Re: WM5 + ActiveSync 4.1 + ISA 2004

Petergal's SBS Blog : 85010001 Error Trying to Sync with WM5.0 Device/ActiveSync4.1/ISA2004:
http://blogs.technet.com/petergal/archive/2006/02/02/418663.aspx

Did you see that?

Sp1d3r wrote:

Hi there

I get the feeling the following scenario might be a common one and
wonder if anyone has found a solution?

We are trying to get a Windows Mobile 5 device syncing both over the
air and in the cradle using SSL.

My environment consists of SBS 2003 Premium (SP1), Exchange 2003 SP2,
and ISA 2004 (SP1). The server has 2 NICs with the 2nd NIC plugged into
a DSL router (Cisco 877). The public IP address is on the router and
not the 2nd NIC. The router is pinholed to allow ports 80, 443 and 4125
for OWA, OMA, and RWW through to ISA. We are using self signed SSL
certificates created with the SBS Internet Connection Wizard.

We have a Mobile Windows 5 powered phone which has been configured to
use Exchange Activesync for email, calendar, contacts, and tasks. We
have imported both SSL certificates to the phone successfully. The
phone is configured to sync to the public DNS name of our server, for
example publicdns.domain.com.

Syncing over the air works perfectly with and without SSL.

Syncing in the cradle is a different matter as publicdns.domain.com
resolves to the external interface on the router. Since the router is
RFC compliant it doesn't route the traffic back to ISA.

Changing the device to sync to ServerName in the cradle works but
changing the address depending on syncing in the cradle or not isn't a
suitable solution.

To try and resolve this I created a split DNS so that
publicdns.domain.com resolves to the internal IP address of the server
on the LAN. This works if we disable SSL on the device. It appears the
reason it fails if we use SSL is that the certificate returned by the
server matches publishing.domain.local instead of publicdns.domain.com
and WM5 doesn't like that. Apparently it isn't possible to disable
certificate checking on WM5 devices like it was on Pocket PC 2003.

I would prefer to use SSL for security reasons.

If anyone can help with a solution I would really appreciate it and I'm
sure there must be other people out there scratching their heads over
this same problem.



.

Relevant Pages

  • Re: SSL certificate modification
    ... > That's only one reason for the existance of SSL server ... > that certificates contains certified public keys which are used during ... implication then the domain name infrastructure is a trusted server ...
    (comp.security.misc)
  • Re: iPhone 3G wont Sync with Exchange
    ... AFAIK SSL must be ON, and the cert must be installed. ... it wil hunt for a server then ask for your server; ... select the account you just entered. ... You may or may not have to turn your phone on/off to sync. ...
    (microsoft.public.windows.server.sbs)
  • Re: Odd Activesync behavior
    ... I am going to hire someone to get the SSL portion ... Is the AKU something on the server or my pocket ... To fix the problem you would need to purchase an SSL certificate and ... As for the option to sync as data arrives, ...
    (microsoft.public.pocketpc.activesync)
  • Re: Getting exchange 2003 server active sync to work with PDA?
    ... >> this set up and working so that we can sync emails over the net. ... >> server ... > IIS requiring SSL may cause OMA to stop working so I removed SSL and OMA ...
    (microsoft.public.exchange2000.general)
  • Re: Configuring SSL and Exchange SSL
    ... How to Use Certificates with Virtual Servers in Exchange Server 2003 ... And this one tells you to force SSL on Exchange and Public once you have the ... Turning On SSL for Exchange 2000 Server Outlook Web Access ...
    (microsoft.public.exchange.admin)