we tried to enforce the OWA session time-out policy on Exchange 2003; therefore implemented the Form Based Authentication.
However, after implementing FBA, users who have mobil phones with ActiveSync. can no longer retrieve emails.
So, i read about the solution posted on MS support site:
this solution requires us to setup a front end virtual directory that does not have SSL for activesync connection. My questions are -
1. after implementing this soluton, does it mean that all communications between mobile devices and exchange server are not encrypted?
2. if so, is there any solution for me to apply session restrictions on OWA and also apply SSL on all connections?