+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
Windows Thread, Setting up Exchange ActiveSync in Technical; I would look at getting rid of the Cert Error by using the correct Root CA...
  1. #16
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    112
    I would look at getting rid of the Cert Error by using the correct Root CA

  2. #17

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by somabc View Post
    I would look at getting rid of the Cert Error by using the correct Root CA
    its only us techies that use the activesync, we would like to buy the cert but there no money!

  3. #18
    HMCTech's Avatar
    Join Date
    Apr 2008
    Posts
    618
    Thank Post
    37
    Thanked 48 Times in 35 Posts
    Rep Power
    23
    I managed to get it working with iPhones (not tried any others) without SSL

  4. #19

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,074
    Thank Post
    160
    Thanked 937 Times in 731 Posts
    Blog Entries
    3
    Rep Power
    275
    Also, Remember that with Exchange 2007 a UCC SSL Certificate is required not just a normal cert this is for using ActiveSync, RPC over HTTPS etc

    I am currently awaiting another IP from our LEA (should be with me sometime this week) so that i can get this setup properly for us, have to use another IP as our current IP has the wildcard on it.

    When the LEA charge you £710 per IP... it makes things rather difficult

    James.

  5. #20

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by EduTech View Post
    Also, Remember that with Exchange 2007 a UCC SSL Certificate is required not just a normal cert this is for using ActiveSync, RPC over HTTPS etc

    I am currently awaiting another IP from our LEA (should be with me sometime this week) so that i can get this setup properly for us, have to use another IP as our current IP has the wildcard on it.

    When the LEA charge you £710 per IP... it makes things rather difficult

    James.
    £710 per ip, ours just seem to do what we ask them for stuff like that, until u need ports opening on a firewall and they spend forever doing it!!

  6. #21

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,074
    Thank Post
    160
    Thanked 937 Times in 731 Posts
    Blog Entries
    3
    Rep Power
    275
    Quote Originally Posted by glennda View Post
    £710 per ip, ours just seem to do what we ask them for stuff like that, until u need ports opening on a firewall and they spend forever doing it!!
    Nope, According to the people that do this for the LEA "Broadband Sandwell" that is the cost and there is nothing we can do about it.. which is a shame as it's a bugger! £230 per year for security maintainence.

    Basically from what i understand, it is because our LEA choose to use a 3rd Party Company such as themselves who have a centrally managed service from Synetrix and that is what the cost is for the changes to be done by Synetrix and therefore those costs are brought down to the client (us).

    According to him other LEA's dont charge there schools as they have IT Teams at the LEA and they deal with it that was centrally and dont then pass the costs down to the schools each time they need an IP... which i find rather confussing as my bosses brother who works in a school in Walsall, who dont have a very big IT Team at LEA Level and he gets as many IP's as he basically wants (obviously dont take the mick).

    So! just have to deal with it..

    -- note, that £230 security fee per Annum is Per IP Address and as we will now have 3 IP's that is a total of £690 per year we have to pay just for some security checks to get done -- though all of the NAT'd IP's will go to exactly the same LAN Card on our TMG Server.. but again the answer to that is someone could come in after us and change TMG Setup to use mutiple NIC's... -- crazy!

    James.
    Last edited by EduTech; 22nd February 2010 at 09:51 PM.

  7. #22

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    ours is done by an external company (atomwide) recently i have asked 4 3 sub domains to be set up, which obviously involes 3 seperate addresses and that involes 3 seperate addresses which are NAT into our internal address to the lea. but they havn't charged us a penny for it. but like i say, when you ask for port 443 open aswell as port 80 then they seem to take forever to decide that its okay!!

  8. #23

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,693
    Thank Post
    948
    Thanked 1,355 Times in 828 Posts
    Blog Entries
    1
    Rep Power
    451
    For exchange 2003 you do not need to have an ssl cert for activesync etc to work. ISA 2004 does need a certificate as will 2006 for any website that is published that requires authentication. For mobile activesync to work on WM based devices you generally need to ensure you have purchased a ssl cert thats based on one of the original mobile root ca providers. We purchase our certs from Geotrust and they are the QuickSSL Premuim as it has been signed by a mobile root ca. iPhones should not have this problem though as I *think* you can opt to ignore a cert error from an invalid ca (aka self signed)

    Alex do not ever use any auth based service without ssl. Buy a geotrust cert for the web address and install it in isa. Search google for quickssl premium and you can find resellers that will sell the cert for cheap.

  9. #24

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,239
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    Running Activesync without SSL is a bad idea as domain passwords and emails will be sent in clear text.

    For WM devices you don't need a commercial cert as you can easily add a internal domain CA to the the trusted list on the phone so that there is no error. This is how we have all of our gear setup as it means even the smart ones need to come to IT to get devices setup which allows us to do them right.

  10. #25
    HMCTech's Avatar
    Join Date
    Apr 2008
    Posts
    618
    Thank Post
    37
    Thanked 48 Times in 35 Posts
    Rep Power
    23
    If anyone has got ActivSync working on Exchange 2010 with iPhones please let me know.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Setting up Exchange 2003
    By jpshephard in forum How do you do....it?
    Replies: 6
    Last Post: 21st January 2009, 11:44 PM
  2. Setting Up An Exchange Server On Outlook Express 6
    By My220x in forum How do you do....it?
    Replies: 1
    Last Post: 16th May 2008, 01:32 PM
  3. ActiveSync Issue
    By Scruff in forum Windows
    Replies: 1
    Last Post: 5th July 2007, 11:47 PM
  4. ActiveSync 4.2
    By PiqueABoo in forum Windows
    Replies: 4
    Last Post: 7th July 2006, 08:52 PM
  5. Replies: 5
    Last Post: 4th July 2006, 05:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •