The iPhone, Exchange, ActiveSync, security, and some serious annoyances

If you want ActiveSync and a secure OWA implementation, you'll be putting up another Exchange front-end server just for that, or living with the fact that you can't require SSL connections or use forms-based auth with OWA, opening up some holes you'd rather not have open.

Please forgive the rushed nature of this post, but after an hour of beating up the various moving parts associated with providing ActiveSync to an iPhone (and other ActiveSync devices), I had to put this out there, hopefully to prevent anyone else from this particular pain.

If you use forms-based authentication on your OWA server, you can't use ActiveSync -- they're apparently mutually exclusive. Also, you cannot require SSL connections to the /exchange virtual directory if you want to use ActiveSync. Large installations already separate these tasks to separate servers for load reasons, and don't run into this, but if you have a single Exchange server (as was the case here) you're SOL.

Of course, this means that FireFox clients never actually log off from the OWA server, since they're not using forms-based auth.

So, to wrap it up: If you want ActiveSync and a secure OWA implementation, you'll be putting up another Exchange front-end server just for that, or living with the fact that you can't require SSL connections or use forms-based auth with OWA, opening up some holes you'd rather not have open.

I'm feeling more secure already.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies