Exchange features. We disable mobile & owa for everyone and only enable it if it is approved by a manager for a user.
On Mon, Aug 24, 2009 at 1:56 PM, Maglinger, Paul <pmaglin...@scvl.com>wrote: > Would that show up as ActiveSync in ADUC, Exchange Features, or is it > referred to as Outlook Mobile Access under Mobile Services? > > -----Original Message----- > From: Tim Evans [mailto:tev...@sparling.com] > Sent: Monday, August 24, 2009 1:49 PM > To: NT System Admin Issues > Subject: RE: Still struggling with iPhone, ISA and SSL certs... > > Yes, that would imply that ActiveSync is on the server. But you said > that the error message said that the user's account was not enabled for > activesync. You need to make sure that the account is enabled first. > > > ...Tim > > > > -----Original Message----- > > From: Maglinger, Paul [mailto:pmaglin...@scvl.com] > > Sent: Monday, August 24, 2009 11:42 AM > > To: NT System Admin Issues > > Subject: RE: Still struggling with iPhone, ISA and SSL certs... > > > > > One of my users came in with an iPhone and it just worked with the > > standard configuration we had for all our WM devices. > At the time, > we > > were also using an internal certificate and it just worked. > > > > That's right... just twist the knife... :-) > > > > > Do you have it working with any WM devices? > > > > Just with OWA now. And as I said, just internally between the WM > device > > and the Exchange server. We want to get that done before we throw the > > ISA into the mix. > > > > In the IIS Manager, there is a virtual directory called > > Micrsoft-Server-ActiveSync. So doesn't that indicate that it's there? > > > > Yep, running Exchange 2003 SP2. > > > > -----Original Message----- > > From: Tim Evans [mailto:tev...@sparling.com] > > Sent: Monday, August 24, 2009 1:19 PM > > To: NT System Admin Issues > > Subject: RE: Still struggling with iPhone, ISA and SSL certs... > > > > One of my users came in with an iPhone and it just worked with the > > standard configuration we had for all our WM devices. At the time, we > > were also using an internal certificate and it just worked. > > > > Do you have it working with any WM devices? > > ActiveSync is not OMA or OWA. In Exchange 2007, it is called > ActiveSync. > > In Exchange 2003, I think it was called "Always Up to Date" or Push or > > something like that. > > Just to confirm, you are on 2003 SP2? You do need SP to get > ActiveSync. > > > > > > ...Tim > > > > > > > -----Original Message----- > > > From: Maglinger, Paul [mailto:pmaglin...@scvl.com] > > > Sent: Monday, August 24, 2009 10:56 AM > > > To: NT System Admin Issues > > > Subject: RE: Still struggling with iPhone, ISA and SSL certs... > > > > > > We've broken this down into several steps trying to get this to > work. > > > We backed away from using the iPhone and used a Windows Mobile > device > > to > > > connect to the Exchange server using our internal wireless network > > > without SSL and was able to get that to work through OWA, but the > > > ActiveSync is still not working. We're getting "Your account in > > > Microsoft Exchange Server does not have permission to sync with your > > > current settings". We've checked Outlook Mobile Access and Outlook > > Web > > > Access settings and they're both enabled. We've Google this and > tried > > > just about everything we've found and still not working. > > > > > > For those who just tuned in, we eventually want to get this working > > > running an iPhone through an ISA 2006 server to Exchange 2003. > > > > > > -Paul > > > > > > -----Original Message----- > > > From: Ken Schaefer [mailto:k...@adopenstatic.com] > > > Sent: Saturday, August 22, 2009 12:35 AM > > > To: NT System Admin Issues > > > Subject: RE: Still struggling with iPhone, ISA and SSL certs... > > > > > > Huh? PKI is relatively simple technology. Usually both parties need > to > > > trust a mutual third party (a CA). A similar concept to Kerberos or > > even > > > AD in general (both clients and servers trust DCs) > > > > > > The tricky part about PKI is all the processes you have around > > managing > > > your CA, key escrow etc. What is the actual issue you are facing? > > > > > > Cheers > > > Ken > > > > > > -----Original Message----- > > > From: Maglinger, Paul [mailto:pmaglin...@scvl.com] > > > Sent: Friday, 21 August 2009 10:12 PM > > > To: NT System Admin Issues > > > Subject: Still struggling with iPhone, ISA and SSL certs... > > > > > > As the Security Admin and I are still trying to get the > > > > > > hell-spawned-demonic-iPhone-from-the-putrid-cesspool-of-caustic-industri > > > al-waste-products to work through our ISA, we referred back to the > ISA > > > 2006 Migration Guide by Syngress. The SA came in the morning and > > showed > > > me the following section in the book: > > > > > > "The topic of Certificate Authorities (CAs)and PKI (Public Key > > > Infrastructure) is usually enough to drive many administrators away > > from > > > even considering SSL. There are a number of reasons for this: > > > - The available documentation on certificate authorities and PKI, > in > > > general, is difficult to understand. > > > - The subject has the potential to be extremely complex. > > > - You need to learn an entirely new vocabulary to understand the > CAs > > > and PKI. Often the documentation on these subjects doesn't define > the > > > new words, or they use equally arcane terms to define the arcane > term > > > for which you're trying to get the definition. > > > - There doesn't seem to be any support for the network and firewall > > > administrator who just wants to get a CA setup and running so that > he > > > can use certificates for SSL and L2TP/IPSec authentication and > > > encryption." > > > > > > > > > Boy, that just seems to sew it up in a nutshell, doesn't it? You'd > > > think that if this opinion is as common as I believe it to be, > > somebody > > > out there could simplify the process somewhat... > > > > > > *thunk* *thunk* *thunk* (head banging against desk...) > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke Sent from Newark, TX, United States ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~