Exch2k3, ISA2k, and Windows Mobile 5.0 set up

[HeathRamos]

I recently got a new cell phone that has windows mobile 5.0 on it and would like to set it up so I can get my email on it.

Our set up: Exchange 2003 (only one server, no FE/BE set up), ISA 2000.

We currently have OWA working with SSL (cert from inhouse CA). I turned off FBA for now but would like to turn that back on.

What exactly do I need to get this to work?

On the cell phone, I put in the info already (basically something that points to ISA)

I figured I need to publish ActiveSync in ISA (publish OMA as well?). Also would need to go into IIS and config it to use the cert.

Any details on exactly what I will need to do would be helpful since I have to get it running fairly quickly.

 

[HeathRamos]

FTR...I read somewhere that you could test OMA by going to

http://servername/oma.

Since I am using SSL, I went to

https://servername/oma

and was prompted for a username/password.

I got the following:

A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.

 

[ShackDaddy]

Don't use OMA. Use Exchange ActiveSync. All you need to have in place on ISA is SSL, AFAIK. Go into Messaging on your phone and choose Outlook Mail. Get options and configure it with the external name of your mail server. The same name you point at when you use OWA (probably your ISA server).

You will probably get an error since you don't have a certificate loaded.

The key thing is to get the certificate on the phone:

1. Go to the computer that the user normally runs ActiveSync on to sync the device via USB.

2. Open up a web browser and go to this network's Outlook Web Access site.

3. When the security alert comes up, click the "View Certificate" button.

4. In the Certificate view area, you should be able to "Copy Certificate" and then save it to a file. By default it will save it in the proper file format, and will use the .cer extension.

4. Now use ActiveSync to browse the PDA file system. You should be able to do that by running ActiveSync on the desktop workstation while the PDA is plugged in. I think the option to browse the file system is in the Tools menu.

5. Find a place like "Documents" in the PDA file system, and copy that .cer file you saved earlier into the folder on the PDA.

6. On the PDA, navigate the file system using File Explorer or something similar to find that .cer file.

7. Open/run the .cer file, and it will install the certificate on your PDA. Now if all the other fairly basic configurations on the phone and server are as they should be, you should be good to go.

8. By default the server is already ready to do everything, so you shouldn't need to do anything special there. On the client, you will be configuring "Outlook Mail" and when it asks for an Exchange server, you willl point it to the same name you hit when you use OWA and supplying the normal network password for that user.

9 You should be able to sync with Exchange wirelessly merely by doing a "Send/Recieve" or by opening ActiveSync and choosing "Sync Now."

Hope this helps,

ShackDaddy

 

[HeathRamos]

A little more detail on our set up.

We have a certificate installed on the Exchange Server and the virtual directories are all under the Default Website on that Windows 2003 server.

So...to go over the steps:

ISA Server:
Needs to have a web publishing rule that points to a destination set with the Exchange Server IP and path for the activesync virtual directory.

With the FBA turned off, I can use the same listener OWA uses for SSL (otherwise I would need a 2nd listener from new IP).

Exchange Server:

Enable Active Sync and/or OMA in System Manager of Exchange Server (by default, should work in AD).

IIS:

Certificate already installed for Default Website for OWA.

Need to require the cert on the ActiveSync virtual directory.

Phone:

Point phone to mail.mydomain.com and require SSL.

Install certificate.

Is that all there is to it?

Since the cert is from our own CA, does it have to be something special, meaning does it have to be associated with mail.mydomain.com in some way?

 

[HeathRamos]

well...I tried this an still get an error when I try to sync emails.

any other suggestion?

 

[NickFerrar]

Hmm worked for me a while back with a config similar to what you mention (only real difference is I had ISA2004 and a separate listener as I needed FBA to).

I did have an issue with the certificate on the handheld (although I used a valid VeriSign cert to publish EAS the handheld didn't have the correct root CA certs for VeriSign so I ended up importing them all from the ISA box onto the handheld into it's root store). I also read a lot of people complaining about self-signed certs not working with Mobile 5/EAS but not sure what the exact issue was.

I also remember a log being written on the handheld during the connection which should give you more info on whats going wrong - sorry its all a bit vague I only had the device for a month to test and we've stuck with Blackberry's