The iPhone, Exchange, ActiveSync, security, and some serious annoyances

If you want ActiveSync and a secure OWA implementation, you'll be putting up another Exchange front-end server just for that, or living with the fact that you can't require SSL connections or use forms-based auth with OWA, opening up some holes you'd rather not have open.

Please forgive the rushed nature of this post, but after an hour of beating up the various moving parts associated with providing ActiveSync to an iPhone (and other ActiveSync devices), I had to put this out there, hopefully to prevent anyone else from this particular pain.

If you use forms-based authentication on your OWA server, you can't use ActiveSync -- they're apparently mutually exclusive. Also, you cannot require SSL connections to the /exchange virtual directory if you want to use ActiveSync. Large installations already separate these tasks to separate servers for load reasons, and don't run into this, but if you have a single Exchange server (as was the case here) you're SOL.

Of course, this means that FireFox clients never actually log off from the OWA server, since they're not using forms-based auth.

So, to wrap it up: If you want ActiveSync and a secure OWA implementation, you'll be putting up another Exchange front-end server just for that, or living with the fact that you can't require SSL connections or use forms-based auth with OWA, opening up some holes you'd rather not have open.

I'm feeling more secure already.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
Related:
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.