Tuesday, December 14, 2004

Configuring Mobility on SBS 2003

Somewhat recently, I did a live mobility webcast (that you can now listen to on demand) I went through the steps to configure mobility on your SBS 2003. It's easy, but it's not hand-held. The steps are a little confusing to get all setup, so I'm going to run through them here on my blog in hopes to get you mobile.

Configure the Server
First you'll have to configure the server. This is a single-click configuration. When running through CEICW (Configure Email and Internet Connection Wizard). On the Web Services page, simply check the box that is labelled Outlook Mobile Access. When you complete the wizard, this will configure the following things:

  • Enable OMA inside Exchange by setting an Active Directory object to enabled

  • Configure the firewall to allow access on port 443 (SSL webport) if it's not already open for another web service

  • Configure IIS to un-restrict the IP restrictions on both the \Microsoft-Server-Active-Sync and \OMA virtual directories. These are restricted Out of the Box to ensure high levels of security and only the services in use are available to the users
Now the server is configured, let's get to work on the clients!

Client Configuration
Client configuration is the most confusing aspect of setting up a mobile device, primarily because it's not intuitive, but if you know what you're doing, it's super simple.

  1. First thing is to setup a user. While you're in the Add User Wizard setting up that users computer, Choose to deploy ActiveSync 3.7 (even though it's old) as this will install

    • ActiveSync 3.7

    • SBSMobCfg - The SBS mobile device configuration utility

  2. When this is complete, tell the user to log off and log back on. This will intiate the installation of the above tools

  3. When ActiveSync is installed, simply hook up the device as per the instructions that come with it (except there will be no need to install ActiveSync, since it was installed via the server)

  4. On the first connection of the device, you'll see the following screen appear:

    This step configures the phone with predefined defaults that the user can change during the Getting Connected wizard that appears.

Once you complete the Getting Connected wizard, the phone will start it's first synch.

It's probably a good idea to leave the device in the cradle for the first synch since this will be the biggest most expensive sync you have. Once this is finished, you're ready to go mobile! What was the saying?

Go Mobile ... or Go Home!


13 comments:

Anonymous said...

I have a question for you maybe you can help me. Can you set up a SBS 2003 server for home use using a Dynamic DNS client? Is there any KB on how to set that up. Example, customer runs a small business from his home and is running high speed cable connection with dynamic ip address, he wants to run SBS 2003 server . Customer installed Dyndns.org client linksys router. How do we set up that remote web connection, Exchange, is that possible using the dynamic client?

Sean Daniel said...

Yup, indeed this is what I do at my house. I use no-ip.com (as it was recommended by a friend, I haven't researched other clients). I give no-ip a dollar amount/year to host the DNS for my domain name, from there I run their client as a service on my server, so if the IP address changes, it updates the records. I read your email simply by going to https://mydomain.com/remote and checking my email.

There are few gotcha's to be aware of
1) Some ISPs only give you internal IP addresses (ie non-routable), and hence your server will not be available on the internet, you might have to pay your ISP more money to get right out on the internet

2) Backup mail servers, if your house should have a power outage, or your cable goes down, your mail might be lost. You can get around this with services as a backup mail holder, no-ip provides this service for me, but I don't use it as it costs more money. I find that most (key word is most, not all) mail servers will re-try for a period of time to resend the mail, so when the server comes back up, mail will flood in over the next 30-60 minutes

3) spam filters. There are quite a few ISPs on the internet that filter spam based on the type of IP address it's coming from (usually determined by a reverse look-up on the domain). For instance, when I email my father, the mail NDRs since the email comes from sean@mydomain.com and that's ip 123.123.123.123 . When they reverse lookup 123.123.123.123 they find the domain is cr123456.comcast.net, so they consider it spam. The way you can get around this is use the SMTP host of servers ISP to route mail through, this seems to work great.

Other than those 3 gotchas that I've come across, SBS provides a GREAT infrastructure for a home network. When I get kids, I will install ISA so I can block certain addresses and track their web surfing.

Hope this helps.

Anonymous said...

Hi Sean,

I have setup SBS 2003 for learning purpose on my home LAN. I find setting up Email connectivity confusing and wondering if you could help. I have a cable connection, a router with a firewall, Dynamic DNS setup at DYNDNS.org as "fred.homedns.org". My local domain is homedomain.local and the server name is ALEX. How do I setup the Exchange server in SBS so that I can send/recv email? I have a mailbox at my ISP, OPTONLINE.NET, but I don't have a registered Internet domain name. Does my ISP need to know about my Exchange server IP address/DynDNS Domain name? If you could point me to a good article/book which explains how my internal DNS, Email, SBS 2003, ISP's DNS & Mail servers fit together, it would be a great help.

