Interesting, well OMA works fine now both internally and externally, however ActiveSync will not. This is on an iPhone. Still reviewing
On Tue, Sep 23, 2008 at 10:53 AM, mqcarp <[EMAIL PROTECTED]> wrote: > I got it worked out but it is excruciatingly slow. Very odd. I will have to > look at this. Thanks all > > > On Tue, Sep 23, 2008 at 9:05 AM, Michael B. Smith < > [EMAIL PROTECTED]> wrote: > >> I did this the first time, long ago and far away. It's just part of the >> process now…here were my comments the first time I had to do it: >> >> >> >> >> http://theessentialexchange.com/blogs/michael/archive/2007/11/13/oma-amp-activesync-after-configuring-rpc-https-and-forms-based-authentication.aspx >> >> >> >> Regards, >> >> >> >> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP >> >> My blog: http://TheEssentialExchange.com/blogs/michael >> >> Link with me at: http://www.linkedin.com/in/theessentialexchange >> >> >> >> *From:* mqcarp [mailto:[EMAIL PROTECTED] >> *Sent:* Tuesday, September 23, 2008 8:48 AM >> >> *To:* MS-Exchange Admin Issues >> *Subject:* Re: ActiveSync Set Up Veterans >> >> >> >> Do you happen to use a front end Exchange server? We do not, and have come >> across a problem. In reading about the solution on MS site, this seems odd >> and insecure. Has anyone had to implement this fix? >> >> http://support.microsoft.com/kb/817379/EN-US/ >> >> >> On Mon, Sep 22, 2008 at 2:03 PM, Sherry Abercrombie <[EMAIL PROTECTED]> >> wrote: >> >> I have ISA in my environment, but it is not a part of the OWA/ActiveSync >> setup. I have a reverse proxy setup at my colo that is used for both OWA >> and ActiveSync. >> >> >> >> On 9/22/08, *mqcarp* <[EMAIL PROTECTED]> wrote: >> >> Sherry are you using ISA in your environment? >> >> >> >> On Mon, Sep 22, 2008 at 12:15 PM, Michael B. Smith < >> [EMAIL PROTECTED]> wrote: >> >> The below was current as of the release of Exchange Server 2003 sp2. Not >> sure if the attribute has additional documented values in Exchange 2007. >> >> >> >> You can also make the change globally easily using PowerShell or a tool >> like ADModify.Net. >> >> >> >> The final Exchange specific tab is Exchange Features, shown in Figure 9-9. >> The Mobile Services entries allow you to control, on a per-user basis, the >> mobile capabilities of Exchange. If you, by default, enable mobile services >> at the global level (Global Settings(R)Mobile >> Services(R)Properties(R)General) >> then this window allows you to disable the capabilities at the per-user >> level. Using the script made available in Microsoft KB 830188 (How to grant >> permission to use Outlook Mobile Access to specific users of Exchange Server >> 2003), you can globally disable all users and then pick and choose which >> specific users are to be allowed access to mobile service capabilities. >> >> >> >> The per-user AD attribute that controls these functions is named >> msExchOmaAdminWirelessEnable. If this attribute has a value of zero or the >> attribute is not present, then all mobile services are enabled. If Outlook >> Mobile Access (OMA) is disabled, but the other two features are enabled, >> then the attribute has a value of two (2). The other two items control >> specific features associated with Exchange ActiveSync (EAS). "User >> Initiated Synchronization" must be enabled for Up-to-date Notifications to >> be enabled; however Up-to-date Notifications may be disabled on its own. If >> only Up-to-date Notifications is disabled, then msExchOmaAdminWirelessEnable >> has a value of one (1). If both User Initiated Synchronization and >> Up-to-date Notifications are disabled, then msExchOmaAdminWirelessEnable has >> a value of five (5). If all three Mobile Services are disabled, then >> msExchOmaAdminWirelessEnable has a value of seven (7). >> >> >> >> If you search the Internet, you will find that other values can be >> specified for this attribute. However, the values described in the prior >> paragraph are the only values which Microsoft has documented. You are better >> off only using these values. >> >> >> >> >> >> Regards, >> >> >> >> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP >> >> My blog: http://TheEssentialExchange.com/blogs/michael >> >> Link with me at: http://www.linkedin.com/in/theessentialexchange >> >> >> >> *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] >> *Sent:* Monday, September 22, 2008 12:55 PM >> *To:* MS-Exchange Admin Issues >> *Subject:* Re: ActiveSync Set Up Veterans >> >> >> >> The Exchange Features tab in AD for each account is the place to enable or >> disable additional Exchange features such as mobile and OWA. All these >> features are enabled by default and you will have to disable them. When we >> recently went through the process to setup OWA and ActiveSync, I had to >> manually disable everyone except those that had the proper approval for >> mobile and/or OWA. Check with your HR department because there are legal >> things to consider with employees checking or receiving email during >> non-business hours. >> >> In your IIS settings for ActiveSync you can set it to require SSL and I >> wouldn't recommend setting it up any other way. No SSL means that you're >> network credentials are being sent clear text.......very bad idea. >> >> Haven't had need to do any looking at logging for auditing at this point >> so I can't address that. >> >> On 9/22/08, *mqcarp* <[EMAIL PROTECTED]> wrote: >> >> Just have a few questions if some of you are using this feature. It seems >> frighteningly easy to set up on the server side and I want to ensure that >> the settings are secure. Here are a few observations for you vets on this: >> >> * The settings are activated for ALL users when it is enabled. Is it >> possible to disable it by default and enable specific users in AD? >> * Is there a log setting to enable for reviewing audit processes for >> pushes and troubleshooting in Exchange? >> * For iPhones, I have noticed that the config utility can require a >> certificate for the server side push set up, but if you set up a device >> manually, it will accept the connection without this validation. Can this be >> set to be required to avoid connections this way? >> >> This is on Exch 2003. >> >> TIA >> >> >> >> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> >> >> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
