Exchange 2003, ActiveSync and SSL

dave-lew99 · 13 Apr 2010 at 22:08

I'm hoping someone can correct me here, but am i right in thinking that you cannot run ActiveSync over SSL?

Every article i've looked at says to disable SSL on the ActiveSync virtual directory, this seems like a severe limitation to me.

I've got Exchange 2003 running in SSL with FBA at the moment, although i disabled FBA but this made no difference, the ActiveSync device (nokia N95/MailForExchange) first connects on 443 then on 80 (from the logs), even though it's configured to run in secure mode and only on 443.

Normally i'd blame the phone but after reading around i'm not so sure.

Anyone care to elighten me?

droyden · 13 Apr 2010 at 22:15

There is a work around for it:

http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm

dave-lew99 · 13 Apr 2010 at 22:23

Yes, don't i feel a little stupid now.

I saw that article before (as well as the MS KB one) but didn't read it past the 'turn off FBA/SSL' point.

In case anyone else is reading this it works thusly -

When running ActiveSync, the server itself will initiate a connection to /exchange for the data. This connection (obviously) doesn't need to be secured.

This means that a duplicate of the /exchange virtual directory which isn't encrypted is OK as long as the ACL on the directory only allows the server itself access.

This means your original /exchange can stay with SSL/FBA and everyone is happy.

droyden · 13 Apr 2010 at 22:26

hehe easily missed