Exchange Server Active-Sync and Direct Push E-mail
Hi,
I want to be able to push e-mail and do active-sync with clients using Treo 700WX devices. I was wondering what most people were doing and are you satisfied with it?
I know one option is RPC over HTTP and another is just using SSL with either a third party certificate or internal certificate. Have you tried both or found one more desirable?
This will be running on a SBS 2003 with Exchange SP2 installed already. Any thoughts or configuration advice would be greatly appreciated.
Thanks
I want to be able to push e-mail and do active-sync with clients using Treo 700WX devices. I was wondering what most people were doing and are you satisfied with it?
I know one option is RPC over HTTP and another is just using SSL with either a third party certificate or internal certificate. Have you tried both or found one more desirable?
This will be running on a SBS 2003 with Exchange SP2 installed already. Any thoughts or configuration advice would be greatly appreciated.
Thanks
I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci)
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci)
Comments
-
royal Member Posts: 3,352 ■■■■□□□□□□You can use OMA. You basically throw a public trusted certificate on the IIS server, configure OMA folder to use SSL, and then configure OMA settings on the server, and then configure a user to be allowed to connect. You can have direct push if you upgrade your Exchange 2003 to Service Pack 2. Keep in mind, that to support Direct Push, your Mobile devices will need to be at least Windows Mobile 5.0 Messaging and Security Pack Feature. You can read more about this at the following urls:
http://www.microsoft.com/windowsmobile/business/directpushemail.mspx
http://www.petri.co.il/how_to_sync_ppc_with_exchange_2003.htm
http://www.petri.co.il/configure_oma.htm
http://www.petri.co.il/configure_ssl_on_oma.htm“For success, attitude is equally as important as ability.” - Harry F. Banks -
ITdude Member Posts: 1,181 ■■■□□□□□□□Thanks royal. Well I already upgraded the Exchange Server 2003 to SP2 and all the devices are brand new Treo 700 WX running Windows Mobile 5.0
How pricey do the thrird party security certificates usually run?
Thanks for the links.I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci) -
ajs1976 Member Posts: 1,945 ■■■■□□□□□□third party certs are around $300 a year. We get ours from Verisign. I tried using an internal cert, but depending on the device it can be a pain to get the to get the root certificate added, so it is easier to do a 3rd cert that already has the root in the device.Andy
2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete -
ITdude Member Posts: 1,181 ■■■□□□□□□□That is kinda what I was thinking too. However, this client is very tight with the budget, so it might be a hard sell!I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci) -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□ITdude wrote:That is kinda what I was thinking too. However, this client is very tight with the budget, so it might be a hard sell!
Just tell him it will cost $500 extra to set up a CA, and another $299/year to support it. :PAll things are possible, only believe. -
ajs1976 Member Posts: 1,945 ■■■■□□□□□□I'm not using Exchange to push the email, but I did have the device set to sync every 30 minutes automatically. I found that the battery wasn't lasting a full day. I now have it set to manual sync. I have a verizon phone, so it might not be an issue with all makes and models.Andy
2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete -
ITdude Member Posts: 1,181 ■■■□□□□□□□Sounds like you have the same kind of evil streak that I do, sprkymrk! This guy is funny. He will spend all kinds of money for toys on his sailboat but pinches pennies when it comes to his network.
These Treos are on Verizon too...I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci) -
royal Member Posts: 3,352 ■■■■□□□□□□At my last client, we got a Verisign SSL certificate. Verisign started to sign their certificates with a subordinate CA instead of their root. The mobile devices for some odd reason wanted the subordinate certificate on the device or they would throw out certificate errors; which is odd since it should only require the root certificate.“For success, attitude is equally as important as ability.” - Harry F. Banks
-
ITdude Member Posts: 1,181 ■■■□□□□□□□Interesting!I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci) -
blargoe Member Posts: 4,174 ■■■■■■■■■□royal wrote:At my last client, we got a Verisign SSL certificate. Verisign started to sign their certificates with a subordinate CA instead of their root. The mobile devices for some odd reason wanted the subordinate certificate on the device or they would throw out certificate errors; which is odd since it should only require the root certificate.
After pressing MS Premier support I was able to influence some modifications to an MS KB article on synchronization failures (cool, huh?)
http://support.microsoft.com/kb/927465IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
royal Member Posts: 3,352 ■■■■□□□□□□The thing is, both the root certificate as well as the subordinate certificate was correctly installed and not expired on both the ISA server as well as the Exchange server. The mobile devices still wanted the subordinate CA installed on the mobile devices. Do you know who you spoke to or have a direct number to the Microsoft guy you talked to? I'd like to speak to him as why this is happening. The clients should only need the root certificate installed.“For success, attitude is equally as important as ability.” - Harry F. Banks
-
royal Member Posts: 3,352 ■■■■□□□□□□Well, just contacted Verisign and found that mobile devices don't support certificate chanining which is why the subordinate certificate needs to be installed on the mobile devices. Verisign apparently allows you to request certificates signed by the root still for this very reason. Here's the e-mail response I got back:Dear Customer
Unfortunately at this stage Windows Mobile devices do not accept certificate chaining. Thus it was not able to recognize the intermediate root certificate installed on the server. If you requested the secure site certificate you can generate a new csr, then revoke and replace the certificate. You can choose "server does not support chaining" to have a certificate without the intermediate certificate.
Following are the instructions for replacing your Digital ID. Within 30 days of the issue date, the Digital ID may be replaced at no additional charge. Beyond 30 days of the issue date, the replacement incurs a $100.00 processing charge.“For success, attitude is equally as important as ability.” - Harry F. Banks -
ajs1976 Member Posts: 1,945 ■■■■□□□□□□Thanks for the info. I just did a renewel and got one of the subordinate certs, but did not have any problems with it.Andy
2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete