Solved

Accepting Exchange 2010 ActiveSync Basic Authentication OR Certificate Based Authentication

Posted on 2013-11-29

Exchange

1 solution

1,278 Views

Last Modified: 2013-11-29

Hey,

I would like to implement Exchange 2010 EAS Certificate Based Authentication along with still being able to use Basic Authentication. Reason being is we are testing CBA and a small subset of people will use it at first. When configure CBA, Certificates need to be set to accept or require in the EAS properties of the CAS server along with unchecking Basic Authentication which would prohibit EAS from accepting the basic usernames and passwords. What is the best way of me trying to accomplish having both authentication methods work? Would I need a second ActiveSync virtual directory, one with a URL pointing the virtual directory that accepts BASIC authenticaiton, and another URL pointing to a second virtual direction that accepts Certificates only?

Comment

Question by:digitalhitman00

[X]

Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

Help others & share knowledge
Earn cash & points
Learn & ask questions

Join The Community

4 Comments

LVL 63

Accepted Solution

by:Simon Butler (Sembee)

Simon Butler (Sembee) earned 500 total points

ID: 396856682013-11-29

That is probably the only way you can do it.
You can only ignore or accept client certificates.

You would need two web sites, two host names. The one with basic authentication should be left on the default web site.

However clients would need to be configured manually because you have no way of telling Exchange which clients use which address.

Simon.

Author Comment

by:digitalhitman00

ID: 396857842013-11-29

Ok, I just tried creating a second EAS website, but it yelled at me. I tried running:

New-ActiveSyncVirtualDirectory -websiteName "EAS CBA" - Error: The web site doesnt Exist.
New-ActiveSyncVirtualDirectory - Error, the AD Configuration for virtual directory 'Microsoft-Server-ActiveSync' already exists, please fremote this AD config manually.

I saw this listed: Only one Exchange ActiveSync virtual directory can exist in each Exchange ActiveSync website. Microsoft Site

Any ideas on adding a second eas instance on a computer that already has a first one?

LVL 63

Expert Comment

by:Simon Butler (Sembee)

ID: 396857932013-11-29

I presume you have created the web site in IIS manager? Did you run IISRESET after doing so?

Is the name of the site exactly as you have put in the command?

You can only have one ActiveSync virtual directory per web site, but you can multiple web sites on the server.

Simon.

Author Comment

by:digitalhitman00

ID: 396858222013-11-29

Ah, no I did not. Ok I have to create a completely second website outside of the Default. I think I get it now. let me try.

Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IMCEAEX NDRs after migrating PSTs to Exchange or Office 365

Article by: Todd

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.

In-place Upgrading Dirsync to Azure AD Connect

Article by: Amit

In-place Upgrading Dirsync to Azure AD Connect

Exchange 2013: Creating an Accepted Domain

Video by: Gareth

In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

Basics of Database Availability Groups (Part 2)

Video by: Tej Pratap

The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager