Certificate based authentication to Exchange and ISA tunneling (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General


ingo -> Certificate based authentication to Exchange and ISA tunneling (7.Nov.2006 5:07:39 PM)

Hi there,

I've got a huge prob with Microsoft's guide to authenticate Mobile Devices (WM5 with AKU2) with a client certificate to Exchange. The setup follows MS' guidelines as decribed here: http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfp_a.mspx and with a docked device or using a WiFi-connection the mobile device shows its user certificate to the Exchange's IIS and is authenticated there.
With GPRS and ISA the problems started: We have an ISA 2004 SP2 as a one-legged reverse proxy in the DMZ. When I create a standard mailserver-publishing rule, OWA (configured for username/pwd) works perfectly but the mobile device ActiveSync starts autheticating at the IIS, does not sync and the client certificate is erased!
After googling I found a hint, that ISA 2004 cannot bridge such a connection because it would need the certificate's private key. But tunnel mode should work.
Unfortunately I could not find a good howto for publishing Exchange in tunneled mode. Trial and error (switching the publishing rule to "messages appear to come from client") resulted in 404 Page not found (so there's something wrong with the IIS subfolder resolution).
Has anybody a good idea how to solve the thing? Changing ISA from one-legged to another topology is not an option :(

Thanks in advance!

tshinder -> RE: Certificate based authentication to Exchange and ISA tunneling (15.Nov.2006 10:52:54 AM)

Single NIC = hork mode.

Full firewall support and feature set not available.

Moving to Web proxy section.

Page: [1]