Solved

Exchange 2010 and iPhones

Posted on 2011-03-10
14
791 Views
Last Modified: 2012-08-14
I have a basic setup of exchange 2010 with hub transport, client access, mailbox and unified messaging on one server. Mailboxes were migrated from SBS 2003. Active sync is configured out of the box as well as self signed certificate. I need to connect a bunch of iPhones and have few questions.

1. Is active sync out of the box ready to go, or does something need to be changed?

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?

3. Can i use self signed cert for this or do I need to buy a public one?

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?

5. Does someone have a step by step guide to set this up?


Thanks, any feedback is appreciated
0
Comment
Question by:Bendi71
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35102755
1. Is active sync out of the box ready to go, or does something need to be changed?
its out of box ready to go

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?
yes even this is set up out of box

3. Can i use self signed cert for this or do I need to buy a public one?
You can use a Self signed, but u will have to import it on all the client machines

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?
U can go with SAN (my preference)
u need to have the following in the certificate
1 CAS FQDN
2 OWA URL
3 externaldomain.com
4 internaldomain.com
5 autodiscover.externaldomain.com

5. Does someone have a step by step guide to set this up?
this works out of box
0
 

Author Comment

by:Bendi71
ID: 35103060
Could I just use an exchange cert and then import to all clients or do I have to have PKI infrastructure for this?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103141
Personally I use a 3rd party SSL SAN / UCC certificate from GoDaddy (or a reseller account because they can be cheaper) as you simply install the certificate and everything falls into place.

The names you would need on a SAN / UCC certificate are:

mail.domain.com (or whatever you choose to use)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername

For Autodiscover to work externally, you will need to create an Autodiscover A Record in your External Domains DNS Control Panel and point it to the IP Address of your Exchange 2010 server.
0
 

Author Comment

by:Bendi71
ID: 35103175
But what do I need in order to use a self signed one? Do I need PKI infrastructure in place?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103217
Exchange already installed a Self-signed certificate and you can use that but you have to start changing the internal URL's for the various settings of Exchange and I personally think this is incredibly messy when for $90 you can buy a 3rd party one from GoDaddy which is trusted.

MS recommends using a 3rd party SSL Certificate too!
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35103294
u can create a self signed certificate using the command (just change the domain name according to ur requirement)

New-ExchangeCertificate -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName woodgrovebank.com, example.com -PrivateKeyExportable $true


NO PKI required

0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35103475
for the above command no pki is required u just need to enable the certificate once created and ur good to go :)


take that cert and install on all client machines and ur work is done
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 

Author Comment

by:Bendi71
ID: 35103557
I agree with alanhardisty, I dont think I have the desire or time to mess with it. I have to set up 6 locations. However, I want to try using a self signed one as test.

You can create a cert from within EMC which would equal the commandlet. Where do I specify the needed info?

mail.domain.com (or whatever you choose to use)
autodiscover.domain.com
internalservername.internaldomain.local
internalservername

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35103597
EMC> Server Configuration> Actions Pane> New Exchange Certificate.

Follow the Wizard and that will generate the Certificate for you.
0
 

Author Comment

by:Bendi71
ID: 35103734
I will try that. Thanks.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35105893
OR GO to EMS and try this command

New-ExchangeCertificate -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName mail.domain.com (or whatever you choose to use), autodiscover.domain.com, internalservername.internaldomain.local, Externaldomain.com -PrivateKeyExportable $true
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35106187
The first post isn't technically correct.

Here are the answers to the questions:

1. Is active sync out of the box ready to go, or does something need to be changed?
ActiveSync will work out of the box, the only think you need to do is forward port 443 from your router/firewall to the internal address of the CAS server.  You will also need to configure an A record in your external DNS to point to your public IP address.   To find out what your public IP is goto http://whatsmyip.org from inside your network.

If you also plan to use the iphones on an internal wireless network then you will need to configure a forward lookup zone on your internal DNS that matches the A record you have configured in your External DNS, otherwise you will have to keep reconfiguring the device.  See my guide here on how to do this: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html

2. What do I need for autodiscovery to work for iPhones, is it set up out of the box?
The iphones will use Autodiscover if it is configured, for this to work you need to have configued an A record in your external DNS for autodiscover.domainname.com (where domainname.com is the part after the @ in your primary email address.  Exchange 2007 and 2010 are configured to use AutoDiscover out of the box and apart from the DNS entry and the SSL Certificate there is nothing else required.

3. Can i use self signed cert for this or do I need to buy a public one?
Technically, yes you can, but the name on the certificate must match the A record you created in Question 1 otherwise the devices will reject it.  However, for full support you will require a SAN/UCC certificate with the A record mentioned previously and the autodiscover.domainname.com record.

4. What kind of public cert do I need, one with wild card? How many SAN's does one exchange 2010 need?
Whilst a wildcard certificate will technically work, I am yes to see it work 100% sucessfully, myself and a couple of other of EE's top Exchange experts have tried it and it's frought with issues.  Simply buy a SAN/UCC certificate. they don't cost a great deal and will save you a whole bunch of time.  The names alanhardisty mentioned in http:#35103141 are what are required at an absolute minimum.

5. Does someone have a step by step guide to set this up?
Funny, you should ask, see step 7 of my guide here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html

But seriously, use the wizard, it will do all the hard work for you, using the command line if you are not familiar with it will only cause you distress and will lead to this taking hours instead of minutes.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35109161
were u able to create a certificte ?
0
 

Author Comment

by:Bendi71
ID: 35112162
I haven't had tiime to do it yet. EMC or command line is fine. Dont mind either one. I will let you guys soon how it went with self signed cert. I will definatelly buy one for production environment. Thanks for all the help.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now