RE: ISA 2004 Firewall Client and ActiveSync 4.2

Thomas, to be honest it was something I happened to read in another post
(which I can't find again). I decided to give this a try just to see what
would happen I ended my post with the question because in theory, I would
think that I should not have to actually create an "internal to internal"
rule in order for a device on the inside of my network to have access to
another internal host. But as soon as I created the "Int to Int" rule all of
usb connected Activesync 4.2 devices were able to connect to the Exchange
server. So my concern was, why this type of rule was needed for internal
hosts and what repercussions there might be for creating such a rule. I was
indeed hoping that someone else could shed some light on why the above rule
worked.

Rule Internal to Internal
Allow or deny: Allow
Traffic: outbound traffic
Source: Internal
Desitnation: Internal.


I am sorry that I can't answer your second question. I don't connect my
device to my home computer/network. It's either a gprs connection or a usb
connection to my desktop at work for me.
I pay one flat rate a month for data delivery from my phone carrier so I
guess I've never bothered with the Wlan stuff vs. GPRS.


Sorry I can't be of more help on the last one.

Chhers.
Jim Boettger


"Thomas T" wrote:

Meanwhile I have also asked in the forum at www.isaserver.org and Mr
Isaserver himself, T.Shinder, gave me an answer that really "fixed" the
problem:
"The version of ActiveSync used in the docking cradle has nothing to do with
the ISA firewall device. In fact, I never put my phones in the cradle except
to install software -- they update over the Internet link."
You can take a look at this here:
http://forums.isaserver.org/m_2002023340/mpage_1/key_/tm.htm
What abaout this? I was so astonished. Since then I was not able to feed
anymore time into this annoying item.

But what I would really like to ask is what does your "internal - internal"
rule excactly allow. And why do you close your short answer with another
question? To me you do not seem very sure about what you did. So why should I
follow? Do you hope someone else will say something helpful about this? So do
I.

And I would really like to know if "Microsoft Direct Push" only working via
GPRS is by design. Maybe I have to repeat: at home in my WLAN all internet
functions work via WLAN but in order to sync the mails this little stupid
thing always starts a new GPRS connection. That might be annoying enough but
what is even worse is that in my contract this means a new 100 KB block is
started. By design??

Regards Thomas

"Jim B" wrote:

An "Internal to Internal" rule fixed this problem. Does an "Internal to
Internal" rule indicate that something is configured wrong on my ISA 2004 box?

THanks

Jim

"Thomas T" wrote:

Hi all,

exact the same with me. I had a working configuration with a MDA Vario from
T-Mobile, Germany, where I configured first via VPN and a selfsigned
Certificate from my E2K3. But because of GPRS traffic was going on even
though I was connected in a Wireless Lan I changed my configuration. Now
since friday I am able to sync via two SSL connections and my ISA2004 and
without VPN. I use an imported certificate from my own Root CA on the MDA.
MDA ->SSL-> ISA2004 -> SSL -> E2K3
But since that time it lost its ability to sync via USB (error 85010016). I
also tried the possibilties that are mentioned in Shijaz article but that
does not help. And I must say, that killing my default gateway is not the way
I could accept as the last answer.

Regards Thomas

"Jim B" wrote:

Shijaz, changed my TCP/IP settings to a static address with no default
gateway and the appropriate DNS server entries. Re-installed the FWC.
Rebooted but I still continue to receive 85010016 error. Ipconfig /all
reveals default gateway empty.

Another desktop with a Moto Q installed and AS 4.2 has the same problem.

"Shijaz" wrote:

What is the default gateway on the client machine? If it is set to the ISA
server internal IP then your client works as a secureNAT client and you're
still not bypassing ISA.

Remove the default gateway and try again.

--
Shijaz
MCSE:Security, CCNA
www.shijaz.com/isaserver


"Jim B" wrote:

Shijaz, thanks for the suggestions. Did the things suggested but still
receive the same error.

Any other suggestions?

Thanks.

Jim Boettger

"Shijaz" wrote:

Activesync error 0x85010016 occurs when:

An error response was received from the HTTP gateway.
- OR -
Synchronization failed due to an error on the server.
Verify that the gateway is available and try again.
The device is using a proxy server to connect to the Exchange Server. The
proxy server encountered an error.

[See: Activesync error codes
http://www.shijaz.com/exchange/activesync_errors.htm ]

Make sure the option to bypass proxy to access local addresses is disabled
on your browser. If the problem persists, you need to prevent requests from
being sent through the proxy while using Firewall Client. See
http://www.shijaz.com/isaserver/bypass_isa.htm
--
Shijaz
MCSE:Security, CCNA
www.shijaz.com/isaserver


"Jim B" wrote:

Trying to sync a Cingular 8125 with AS 4.2 and USB connection on a WIndows XP
SP 2 computer to an Exchange 2003 sp2 server. Receive error 85010016.
Have no problems wirelessly.

Narrowed the problem down to the ISA 2004 Firewall Client. If I uninstall
the FW client I have no problems syncing. Install it and syncing fails again.

Any thoughts on why the FW client would be blocking syncrhonization?

Thanks in advance for any insight.

Jim

.

Relevant Pages

  • Re: RWW Disconnecting
    ... Server to test the issue. ... I understand that remote client encounts following error message when RWW ... I strongly suggest that we rerun the Configure E-mail and Internet ...
    (microsoft.public.windows.server.sbs)
  • RE: Error.htm when using connectcomputer
    ... On the SBS server, run Set Up Computer Wizard to create all the remote ... Under Client Applications, uncheck everything except ... Start Internet Explorer. ...
    (microsoft.public.windows.server.sbs)
  • Re: RWW Disconnecting
    ... I understand that remote client encounts following error message when RWW ... I strongly suggest that we rerun the Configure E-mail and Internet ... 825763 How to configure Internet access in Windows Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 Firewall Client and ActiveSync 4.2
    ... at home in my WLAN all internet ... that killing my default gateway is not the way ... gateway and the appropriate DNS server entries. ... server internal IP then your client works as a secureNAT client and you're ...
    (microsoft.public.isa.clients)
  • RE: ISA blocking some client internet access?
    ... and installed ISA Server 2004, the internal clients cannot browse the ... address and external IP address of the SBS Server are in the same subnet ... Open the Server management console, navigate to "Internet and E-mail", ... On the client side, type NSLOOKUP from the command prompt, then input ...
    (microsoft.public.windows.server.sbs)