Microsoft Canada ITPro - #canitpro
Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
I got an email from Kenrick Robertson a week or so ago about problems he’s been having trying to get Active Sync working with his new Mobile 5 device and his companies Small Business Server 2003. I knew the problems related to the self signed cert pointing to the common name (fully qualified) of a host that has a non routable .local domain (ex: mailserver.mycompany.local). I did one post a while back about the subject and got quite a response from the SBS community and I wanted to share the email that helped me decide to write the .local post.
Here’s his comments in the email. ———————-Hi Rick,
I was at the TNX road show a few weeks ago in Toronto. I was excited in what was presented, and immediately got started with implementing the mobile 5 in our office on a test basis. I originally had the Audiovox 6600 which was running Mobile 2003, I since then upgraded to the UTStarcom 6700 and upgraded my exchange server to SP2
We are running on SBS2003. I have also assigned a self assigned certificate to the server.
I know SSL is working; I can currently HTTPS to the exchange server, and I get the certificate information dialog
Here’s the problem I am having.
Any help to get this process started will be greatly appreciated.
I asked a friend of mine (Daniel Nerenberg) in Montreal who I know picked up a 6700 UTStarcom device from Telus and I wanted to hear if he had problems like what Kenrick had experienced. The following email post is his reply. Some good information in here.
I would categorize myself as an early adopter, I think most people who know me really well would agree. When I happened across the Mobile 5 device on Telus’s web site it couldn’t have happened at a better time. My contract was up for renewal and I was itching for a new “toy”.
Within 2 hours I had a new contract signed and a top of the line Mobile 5 Wireless device. I had my cake. But it would be a while before I could eat it!
The first thing I did was a simple outlook sync of the mobile device. This of course worked without a problem. Active Synch had been working great at the desktop level for years. Of course the next step was to get the device working with my Small Business Version of Exchange. This is where the challenges started to pile up.
The first challenge: The device didn’t support the Microsoft management pack yet (AKU2). So when I set up the password policy the device refused to synch with the server. This issue dogged me for about a week where I toggled and traced every setting from the Mobile 5 Device, to ISA and finally to IIS. The positive is I know how Active-Sync for Exchange works. Finally with the help of a Microsoft Tech I was directed to the Mobile Security configuration dialog where I had to select the option to allow devices that did not comply with the security policy.
The next challenge was working with the certificates. My AD domain is based on SBS 2003 server. When I installed SBS I followed the Wizard and created a “.local” Active directory domain. The original certificate that was installed had a common name of sbsserver.sbsdomain.local. Here are some constraints I discovered while working with SBS and certificates:
Most enterprise users won’t have this issue because they can just set up a publishing rule on either their ISA server, or their Exchange is split into a front end server and a back end server.
My final solution with 1 caveat is the following. I installed in my ISA web listener a self generated certificate for my public domain. (mail.myoutsidedomain.com). This left my IIS certificate the same, and kept my public folders working securely. Next I then had to install the CA certificate on my device so that my device would trust the certificate I generated. This is done by opening up your servers trusted certificate list, exporting the file into a .cer, copying the file to your mobile 5 device, and finally opening the certificate to get the install option.
With this configuration my device would synchronize over the air with my Exchange server. The caveat is that as soon as I would cradle the device in my local network, I would receive a synchronization error. The device would attempt to synch with the local Exchange (Bypassing ISA’s web listener), and would refuse the certificate installed on the IIS because it didn’t match the domain name the device was configured to log into the server with. My final Certificate summary:
I now synchronize my device with my Company’s exchange server, and it works great, I think I will finally be eating my cake when the update for my phone is released and I can have push mail, but for now at least I’m enjoying licking the icing off the side!
Daniel NerenbergIT Consultant AlphaMosaik
PingBack from http://digwe.com/tags/101/200811/0x80072ee2-on-windows-mobile-6.html