Solved

Exchange 2010 and iPhones

Posted on 2011-03-10
14
806 Views
Last Modified: 2012-08-14
I have a basic setup of exchange 2010 with hub transport, client access, mailbox and unified messaging on one server. Mailboxes were migrated from SBS 2003. Active sync is configured out of the box as well as self signed certificate. I need to connect a bunch of iPhones and have few questions.

1. Is active sync out of the box ready to go, or does something need to be changed?

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?

3. Can i use self signed cert for this or do I need to buy a public one?

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?

5. Does someone have a step by step guide to set this up?


Thanks, any feedback is appreciated
0
Comment
Question by:Bendi71
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35102755
1. Is active sync out of the box ready to go, or does something need to be changed?
its out of box ready to go

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?
yes even this is set up out of box

3. Can i use self signed cert for this or do I need to buy a public one?
You can use a Self signed, but u will have to import it on all the client machines

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?
U can go with SAN (my preference)
u need to have the following in the certificate
1 CAS FQDN
2 OWA URL
3 externaldomain.com
4 internaldomain.com
5 autodiscover.externaldomain.com

5. Does someone have a step by step guide to set this up?
this works out of box
0
 

Author Comment

by:Bendi71
ID: 35103060
Could I just use an exchange cert and then import to all clients or do I have to have PKI infrastructure for this?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103141
Personally I use a 3rd party SSL SAN / UCC certificate from GoDaddy (or a reseller account because they can be cheaper) as you simply install the certificate and everything falls into place.

The names you would need on a SAN / UCC certificate are:

mail.domain.com (or whatever you choose to use)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername

For Autodiscover to work externally, you will need to create an Autodiscover A Record in your External Domains DNS Control Panel and point it to the IP Address of your Exchange 2010 server.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Bendi71
ID: 35103175
But what do I need in order to use a self signed one? Do I need PKI infrastructure in place?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103217
Exchange already installed a Self-signed certificate and you can use that but you have to start changing the internal URL's for the various settings of Exchange and I personally think this is incredibly messy when for $90 you can buy a 3rd party one from GoDaddy which is trusted.

MS recommends using a 3rd party SSL Certificate too!
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35103294
u can create a self signed certificate using the command (just change the domain name according to ur requirement)

New-ExchangeCertificate -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName woodgrovebank.com, example.com -PrivateKeyExportable $true


NO PKI required

0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35103475
for the above command no pki is required u just need to enable the certificate once created and ur good to go :)


take that cert and install on all client machines and ur work is done
0
 

Author Comment

by:Bendi71
ID: 35103557
I agree with alanhardisty, I dont think I have the desire or time to mess with it. I have to set up 6 locations. However, I want to try using a self signed one as test.

You can create a cert from within EMC which would equal the commandlet. Where do I specify the needed info?

mail.domain.com (or whatever you choose to use)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103597
EMC> Server Configuration> Actions Pane> New Exchange Certificate.

Follow the Wizard and that will generate the Certificate for you.
0
 

Author Comment

by:Bendi71
ID: 35103734
I will try that. Thanks.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35105893
OR GO to EMS and try this command

New-ExchangeCertificate -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName mail.domain.com (or whatever you choose to use), autodiscover.domain.com, internalservername.internaldomain.local, Externaldomain.com -PrivateKeyExportable $true
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35106187
The first post isn't technically correct.

Here are the answers to the questions:

1. Is active sync out of the box ready to go, or does something need to be changed?
ActiveSync will work out of the box, the only think you need to do is forward port 443 from your router/firewall to the internal address of the CAS server.  You will also need to configure an A record in your external DNS to point to your public IP address.   To find out what your public IP is goto http://whatsmyip.org from inside your network.

If you also plan to use the iphones on an internal wireless network then you will need to configure a forward lookup zone on your internal DNS that matches the A record you have configured in your External DNS, otherwise you will have to keep reconfiguring the device.  See my guide here on how to do this: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?
The iphones will use Autodiscover if it is configured, for this to work you need to have configued an A record in your external DNS for autodiscover.domainname.com (where domainname.com is the part after the @ in your primary email address.  Exchange 2007 and 2010 are configured to use AutoDiscover out of the box and apart from the DNS entry and the SSL Certificate there is nothing else required.

3. Can i use self signed cert for this or do I need to buy a public one?
Technically, yes you can, but the name on the certificate must match the A record you created in Question 1 otherwise the devices will reject it.  However, for full support you will require a SAN/UCC certificate with the A record mentioned previously and the autodiscover.domainname.com record.

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?
Whilst a wildcard certificate will technically work, I am yes to see it work 100% sucessfully, myself and a couple of other of EE's top Exchange experts have tried it and it's frought with issues.  Simply buy a SAN/UCC certificate. they don't cost a great deal and will save you a whole bunch of time.  The names alanhardisty mentioned in http:#35103141 are what are required at an absolute minimum.

5. Does someone have a step by step guide to set this up?
Funny, you should ask, see step 7 of my guide here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html

But seriously, use the wizard, it will do all the hard work for you, using the command line if you are not familiar with it will only cause you distress and will lead to this taking hours instead of minutes.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35109161
were u able to create a certificte ?
0
 

Author Comment

by:Bendi71
ID: 35112162
I haven't had tiime to do it yet. EMC or command line is fine. Dont mind either one. I will let you guys soon how it went with self signed cert. I will definatelly buy one for production environment. Thanks for all the help.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question