Thanks Sherry. We went to Petri's site per your recommendation last (you were at home and didn't have specific links there) and tried several. I know we hit the first link. I don't think we went to the other two, but the mention of 2 virtual directories rings a bell. I think we tried something like that. We'll dig back into it.
________________________________ From: Sherry Abercrombie [mailto:saber...@gmail.com] Sent: Monday, August 24, 2009 1:42 PM To: NT System Admin Issues Subject: Re: Still struggling with iPhone, ISA and SSL certs... I highly recommend looking at these links: http://www.petri.co.il/configure_isa_to_publish_owa.htm http://www.petri.co.il/configure_oma.htm http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_ in_activesync.htm Basically what I had to do was in the last link listed, OWA and ActiveSync don't play nicely together with FBA in IIS, you create two virtual directories in IIS, one for OWA with FBA, one for ActiveSync/Mobile devices without it, reg hack involved, & some other stuff. I was going through this kind of frustration about a year ago when we had to add access for mobile devices, had OWA working for a long time, but couldn't get anything working on ActiveSync until I did the 2 virtual directories. On Mon, Aug 24, 2009 at 1:18 PM, Tim Evans <tev...@sparling.com> wrote: One of my users came in with an iPhone and it just worked with the standard configuration we had for all our WM devices. At the time, we were also using an internal certificate and it just worked. Do you have it working with any WM devices? ActiveSync is not OMA or OWA. In Exchange 2007, it is called ActiveSync. In Exchange 2003, I think it was called "Always Up to Date" or Push or something like that. Just to confirm, you are on 2003 SP2? You do need SP to get ActiveSync. ...Tim > -----Original Message----- > From: Maglinger, Paul [mailto:pmaglin...@scvl.com] > Sent: Monday, August 24, 2009 10:56 AM > To: NT System Admin Issues > Subject: RE: Still struggling with iPhone, ISA and SSL certs... > > We've broken this down into several steps trying to get this to work. > We backed away from using the iPhone and used a Windows Mobile device to > connect to the Exchange server using our internal wireless network > without SSL and was able to get that to work through OWA, but the > ActiveSync is still not working. We're getting "Your account in > Microsoft Exchange Server does not have permission to sync with your > current settings". We've checked Outlook Mobile Access and Outlook Web > Access settings and they're both enabled. We've Google this and tried > just about everything we've found and still not working. > > For those who just tuned in, we eventually want to get this working > running an iPhone through an ISA 2006 server to Exchange 2003. > > -Paul > > -----Original Message----- > From: Ken Schaefer [mailto:k...@adopenstatic.com] > Sent: Saturday, August 22, 2009 12:35 AM > To: NT System Admin Issues > Subject: RE: Still struggling with iPhone, ISA and SSL certs... > > Huh? PKI is relatively simple technology. Usually both parties need to > trust a mutual third party (a CA). A similar concept to Kerberos or even > AD in general (both clients and servers trust DCs) > > The tricky part about PKI is all the processes you have around managing > your CA, key escrow etc. What is the actual issue you are facing? > > Cheers > Ken > > -----Original Message----- > From: Maglinger, Paul [mailto:pmaglin...@scvl.com] > Sent: Friday, 21 August 2009 10:12 PM > To: NT System Admin Issues > Subject: Still struggling with iPhone, ISA and SSL certs... > > As the Security Admin and I are still trying to get the > hell-spawned-demonic-iPhone-from-the-putrid-cesspool-of-caustic-industri > al-waste-products to work through our ISA, we referred back to the ISA > 2006 Migration Guide by Syngress. The SA came in the morning and showed > me the following section in the book: > > "The topic of Certificate Authorities (CAs)and PKI (Public Key > Infrastructure) is usually enough to drive many administrators away from > even considering SSL. There are a number of reasons for this: > - The available documentation on certificate authorities and PKI, in > general, is difficult to understand. > - The subject has the potential to be extremely complex. > - You need to learn an entirely new vocabulary to understand the CAs > and PKI. Often the documentation on these subjects doesn't define the > new words, or they use equally arcane terms to define the arcane term > for which you're trying to get the definition. > - There doesn't seem to be any support for the network and firewall > administrator who just wants to get a CA setup and running so that he > can use certificates for SSL and L2TP/IPSec authentication and > encryption." > > > Boy, that just seems to sew it up in a nutshell, doesn't it? You'd > think that if this opinion is as common as I believe it to be, somebody > out there could simplify the process somewhat... > > *thunk* *thunk* *thunk* (head banging against desk...) > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
