I am running Exchange 2003, ISA Server 2006 with published OWA using FBA authenticating with Radius OTP.
I recently published Active Sync (EAS) and in fact this works pretty fine with the same FBA listener, cause ISA 2006 is falling back to basic authentification if necessary (if the client doesn't understand FBA). Unfortunately, every sync forces the mobile user to enter Username/Password, so this is not very comfortable way.
I'd rather like to use User Certificate Authentification but does this mean, I need to add a second listener and therefore a second, external IP at last? If I understand right, the listener for Certificate Authentification needs to be configured to use SSL-Clientauthentification?! If yes, is there an alternative way to configure FBA and Certificate Authentification using one single listener?