Thanks

Sean Daniel said...

Hi Fred,

What I would do is setup via the Configure Email and Internet Connection wizard the email domain name, certificate name as fred.homedns.org. Then configure the POP3 connector to download your mail from OPTONLINE.NET into your servers account every 15 minutes. Additionally, you can add the email address of User@optionline.net to your personal contact object, uncheck the box to follow the recipient policy and change that to be your default send as address. That way you'll send mail as the address and it will end up in your POP3 account. It's not a great business setup, but for testing at home it should work nicely.

Anonymous said...

Sean,

Thanks a lot for your reply.

Devinder

Anonymous said...

Hi

Recently I configured an XP for VPN connection and added PPTP server on D-Link FL-200 firewall (open port 1723). Still can't reach the SBS 2003 server? Do I need to configure anything on the server? and if so how to set it up Please?

ARY

Sean Daniel said...

You should make sure to run the Route and Remote Access Wizard on the server to enable the VPN services. Also, you might want to include L2TP and PPTP passthrough on your router!

Good luck!

Michael said...

Sean,

We are running SBS 2003. Our ISP is Comcast. We have the Comcast Workplace Standard package which allows us to have a staic IP. We are hosting a website accessible externally via www.h2racing.org but we are unable to access it from inside the network. The Comcast modem is an SMC model with 4 ports. It does not have pass-through of the static IP to the server, so the server external IP is 10.1.10.3 and the modem is 10.1.10.1. How could we configure our internal network to allow us to see the external website?

Sean Daniel said...

My guess is your SMC modem is blocking internal requests to it's external IP. You could call Comcast to verify this. Or you could create a forward lookup zone in your DNS snap-in for h2racing.com and create a A record for www, and point it to your server. This would allow you to resolve your website internally.

One caution here is since you're able to resolve it internally, if your comcast connection is down, you won't know just by resolving your domain name as the traffic never leaves your network.

Anonymous said...

Sean,

I also have SBS 2003 Standard set up at home, partly for learning but mostly for running the home network. I can't seem to get VPN remote access working(or any of the remote features for that matter). I use DYNDNS.ORG for my dynamic IP host, and have been through the CEIC wizard multiple times, always making sure that the VPN choice is selected(I've also tried selecting "enable all web services", with no difference). My ISP is Optimum Online, my server acts as the firewall using two NIC cards to separate home from internet. When using GRC.COM's "Shields Up!" to test my firewall it shows me that port 1723 is closed, which I'm sure is my problem. Is there a bug with the wizard? Should I just give up, disable the SBS firewall, and configure my Linksys wireless router to be the firewall instead? Also, I have kids and very much want to limit the internet access on their computers, what is ISA?

Sean Daniel said...

Appologies for my tardy reply

Having 1723 being closed, could be your problem, although you have to enable the PPTP protocol also. Make sure when you run through CEICW that you choose to enable the VPN protocol, not just open port 1723. So make sure that's done.

You might want to also try some web-access to make sure your server is actually on the internet. Some ISPs will save money on their end and place your server in a private network (with an IP of 10.1.x.x, or 192.168.x.x), these are not IP addresses are not on the actual Internet. So, you should make sure to check the WAN NIC of your SBS server to ensure it doesn't have one of those, if it does, you should contact Optimum Online and ask for a publicly routable IP address.

ISA ships with SBS Premium Edition and is a replacement firewall. It's much more complicated to understand and use than what ships with SBS Standard, but it does allow for more flexibility and control over your Internet connection.

Let me know if you need any more information.

Unknown said...

Hi Sean,

I've recently had a SBS2003 server installed, with active sync to my mobile. Works fine, just 1 simple question: where and how can I decide what mailfolders should be synchronised to my mobile? By default only the Inbox is synchronised, but I have some subfolders that I also want to synchronise. I've not found a menu where I can set that up.

Thanks,

John Overmars

Sean Daniel said...

Hi John,

I've also had trouble with this. On your phone when you are in the folder view, you can choose to sync a specific folder with your phone. I've only had success on the smartphone type phones, not the touch type devices. I'm still working on that one.

In the mean time, you always have "search server" and you can search any folder for mail.