다음을 통해 공유

Getting Exchange ActiveSync to work on a single box with Forms Based Authentication and SSL enabled.

  • 아티클

These are the revised steps that were originally outlined in:

 

817379 Cannot Access Exchange Server 2003 by Using Outlook Mobile Access When
https://support.microsoft.com/?id=817379

 

The only difference between these steps and the KB is that you create the new Virtual Directory iin IIS Manager and not ESM.

 

1. Start Internet Information Services (IIS) Manager

 

2. Locate the \exchange virtual directory (default location is Web Sites\Default Web Site\Exchange)

 

3. Right click on the Exchange virtual directory, choose All Tasks/Save Configuration to a File…

 

4. Type a name in the File name: text box (for example, ExchangeVDir)

 

5. Click OK

 

6. Right click the root of this web site (Default Web Site), choose New/Virtual Directory (from file)…

 

7. On the Import Configuration dialog box, select the Browse button and locate the file from step #4, then click Open

 

8. Next, select the Read File button

 

9. In the Select a configuration to import text box, select Exchange (or whatever virtual directory you selected in step #3) and press OK.

 

10. A dialog box will appear stating the virtual directory already exists. In the Alias text box, type a name for the new virtual directory that you want the
Exchange Server ActiveSync and Outlook Mobile Access processes to use. For example, type ExchDAV.

 

11. Click OK

 

12. Right click on the new virtual directory and choose Properties, in this example, ExchDAV

 

13. Select the Directory Security tab

 

14. Click the Edit button in the Authentication and access control section.

 

15. Verify only the following authentication methods are enabled

 Integrated Windows authentication
Basic authentication

 

16. Click OK

 

17. Click Edit under IP address and domain name restrictions.

 

18. Click Denied access, and then click Add.

 

19. Click Single computer (if this option is not already selected), type the IP address of the server that you are configuring, and then click OK.

 

20. Click the Edit button in the Secure communications section

 

21. Verify Require secure channel (SSL) is not enabled and click OK.

 

22. Click OK, and then quit IIS Manager.

 

23. Click Start, click Run, type regedit in the Open box, and then click OK.

 

24. Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

 

25. Right-click Parameters, point to New, and then click String Value.

 

26. In the New Value #1 box, type ExchangeVDir, and then press ENTER.

 

27. Right-click ExchangeVDir, and then click Modify.

 

28. In the Value data box, type a forward slash ( /) followed by the name of the new virtual directory that you created in step 10. For example, type /ExchDAV.

 

29. Click OK, and then quit Registry Editor.

 

30. Restart the World Wide Web Publishing Service. To do this: Click Start, click Run, type services.msc in the Open box, and then click OK. In the Name list, right-click World Wide Web Publishing Service, and then click

 

31. Restart the Server to make the registry changes effective.

 

If your using your smartphone to test Exchange ActiveSync, and your running your own Certificate (from your own Root CA), then you will need to install the DisableCertChk utility on the smartphone as the smartphone will use SSL to talk to the Microsoft-Server-ActiveSync vdir. If your running a Pocket PC 2003 device then you can toggle between using SSL or HTTP which is helpful for testing.

The DisableCertChk utility does not bypass the SSL connection, it just bypasses the verification check of the certificate to see if its trusted on the device or not.

Grab DisableCertChk from here https://www.microsoft.com/downloads/details.aspx?FamilyId=D88753B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en

To add a custom route certificate to you PPC, you will need this utility - https://www.microsoft.com/downloads/details.aspx?FamilyID=ecfde1c7-36c9-4c13-986e-8a46790f61e4&DisplayLang=en

Also, you'll need to publish the Microsoft-Server-ActiveSync virtual directory if your running ISA or the like.

Comments

  • Anonymous
    May 24, 2004
    Great info!
  • Anonymous
    August 03, 2004
    Many thanks for posting this. I spent quite a lot of time on this problem and this saved the day. Why has Microsoft taken away the article? Do you this there is a security issue?
  • Anonymous
    August 03, 2004
    Hi SharpEye,

    As far as I am aware, the information in the KB was wrong, and it hasnt been updated and re-published as yet.

    Nick
  • Anonymous
    November 01, 2004
    So I've been trying to get my new phone working with ActiveSync. Enabling a synchronization with the desktop was super-easy. Getting it to work with Exchange has been less so. Since he has the same phone, I asked Scoble for some insight. Despite an amusing interlude where he thought I worked at Microsoft and tried to point me to some...
  • Anonymous
    January 08, 2007
    PingBack from http://www.jnblockie.com/blog/?p=333