WM5 + ActiveSync 4.1 + ISA 2004

Hi there

I get the feeling the following scenario might be a common one and
wonder if anyone has found a solution?

We are trying to get a Windows Mobile 5 device syncing both over the
air and in the cradle using SSL.

My environment consists of SBS 2003 Premium (SP1), Exchange 2003 SP2,
and ISA 2004 (SP1). The server has 2 NICs with the 2nd NIC plugged into
a DSL router (Cisco 877). The public IP address is on the router and
not the 2nd NIC. The router is pinholed to allow ports 80, 443 and 4125
for OWA, OMA, and RWW through to ISA. We are using self signed SSL
certificates created with the SBS Internet Connection Wizard.

We have a Mobile Windows 5 powered phone which has been configured to
use Exchange Activesync for email, calendar, contacts, and tasks. We
have imported both SSL certificates to the phone successfully. The
phone is configured to sync to the public DNS name of our server, for
example publicdns.domain.com.

Syncing over the air works perfectly with and without SSL.

Syncing in the cradle is a different matter as publicdns.domain.com
resolves to the external interface on the router. Since the router is
RFC compliant it doesn't route the traffic back to ISA.

Changing the device to sync to ServerName in the cradle works but
changing the address depending on syncing in the cradle or not isn't a
suitable solution.

To try and resolve this I created a split DNS so that
publicdns.domain.com resolves to the internal IP address of the server
on the LAN. This works if we disable SSL on the device. It appears the
reason it fails if we use SSL is that the certificate returned by the
server matches publishing.domain.local instead of publicdns.domain.com
and WM5 doesn't like that. Apparently it isn't possible to disable
certificate checking on WM5 devices like it was on Pocket PC 2003.

I would prefer to use SSL for security reasons.

If anyone can help with a solution I would really appreciate it and I'm
sure there must be other people out there scratching their heads over
this same problem.

.

Relevant Pages

  • Re: Can not access Web and FTP sites from Internet
    ... IP address to your router? ... unless you host a web site in your server. ... use the port 443 which is SSL more secure. ... > calling CNetCommit::ValidateRouterConnectionProperties. ...
    (microsoft.public.windows.server.sbs)
  • Re: SSL certificate modification
    ... > That's only one reason for the existance of SSL server ... > that certificates contains certified public keys which are used during ... implication then the domain name infrastructure is a trusted server ...
    (comp.security.misc)
  • Re: SSL on multiple sites in a virtually hosted WinServer 2003
    ... Virtual server to listen on that IP do not leave it. ... Here is a high end router that will do just that. ... This setup works fine for only one SSL enabled site. ... one of the nics but it gets confused as to which gateway to send the ...
    (microsoft.public.windows.server.networking)
  • Re: Configuring SSL and Exchange SSL
    ... How to Use Certificates with Virtual Servers in Exchange Server 2003 ... And this one tells you to force SSL on Exchange and Public once you have the ... Turning On SSL for Exchange 2000 Server Outlook Web Access ...
    (microsoft.public.exchange.admin)
  • Re: WM5 + ActiveSync 4.1 + ISA 2004
    ... Would you mind telling me what router you are using please? ... All I had to do is import publishing.domain.local certificate into my xda ... We are using self signed SSL ... publicdns.domain.com resolves to the internal IP address of the server ...
    (microsoft.public.windows.server.sbs)
Loading