• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange Active Sync and Road Sync with FBA enabled

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Exchange Active Sync and Road Sync with FBA enabled Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange Active Sync and Road Sync with FBA enabled - 3.Nov.2006 9:09:44 AM   
hla123

 

Posts: 13
Joined: 20.Sep.2006
Status: offline
Hi, we are having problems getting Road Sync to work with EAS. We have installed ISA 2006 standard with one listener publish all Exchange services such as owa, oma, RPC over http, aes. We have installed it according to Tom Shinders guide. The AES works fine with Windows Mobile based devices but when we use Sony Ericsson phones with Road Sync it will not work with FBA enabled. Without FBA it works. If I understand the documentation for ISA 2006, the ISA server translates Forms authentication, when connecting with mobile phone, to Basic Authentication. Why will it not work? I have asked the support guys at Sony Ericsson and they recommended that we disable FBA!! We were not very satisfied with that answer. Has anyone the same problem or has a solution to my problem. A workaround would be to create a second listener but then we would be forced to buy a new certificate.

Regards,
Henrik


_____________________________

Henrik Larsson
Xitrus barnkläder och babykläder, coola, tuffa och trendiga
Post #: 1
RE: Exchange Active Sync and Road Sync with FBA enabled - 8.Nov.2006 11:27:49 AM   
ericplan

 

Posts: 1
Joined: 8.Nov.2006
Status: offline
Hi, Not of much help, but I face the same problems. Our setup is similar, but I am on the user side.

I contacted Dataviz, they offered support after some time but until now they didn't came with a solution other then turn off FBA. But this is not an advice to an end-user on a system with over 40.000 users in the AD (educational institute). As far as I know now, Exchange Activesync (the Sony productname for Roadsync) is not compatible with this setup, and do you have to wait for a new version

Regards,

Eric

(in reply to hla123)
Post #: 2
RE: Exchange Active Sync and Road Sync with FBA enabled - 18.Nov.2006 11:08:38 PM   
sullivac

 

Posts: 31
Joined: 29.Jun.2005
From: Boston
Status: offline
Interestingly, my Windows Mobile device isn't working with OMA using FBA and one listener for Exchange Web services, even though it sounds like that is working for you.  ActiveSync IS working for me on the Windows Mobile.

I have posted later to this same NG and I am waiting for a response.  My workaround is to create a second listener that uses the same URL (thus the same certificate) and IP address, but a non-standard port.  I then create an Exchange Web Access rule for OMA only using that listener, but bridging the non-standard port to 443 on the Exchange Server. 

To shorten the URL for users, I created a public DNS record called "oma.<MYORG>.com" and a virtual site on the Exchange server with nothing but a redirect to the correct URL ..com/oma">(https://<MAILSERVER>.<MYORG>.com/oma).

I'm not sure if you can do the same thing for Road Sync (assuming it is the same as ActiveSync).  In any case, you would probably skip the last part. The thing that I'm not sure about is if you can enter a custom port in the field where you enter the Exchange server name.  If you can, this should work.

(in reply to hla123)
Post #: 3
RE: Exchange Active Sync and Road Sync with FBA enabled - 7.Aug.2007 8:29:56 AM   
niklas@alltica.com

 

Posts: 2
Joined: 7.Aug.2007
Status: offline
Is there any solution to this problem jet?

We have the same problem whit the sony ercisson phones

(in reply to hla123)
Post #: 4
RE: Exchange Active Sync and Road Sync with FBA enabled - 7.Aug.2007 8:30:49 AM   
niklas@alltica.com

 

Posts: 2
Joined: 7.Aug.2007
Status: offline
Is there any solution to this problem jet?

We have the same problem whit the sony ercisson phones

(in reply to hla123)
Post #: 5
RE: Exchange Active Sync and Road Sync with FBA enabled - 6.Nov.2009 7:51:48 AM   
rhodesbc

 

Posts: 1
Joined: 6.Nov.2009
Status: offline
We have a single ISA2006 IP address for OWA/OutlookAnywhere/ActiveSync - Also a Self Signed Root CA Certificate for the ISA listener.
To get ActiveSync working we needed to do the following:
1. Load our company Root CA certificate (Public Key Only) onto each mobile device. Note: SonyEricsson appears to require the cert (in DER format with .cer file extn) to be
beamed via Bluetooth. Nokia/Windows Mobile can install a cert previously transferred to the phone via USB.
2. Disable Session Timeouts for 'Non-BrowserClients' on ISA2006 (Otherwise ActiveSync intermittantly prompts for passwords).
ActiveSyncFireWallPolicy(Policy)=>Properties(RightClick)=>Listener(Tab)=>Properties(Button)=>Forms(Tab)=>Advanced(Button)=>ApplySessionTimeoutToNon-BrowserClients(Uncheck the
tickbox).
3. The above is enough to get most WindowsMobile Devices and Nokia Devices Syncing via ActiveSync. For other (SonyEricsson) devices you may need to do the following:
4. Allow 'Non-Provisionable' devices. (I'll leave it to you to work out exactly which devices are 'Provisionable' and which devices are not.)
[Provisionable devices allow for 'Device Wipe' if stolen - as well as 'Policy Deployment' such as 'Phone must have a PIN code(key lock) to access all functions']

E2K2007.ExchangeManagementConsole(App)=>OrganisationConfiguration.ClientAccess(Selection)=>ExchangeActiveSyncMailboxPolicies(Tab)=>?????(Selection)... usually
'Default'=>AllowNon-ProvisionableDevices(Check the tickbox).
5. Set Authentication... !!!!!!!!!!!!!!!!! This is usually the show stopper  !!!!!!!!!!!!!!!!!
Background (And a quick test):
5.1. Your Web listener is probably set to "Forms Authentication".
This is a good thing - as this gives you:
a> An HTML form Login for OWA - asking for 'Private/Public' logon. (Usefull - but normally not an issue... see 'b>' for the killjoy..)
b> Forms Auth gives you an auto timeout for OWA - so that users are auto logged out after a pre-determined period. This is a good thing - and the main reason our company
purchased ISA.
5.2. As a test - Change your 'Listener' (see #2 above) Authentication from 'Forms' to 'Basic'.
Note: During this test - you have broken your Forms Auth Security Features! (This is Bad.. But hey - it's only a test! - DO NOT FORGET TO CHANGE IT BACK TO FORMS - After the
test!!).
5.3. Apply - and test ActiveSync from SonyEricsson
Your SonyEricsson should now be able to sync to the users Exchange2007 mailbox.
5.4. Set your 'Listener' back to 'Forms Auth'.
The default listener falls back from 'Forms Auth' to 'Basic Auth' if the client does not support 'Forms'.
ISA2006 uses the "User-Agent" HTML header to determine which type of authentication the connected client should be using - and whether to allow fallback to BASIC.
Unfortunately the default value for "*SonyEricsson*" is incorrect (at least for our phone - the SonyEricssonW995).
To fix:
6. Edit the UserAgent mapping in ISA2006 for *SonyEricsson* and change from 'XHTML-MP forms' to 'Basic authentication' to allow SonyEricsson phones to access ActiveSync.
See:
http://technet.microsoft.com/en-us/library/bb794715.aspx     for HowTo & required scripts to enable UserAgent mapping changes
Our Change log shows:
Mapping in ISA2006 for *SonyEricsson* changed from 'XHTML-MP forms' to 'Basic authentication' to allow SonyEricsson phones to access ActiveSync.
I hope the above process is helpfull to others....

Colin Rhodes
IT Systems Analyst

(in reply to niklas@alltica.com)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Exchange Active Sync and Road Sync with FBA enabled Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts