I would look at getting rid of the Cert Error by using the correct Root CA
I managed to get it working with iPhones (not tried any others) without SSL
Also, Remember that with Exchange 2007 a UCC SSL Certificate is required not just a normal cert this is for using ActiveSync, RPC over HTTPS etc
I am currently awaiting another IP from our LEA (should be with me sometime this week) so that i can get this setup properly for us, have to use another IP as our current IP has the wildcard on it.
When the LEA charge you £710 per IP... it makes things rather difficult
Basically from what i understand, it is because our LEA choose to use a 3rd Party Company such as themselves who have a centrally managed service from Synetrix and that is what the cost is for the changes to be done by Synetrix and therefore those costs are brought down to the client (us).
According to him other LEA's dont charge there schools as they have IT Teams at the LEA and they deal with it that was centrally and dont then pass the costs down to the schools each time they need an IP... which i find rather confussing as my bosses brother who works in a school in Walsall, who dont have a very big IT Team at LEA Level and he gets as many IP's as he basically wants (obviously dont take the mick).
So! just have to deal with it..
-- note, that £230 security fee per Annum is Per IP Address and as we will now have 3 IP's that is a total of £690 per year we have to pay just for some security checks to get done -- though all of the NAT'd IP's will go to exactly the same LAN Card on our TMG Server.. but again the answer to that is someone could come in after us and change TMG Setup to use mutiple NIC's... -- crazy!
Last edited by EduTech; 22nd February 2010 at 09:51 PM.
ours is done by an external company (atomwide) recently i have asked 4 3 sub domains to be set up, which obviously involes 3 seperate addresses and that involes 3 seperate addresses which are NAT into our internal address to the lea. but they havn't charged us a penny for it. but like i say, when you ask for port 443 open aswell as port 80 then they seem to take forever to decide that its okay!!
For exchange 2003 you do not need to have an ssl cert for activesync etc to work. ISA 2004 does need a certificate as will 2006 for any website that is published that requires authentication. For mobile activesync to work on WM based devices you generally need to ensure you have purchased a ssl cert thats based on one of the original mobile root ca providers. We purchase our certs from Geotrust and they are the QuickSSL Premuim as it has been signed by a mobile root ca. iPhones should not have this problem though as I *think* you can opt to ignore a cert error from an invalid ca (aka self signed)
Alex do not ever use any auth based service without ssl. Buy a geotrust cert for the web address and install it in isa. Search google for quickssl premium and you can find resellers that will sell the cert for cheap.
Running Activesync without SSL is a bad idea as domain passwords and emails will be sent in clear text.
For WM devices you don't need a commercial cert as you can easily add a internal domain CA to the the trusted list on the phone so that there is no error. This is how we have all of our gear setup as it means even the smart ones need to come to IT to get devices setup which allows us to do them right.
If anyone has got ActivSync working on Exchange 2010 with iPhones please let me know.
There are currently 1 users browsing this thread. (0 members and 1 guests)