Wednesday, December 15, 2004

What's in a Synch?

How does a Microsoft mobile device synch against SBS 2003? Let's break it down.

Microsoft Mobile Devices
A Microsoft mobile device such as a SmartPhone or a Pocket PC Phone Edition phone work in similar was (exactly the same way for Windows Mobile based phones (i.e. the 2003 versions). These devices will get an internet connection (via GPRS, CDMA or WiFi or BlueTooth, depending on the device) and then authenticate to https://www.fqdn.com/microsoft-server-active-sync .



Because Exchange is primarily designed for the larger companies; it expects a front-end server to accept the web requests and a back-end server where the mailbox stores live. SBS is both front-end and back-end server; because of this, the request received in teh MSAS virtual directory is sent (via a loopback) to the \exchange-oma virtual directory. While this data loop-back is not SSL encrypted, this virtual directory is IP restricted to the local box such that the non-SSL encrypted data is all processed locally.

It is very important not to change the ip restrictions on the \exchange-oma directory, or you could have users mail broadcasted in clear text via an OWA session

WAP 2.x Browse Phones
WAP 2.0 and higher browser phones can view their Exchange stor by browsing to https://www.fqdn.com/oma. Once authenticated, the user can browse their inbox in a hyper-text like format. Be warned though, many of these phones do not support the self-signed certificate that SBS provides (meaning they will not prompt you to accept an invalid certificate, but rather just complain and fail.

Once the authentication occurs, the same loopback to the \exchange-oma directory will occur.

2 comments:

Vadim said...

Great article!

I've set up my OMAover HTTP on the SBS2003-SP2, based on numerous "how to config" articles found on the net. On SBS, like in my case the server is a standalone exhange, with the /exchange-oma VDIR on the same Exchange / box. I still get the dreaded : Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server.

WHY?! The registry/webdav shoulkd communicate withe OMA vdir!!!! Everything that I've read about this should be in place.

Sean Daniel said...

So you're running native Exchange, and can't get OMA synch to work? You're not using SBS, but have created the exchange-oma v-dir and it still doesn't work?

Ok, here is the deal. Configure the /Exchange directory with forms based auth, and SSL and all that jaz

Configure the \Exchange-oma v-dir without forms based auth, and no SSL required, but lock it down to the IP address of the server only (both the internal and external IP addresses are required, if you have them).

Then you'll have to play in the registry (being very carful of course, the registry can cause problems with your system if you don't update it properly.

Point your registry explorer at hklm \system \currentcontrolset \service \massync \Parameters and create a dWORD called "ExchangeVDir", and set the contents of the key to "/Exchange-oma" without the quotes.

Then from a command prompt, run "iisreset".

Let me know if that works, or if i have your scenario all wrong.