Deploying Exchange ActiveSync – kb 817379 explanation
Deploying Exchange ActiveSync to sync mobile devices is more of a cakewalk in Exchange 2007…The pre-requisites are outlined as:
- SSL certificate on the CAS role
- Enable ActiveSync for a user from EMC or shell
The scenario is a bit different in Exchange 2003 and admins who have deployed the same, will definitely be aware of kb: 817379. I would discuss the process in a nutshell.
- Disable Forms based authentication or FBA
- In IIS, take a copy of the Exchange Virtual Directory and call it ExchangeVDir
- Create a new virtual directory and name it as exchange-oma
- Change the authentication for exchange-oma:
a. Go to Properties
b. Directory Security tab
c. Authentication and access control, click Edit. Change the auth type to:
i. Integrated Windows authentication
ii. Basic authentication
d. Under Secure communications, click Edit. Make sure that “Require secure channel (SSL)” is not enabled, and then click OK.
5. In registry, got to–> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
6. Create a new String Value–> ExchangeVDir and modify it to–>/exchange-oma
7. Restart the IIS service
8. Enable FBA.
The kb article gives the symptom and resolution. The first time I did this, it was a mechanical job.
When we have a single exchange server and a mobile device tries to sync with the server over a WAN, the request is first directed to the Microsoft Server ActiveSync Virtual Directory. This behavior is by design. Once the request comes to the MSAS directory it would send and explicit logon request to Exchange virtual directory over port 80. Example http://servername/exchange/username Now, since exchange having SSL forced the request will no longer be proxied and will throw an error on the Mobile Device.
To bypass this, the recommended action is to introduce a front end server in the organization or we can also follow the steps in the kb article 817379 to create a copy of the Exchange Virtual Directory, name it appropriately and then redirect the request from the MSAS directory to the newly created Virtual Directory. In this scenario, we named it as exchange-oma.