I had a similar issue last week. This was with a SBS 2003 server with
Exchange Server 2003 SP2. OWA was working fine from outside. Tried to setup
an iPhone and I think received the same error message. I checked everything
I found on the web and all the settings were correct. It just wouldn't
connect. Tried my Windows Mobile phone and it wouldn't connect either. It's
error message stated it was permissions also. Double, triple-checked and
everything was enabled and set correctly.

Got so frustrated decided to start from the beginning. Re-ran the Connect to
Internet Wizard, verified the SSL cert, checked in Exchange Server Manager
for the Mobile Access and made sure the settings were enabled there, checked
the users account and verified the mobile settings were enabled, checked the
SBS firewall. Everything looked correct and as it was before.

Went to my mobile phone. Deleted the server from ActiveSync. Configured the
Server Source again from scratch. Ran a sync and it connected and started
downloading email. Went to the iPhone and deleted the Exchange Server
settings. Configured the Exchange settings from scratch and it connected to
the server and downloaded the email, contacts and calendar. Success at last.

I don't know what was causing the problem but whatever it was it seemed to
have been fixed by starting from the beginning again.

Though they are not using ISA Server, SBS is set up with two NICs and is
using the internal firewall settings. They have a hardware firewall which I
never changed or touched during this exercise.

Maybe this will spark an idea or thought that will help.

Art

-----Original Message-----
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Monday, August 24, 2009 10:56 AM
To: NT System Admin Issues
Subject: RE: Still struggling with iPhone, ISA and SSL certs...

We've broken this down into several steps trying to get this to work.
We backed away from using the iPhone and used a Windows Mobile device to
connect to the Exchange server using our internal wireless network
without SSL and was able to get that to work through OWA, but the
ActiveSync is still not working.  We're getting "Your account in
Microsoft Exchange Server does not have permission to sync with your
current settings".  We've checked Outlook Mobile Access and Outlook Web
Access settings and they're both enabled.  We've Google this and tried
just about everything we've found and still not working.

For those who just tuned in, we eventually want to get this working
running an iPhone through an ISA 2006 server to Exchange 2003.

-Paul

-----Original Message-----
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Saturday, August 22, 2009 12:35 AM
To: NT System Admin Issues
Subject: RE: Still struggling with iPhone, ISA and SSL certs...

Huh? PKI is relatively simple technology. Usually both parties need to
trust a mutual third party (a CA). A similar concept to Kerberos or even
AD in general (both clients and servers trust DCs)

The tricky part about PKI is all the processes you have around managing
your CA, key escrow etc. What is the actual issue you are facing?

Cheers
Ken

-----Original Message-----
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Friday, 21 August 2009 10:12 PM
To: NT System Admin Issues
Subject: Still struggling with iPhone, ISA and SSL certs...

As the Security Admin and I are still trying to get the
hell-spawned-demonic-iPhone-from-the-putrid-cesspool-of-caustic-industri
al-waste-products to work through our ISA, we referred back to the ISA
2006 Migration Guide by Syngress.  The SA came in the morning and showed
me the following section in the book:
 
"The topic of Certificate Authorities (CAs)and PKI (Public Key
Infrastructure) is usually enough to drive many administrators away from
even considering SSL.  There are a number of reasons for this:
 - The available documentation on certificate authorities and PKI, in
general, is difficult to understand.
 - The subject has the potential to be extremely complex.
 - You need to learn an entirely new vocabulary to understand the CAs
and PKI.  Often the documentation on these subjects doesn't define the
new words, or they use equally arcane terms to define the arcane term
for which you're trying to get the definition.
 - There doesn't seem to be any support for the network and firewall
administrator who just wants to get a CA setup and running so that he
can use certificates for SSL and L2TP/IPSec authentication and
encryption."


Boy, that just seems to sew it up in a nutshell, doesn't it?  You'd
think that if this opinion is as common as I believe it to be, somebody
out there could simplify the process somewhat...

*thunk* *thunk* *thunk*  (head banging against desk...)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to