you have it outlined so nicely. Just for testing purposes, is it possible to sync over non https channels? I know not recommended, but just so I know the settings are correct in Exchange? If the IP address is changed, is that an issue? Thanks for the help.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 23672652
I don't even attempt to test the feature without using SSL. Many of the issues with this feature are down to certificate problems, so I prefer to wrap up everything in one go. I also don't open port 80 on the firewall at all.

-M
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question