2

According to this KB article : http://support.microsoft.com/kb/817379 You have to disable "Require SSL" for active sync to work.

Thats fine, I did that. It works now. But I have a few questions..

  • on my iPhone, the SSL box is still checked. I have to wonder if my communications are encrypted or not. I'll sniff them a bit later today to see.

  • perhaps I'm mis understanding the KB article, and what actually got turned off is the communication between IIS and the Exchange backend.. I'm just a linux guy, what do i know? :)

Anyways, I need the data to be encrypted so I'm looking for clarity/explanations.

Could I just throw a reverse proxy in front of this and let it do the ssl?

Thanks.

Jeff MacDonald
  • 131
  • 1
  • 5

2 Answers2

3

If you disabled the "Require SSL" option for the Exchange virtual directory ("/Exchange") this means the virtual directories for Active Sync ("/Microsoft-Server-Active-Sync" on Windows Server 2003) and Outlook Mobile Access ("/OMA") can still be set to "Require SSL" and the data between the server and your iPhone will still be encrypted. This only concerns Exchange Back-End Servers which means as long as you have a Front-End Server you're fine. If this Server is the only Server you have, then it is now possible to access Outlook Web Access without SSL. If that is something you want or like is up to you. I personally wouldn't want that to be possible.

Yes, you could also use a reverse proxy so that at least the traffic leaving your network is encrypted.

lsmooth
  • 1,541
  • 1
  • 9
  • 18
1

Ensure your ActiveSync is using SSL by testing with https://www.testexchangeconnectivity.com/ and block port TCP 80 on your Internet firewall (inbound) and you'll be fine.

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25