Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Microsoft ActiveSync Client Certificate Settings

Status
Not open for further replies.

supdude

MIS
Mar 20, 2013
4
Hey guys,

I'm running into a few snags with my Airwatch/Exchange integration. With one requirement particularly.

One thing it asks for is to Accept client certificates in Microsoft Server Active Sync settings in IIS manager. That's fine and all, but when I do that breaks normal phones connecting directly to exchange over SSL. When I change the setting back to ignore client certificates it fixes it.

According to Airwatch this setting needs to be in place in order for my client certificate coming from mobile devices enabled on Airwatch to bypass uid/password authentication and sync directly with exchange through the Airwatch server using the specified certificate.

I can see that Airwatch devices are getting that certificate, however they are prompted for uid/password authentication still when the password gets updated. I'm thinking this has something to do with the SSL settings set to required and ignore client certificates.

The rest of the settings look fine, Airwatch has access to the CA and cert, users are showing up in AW and gaining access to their emails. Kind of stuck here.

Thanks in advance
 
BTW here is what I'm working off of at the moment, it came from Airwatch. I verified 3 of the 4 are setup.

System Requirements:
1. The following tasks must be completed before proceeding with the steps outlined in this document:
 A Certificate Authority server must be setup and configured as described in the Setting Up a Microsoft CA for Use with AirWatch document. The CA must be an Enterprise CA as opposed to a Stand Alone CA (Stand Alone does not allow for the configuration and customization of templates). (check)

2. A Network Device Enrollment Service, also referred to as MSCEP server setup and configured as described in the document Configuring NDES
o NDES is only available in the Enterprise version of Microsoft Server 2008 and 2008 R2. (?)

3. Microsoft Exchange with ActiveSync enabled. (check)

4. Internet Information Services (IIS) on the EAS server must have the option “Client Certificate Mapping Authentication” installed. (check)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top