SSL owa and oma/active synce setup help for iphone v3 use(first one (1))

dee30
dee30 used Ask the Experts™
on
I am trying to get active sync to work with the CEOs new Iphone v3.  No one else is usinge active sync with their windows mobile devices.   OWA has been working since I got exchange 2003 up and running.  I am using commercial cert and have my RPCo/HTTPS configured via virtual directories rpc and rpcwithcert.  both set to use the commercial cert.  

1. I am unclear if anything further is needed for OMA to work?
2. Can it use the same cert already in place if not what?
3. Exactly what setting / stepsin IIS need to be taken if there are additional ones to the ones already in place and working.

IF some can just bullet the general steps to get iphone functioning that would be great, although I think I have them and only missing the the actual SSL setup/understanding part.

exchange 2003 sp2 on sver 2003 R2 with latest patches and security fixes.

THanks,

Dee30
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Active Sync should just work since you have a commercial cert. You'll need to use your OWA URL for activating.
Commented:
If you have a single server and SSL is enabled on the Exchange then you have to follow the article http://support.microsoft.com/kb/817379.

Also externally you can check the connectivity using the www.testexchangeconnectivity.com

Commented:
Here's screenshots for 2.1, trying to find them for 3

http://support.apple.com/kb/HT2480
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

1. It is not the OMA virtual directory that you should be looking at. Exchange ActiveSync directory contacts 'microsoft-server-activesync' directory on the Exchange Server and after authentication, for emails it then connects you to the Exchange virtual directory. Make sure you have Basic and Integrated Windows Authentication on Exchange virtual directory.In case you have Forms Based Authentication (FBA) enabled or SSL is forced on the Exchange virtual directory in Single Exchange Server environment, you need to follow KB 817379 and create a new 'exchange-oma' directory.

2. Yes, you can use it with the same certificate.

3. As mentioned in 1st point check the above settings and run a connectivity test at http://testexchangeconnectivity.com
Additionally, check your firewall configuration and make sure it does not block ActiveSync communication. It will be a HTTPS communication on port 443.

 

Author

Commented:
Some additional info:

1. Yes, my exchange is both front and back end.
2.  have already verified activesync from internal and and external. I reviewed the setup and pretty much selected all the defaults and the option to enforce/force password.
3. lastlostlast, I've got all those settings you described on the existing exchange virt direct and will follow-up on your insights further when I'm in the office later.
4. The ad user is enabled for activesync/mobile too.

Again, I think I've gotten the bulleted caveats(somewhat in order) involved in getting iphone on enter setup, but please confirm/correct especially if im missing a consideration:

1. setup/verify activesync from ESM and test.  I did and get teh fba to log in and then text outlook folders/screen listed.
2. enable AD user for activeync/mobile use
3a. Tackle IIS virtual directory security settings/setup **this being where I'm unclear and working on now. Making sure FBA isnt' set b/c activesync doesnt like/work/recognize?
3. Aquire commercial cert or create wone using local CA, but you have to have one and don't need ISA.  Ensure 443 is open .
4. Plan on using the web mobile exchange piece for wiping / policy setup as precaution.
5. You can also plan on using the iphone config setting app to give/email the iphone users settings to them for use with their phone or the config can be done frm the phone.

Author

Commented:
THank you for taking the time to reply.  You all hit on different things if not provide information 'beyond"/expanded on things well.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial