RE: ActiveSync & SSL

I was looking at this, and can I simply go to IIS Manager, go to Web Sites ->
Default Web Site - > Exchange ActiveSynch -> Properties -> Directory Security
-> Secure Communications -> Edit -> click on the box 'Require Secure Channel'
..
And then do what I need to do on PCC?
Thanks!
--
Nikki It Admin


""Nathan Liu [MSFT]"" wrote:

> Hi Nikki,
>
> Thank you for your reply.
>
> I am sorry for my mistake, the correct KB article number is 817379, thanks
> for your understanding.
>
> 817379 Exchange ActiveSync and Outlook Mobile Access errors occur when SSL
> or forms-based authentication is required for Exchange Server 2003
> http://support.microsoft.com/?id=817379
>
> Note: For SBS 2003 Server, you don't need to use the workaround in the KB
> article 817379, you just need to follow the instruction in the following KB
> article to run CEICW again because it will reconfigure the Exchange virtual
> directory and forms-based authentication to work with Outlook Mobile
> Access and with Exchange ActiveSync:
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
> http://support.microsoft.com/?id=825763
>
> After you finish the CEICW, you can configure as following to enable SSL on
> the Exchange Virtual directory:
>
> /Exchange: Require SSL
> /OMA: Require SSL
> /Microsoft-Server-Activesync: Require SSL
>
> This operation doesn't affect other connection method of Exchange clients -
> like Outlook LAN connection, Outlook RPC over HTTP, etc.
>
> I am appreciated your time and cooperation. If anything is unclear, please
> feel free to let me know. I am looking forward to hearing from you.
>
> Best regards,
>
> Nathan Liu (MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> >Thread-Topic: ActiveSync & SSL
> >thread-index: AcWiIm5kq8QjLwbTReuHZSI8d0PTxg==
> >X-WBNR-Posting-Host: 203.25.66.146
> >From: "=?Utf-8?B?Tmlra2k=?=" <Nikki@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >References: <615A6BCE-68EA-4B7E-A037-C30AB7658BC5@xxxxxxxxxxxxx>
> <UKgXV8InFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: RE: ActiveSync & SSL
> >Date: Mon, 15 Aug 2005 22:22:01 -0700
> >Lines: 140
> >Message-ID: <95D6CA4F-6364-4D98-8818-41F641DF7452@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.sbs
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144731
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >Hi Nathan, thanks a lot!
> >I couldn't find the KB article 917379 - is the number correct?
> >Also these settings are they going to affect other Exchange clients - like
> >Outlook Lan connection, Outlook RPC over HTTp etc.?
> >Also how is it going to affect POP3 ?
> >Can I set it just for ActiveSync first , then for POP3 etc.?
> >Thanks!
> >--
> >Nikki It Admin
> >
> >
> >""Nathan Liu [MSFT]"" wrote:
> >
> >> Hello Nikki,
> >>
> >> Thank you for posting in the SBS newsgroup.
> >>
> >> According to your description, I understand that you would like to
> enable
> >> SSL connection, when the Pocket PC ActiveSync with the SBS 2003 Server.
> If
> >> I have misunderstood your concern, please don't hesitate to let me know.
> >>
> >> Question 1: Where do I enable it on SBS server, for ActiveSync?
> >>
> >> Answer: If you require SSL on the Exchange virtual directory, you should
> >> create a duplicate Exchange virtual directory by referring to the KB
> >> article: 917379, say ExchangeDav. You then can configure as following:
> >>
> >> /Exchange: Require SSL
> >> /OMA: Require SSL
> >> /Microsoft-Server-Activesync: Require SSL
> >> /ExchangeDav: Not Require SSL
> >>
> >> In this case, the traffic between client and server is encrypted.
> >>
> >> 839288 You receive a "Currently your mailbox is stored on an older
> version
> >> of
> >> http://support.microsoft.com/?id=839288
> >>
> >> Additionally, we perform the following steps on the PPC device to enable
> >> SSL:
> >>
> >> - On the PPC device, click Start-> Activesync.
> >> - Click Tools tab and click Options.
> >> - Click Server tab and select "This Server uses an SSL connection"
> option.
> >> - Run Activesync again.
> >>
> >>
