Deploying Exchange ActiveSync – kb 817379 explanation
Deploying Exchange ActiveSync to sync mobile devices is more of a cakewalk in Exchange 2007…The pre-requisites are outlined as:
- SSL certificate on the CAS role
- Enable ActiveSync for a user from EMC or shell
The scenario is a bit different in Exchange 2003 and admins who have deployed the same, will definitely be aware of kb: 817379. I would discuss the process in a nutshell.
- Disable Forms based authentication or FBA
- In IIS, take a copy of the Exchange Virtual Directory and call it ExchangeVDir
- Create a new virtual directory and name it as exchange-oma
- Change the authentication for exchange-oma:
a. Go to Properties
b. Directory Security tab
c. Authentication and access control, click Edit. Change the auth type to:
i. Integrated Windows authentication
ii. Basic authentication
d. Under Secure communications, click Edit. Make sure that “Require secure channel (SSL)” is not enabled, and then click OK.
5. In registry, got to–> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
6. Create a new String Value–> ExchangeVDir and modify it to–>/exchange-oma
7. Restart the IIS service
8. Enable FBA.
The kb article gives the symptom and resolution. The first time I did this, it was a mechanical job.
When we have a single exchange server and a mobile device tries to sync with the server over a WAN, the request is first directed to the Microsoft Server ActiveSync Virtual Directory. This behavior is by design. Once the request comes to the MSAS directory it would send and explicit logon request to Exchange virtual directory over port 80. Example http://servername/exchange/username Now, since exchange having SSL forced the request will no longer be proxied and will throw an error on the Mobile Device.
To bypass this, the recommended action is to introduce a front end server in the organization or we can also follow the steps in the kb article 817379 to create a copy of the Exchange Virtual Directory, name it appropriately and then redirect the request from the MSAS directory to the newly created Virtual Directory. In this scenario, we named it as exchange-oma.
—
Ratish Nair
MVP Exchange
Team @MSExchangeGuru
September 10th, 2009 at 7:08 am
Great Post. Your’e good at what you do.
September 25th, 2009 at 4:42 pm
Thank you Joe. Really appreciate it.
October 30th, 2009 at 4:29 pm
Good job Buddy 🙂
December 23rd, 2009 at 2:33 am
Thanks Garrett.
December 22nd, 2009 at 9:55 pm
Clearly stated! Just gratifying! This is really an awesome explanation.
July 29th, 2010 at 5:58 am
Thanks… Mate
April 5th, 2011 at 12:18 pm
perfect, this fixed my 0x5010014 error code