An interesting question came in today that I wanted to share with everyone:

Hi, I'm having trouble finding a document that explains the design issues around ActiveSync.  I'm looking at providing ActiveSync capability to domain 2 with the ISA server located in domain 1. Is that possible?

The short answer to this is yes.  In fact, to use the Web Publishing rule for ActiveSync, there is no domain dependency between the ISA 2004 server and the Exchange 2003 server providing ActiveSync capability.  The requirements to make this work include:

  • an SSL certificate for the Exchange 2003 server
  • the SSL certificate from the Exchange 2003 server exported to a file and imported into the ISA server
  • a Web Publishing rule on the ISA server that sends the requests to the Exchange 2003 server once they have been verified by the ISA 2004 server
  • a PocketPC 2003 or Mobile 5 device with the root certificate installed
  • a DNS entry for the ActiveSync host (e.g. mail.domain.com) that resolves to the ISA 2004 server from the InterNet

The second part of the question was:

Where can I find more documentation around the design of ActiveSync specifically Internet protocols and security.

A good place to get information to frequently asked questions on ActiveSync is the ActiveSync FAQ at http://www.microsoft.com/technet/prodtechnol/exchange/2003/actsyncfaq.mspx.

A guide for configuring ISA 2004 with Exchange 2003 can be found here http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/exchage2003.mspx

A tech note on how to configure Outlook Web Access using ISA 2004 can be found at http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/outlook_web_access_publishing_ee.mspx.  The process to enable ActiveSync is the same, with the only thing not done in this tech note to make it work is checking the ActiceSync check box in the ISA 2004 publishing wizard.