> >> Question 2: I downloaded DisableCert.EXE for PPC so if I run it on PPC -
> I
> >> should be able top connect without need to install cetrtificates on PPC?
> >>
> >> Answer: You can use the DisableCert.EXE tool to disable the
> certification
> >> verification on both PPC 2002 and PPC 2003-based devices so that you can
> >> use your own certificate for Server ActiveSync via SSL without problems.
> To
> >> install your own cetrtificates on PPC, please refer to the below
> >> information:
> >>
> >> For PPC 2003, we can import the certificate directly. In this case, you
> >> need to export your root certificate from your certificate snap-ins to
> >> export DER type certificate to a *.cer file, then transfer it to your
> >> pocket 2003, then click the certificate from your pocket pc 2003, it
> will
> >> be automatically added to your pocket pc 2003's root.
> >>
> >> Note: You also can export it from Internet Explorer by double click the
> SSL
> >> icon in the right bottom corner.
> >>
> >>
> >> I am appreciated your time and cooperation. If anything is unclear,
> please
> >> feel free to let me know. I am looking forward to hearing from you.
> >>
> >> Best regards,
> >>
> >> Nathan Liu (MSFT)
> >> Microsoft CSS Online Newsgroup Support
> >>
> >> Get Secure! - www.microsoft.com/security
> >> ======================================================
> >> This newsgroup only focuses on SBS technical issues. If you have issues
> >> regarding other Microsoft products, you'd better post in the
> corresponding
> >> newsgroups so that they can be resolved in an efficient and timely
> manner.
> >> You can locate the newsgroup here:
> >> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >>
> >> When opening a new thread via the web interface, we recommend you check
> the
> >> "Notify me of replies" box to receive e-mail notifications when there
> are
> >> any updates in your thread. When responding to posts via your
> newsreader,
> >> please "Reply to Group" so that others may learn and benefit from your
> >> issue.
> >>
> >> Microsoft engineers can only focus on one issue per thread. Although we
> >> provide other information for your reference, we recommend you post
> >> different incidents in different threads to keep the thread clean. In
> doing
> >> so, it will ensure your issues are resolved in a timely manner.
> >>
> >> For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> >> check http://support.microsoft.com for regional support phone numbers.
> >>
> >> Any input or comments in this thread are highly appreciated.
> >> ======================================================
> >> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >>
> >> --------------------
> >> >Thread-Topic: ActiveSync & SSL
> >> >thread-index: AcWb4fVzQZt+5spSSOai0PIrmLZOqA==
> >> >X-WBNR-Posting-Host: 203.25.66.146
> >> >From: "=?Utf-8?B?Tmlra2k=?=" <Nikki@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >> >Subject: ActiveSync & SSL
> >> >Date: Sun, 7 Aug 2005 23:25:23 -0700
> >> >Lines: 11
> >> >Message-ID: <615A6BCE-68EA-4B7E-A037-C30AB7658BC5@xxxxxxxxxxxxx>
> >> >MIME-Version: 1.0
> >> >Content-Type: text/plain;
> >> > charset="Utf-8"
> >> >Content-Transfer-Encoding: 7bit
> >> >X-Newsreader: Microsoft CDO for Windows 2000
> >> >Content-Class: urn:content-classes:message
> >> >Importance: normal
> >> >Priority: normal
> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >> >Newsgroups: microsoft.public.windows.server.sbs
> >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:142269
> >> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >> >
> >> >Hello !
> >> >I am running SBS server 2003.
> >> >I have a pocket PC using ActiveSync running Windows Mobile 2003. Works
> >> fine,
> >> >but I would like to enable SSL connecton.
> >> >Q:
> >> >1. Where do I enable it on SBS server, for ActiveSync?
> >> >2. I downloaded DisableCert.EXE for PPC so if I run it on PCC - I
> should
> >> be
> >> >able top connect without need to install cetrtificates on PCC?
> >> >Thanks!!!!
> >> >--
> >> >Nikki It Admin
> >> >
> >>
> >>
> >
>
>
.

Loading