Exchange 2007 - Exchange ActiveSync Setup for Exchange 2007

These are instructions for configuring Exchange ActiveSync on Exchange 2007. They also apply if you are using a Client Access Server with mailboxes located on an Exchange 2003 server. The feature should be already available, these are settings to configure the feature securely.

Requirements

Exchange 2007
Trusted commercial SSL certificate*
Windows Mobile 6.0 handheld or another device with Exchange ActiveSync functionality.

Optional Components

Windows Mobile 6.0 Emulator (more information)***

Notes

* On Exchange 2007, the self signed certificate is not supported for use with Exchange ActiveSync. You must change it for a commercial certificate.

** If your Windows Mobile device is WM6 then it has the required components. If it is version 5.0 then you need to check if it has the MSFP Upgrade. To check, on the device, tap Settings, System and then choose About. You will see a version number like this:

OS 5.1.195 (Build 14847.2.0.0).

The key information is the build number, specifically the last three digits. If they are 2.0.0 or higher, then it has the MSFP update. If they are not, then contact your service provider or handheld manufacturer for an update.

*** If you are going to test this with the Windows Mobile Emulator then you need to ensure that the name on your SSL certificate works internally. You can do this either by using a hosts file (Host file for Windows Mobile) or the preferred way of Split DNS (how to setup split DNS). The split DNS method is the preferred solution as it allows you to use the SSL certificate internally with your users. If you are resetting the Windows Mobile emulator during testing, it is one less thing to worry about.

Server Setup

These settings should be set on the server with the Client Access Role.

Open the Exchange Management Console, then expand the Server Configuration, Client Access.
Click on the tab "Exchange ActiveSync".
On the virtual directory listed, open the properties of the directory. You need to set the correct external URL. This will allow Autodiscover on Windows Mobile 6.1 to work correctly. Ensure that the URL is in the format of https://host.example.com/Microsoft-Server-ActiveSync
The internal URL is not so critical.
Authentication should already have Basic authentication enabled, and the remote file server tab should be checked. Apply/Ok pit/
Expend Organisation Configuration, client Access. During the installation of Exchange 2007 SP1, a default policy was entered. Right click on that default policy and choose Properties.
On the first tab, set the Policy Refresh time to 36. This causes the clients to check for a new policy. If you do not set this before adding any devices, the devices that are added will not check for a new policy at a later date.
You should also consider requiring a password - if you do not then remote wipe does not work without a prompt being seen on the device.

Test the Settings

Before moving on the device configuration, you should test the settings.
To do this, there are a number of things that you can do.

On a Windows Mobile device or the emulator, browse to the server- https://host.example.com/ . If you get an SSL certificate prompt, then the ActiveSync feature will not work as it cannot cope with the certificate prompt. The certificate prompt will tell you what is wrong.
Ensure that you are using the correct address and that the certificate you have is trusted.
More details on dealing with SSL certificates and Windows Mobile devices can be found here.
Use the Microsoft Test site: https://testexchangeconnectivity.com

If you are getting errors with a separate Client Access Server, then ensure that you are connecting the device to the CAS server, not a mailbox server.

If you are co-existing with Exchange 2003, then check that forms based authentication is NOT enabled on the Exchange 2003 server. Finally on the /exchange virtual directory, make sure that integrated authentication is enabled.

Instructions on setting up the Windows Mobile based client can be found here.

Exchange 2007 Home Page - Site Home Page
Last Page Update: 19/02/2011

More Content from Sembee Ltd.
Resources on exchange.sembee.info	Other Sites	Sembee Ltd.
Microsoft Exchange 2003	Command Prompt Getting Started Guide	Microsoft Exchange Consultancy
Microsoft Exchange 2007	Login Scripts	Director's Blog
Microsoft Exchange 2010	MS Exchange Resources
Microsoft Outlook	Knowledge Base search
Exchange Networking Tasks	Recovery of MS Office content from Temp Files
Amazon Store	Troubleshoot the Automatic Updates Client
	UK ISP Status Pages
© Sembee Ltd. 1998 - 2011.
Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned within and is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given. Sembee Ltd. is registered in England and Wales at 33 Scrivens Mead, Thatcham, Berkshire, RG19 4FQ. Registered company number: 4704428. VAT Number GB 904 5603 43.

More UK Exchange Consultants Certificates for Exchange Command Prompt Getting Started Guide MS Exchange Resources Knowledge Base search Login Scripts Recovery of MS Office content UK ISP Status Pages Automatic Updates Client Sembee Blog
exchange.sembee.info from Sembee Ltd. UK MS Exchange Consultants
Home Exchange 2003 Groups Mailbox and Database Migration OWA ActiveSync Public Folders RPC over HTTPS SMTP Exchange 2007 Client Access Server Hub Transport Server Mailbox Server Installation and Config Exchange 2010 Client Access Server Hub Transport Server Mailbox Server Installation and Config Outlook Network Tasks Amazon Store