Microsoft Exchange/OWA without SSL

Question

Level 1

0 points

Microsoft Exchange/OWA without SSL

Greeting,

I have had a Microsoft Exchange server (2003 SP2) running for the last 5 years without SSL as it is a personal e-mail server (non-SSL), and have not had any issues with mobile sync'n. Previously I used IMAP on the iPhone v1 and I have also used a Treo and BB with my Exchange and never had any issues (using BES). Now with this iPhone v2 it appears I am forced to use SSL to get the e-mail to sync?

If so, why does the phone give you the option to disable SSL? I have read every forum posted here and none of the options have worked. I am able to sync Contact and Calendar information, but my e-mails only push to my phone after I read the messages in my Outlook Client on the workstation. If I receive any new messages and not review them on my workstation first, the phone is not updated with these messages at all.

I am not using a front/back-end set up, I have a single Exchange server.

Has anyone confirmed you are required to have a certificate to get the e-mail syncing to work? And there is no solution to non-SSL Exchange users?

Posted on Jul 14, 2008 6:40 AM

Reply

Answer 1

ethanm

Level 1

5 points

Aug 14, 2008 6:24 PM in response to Mr Upson

Not using SSL isn't causing your unread messages to not sync/push to your iPhone. What's causing that is probably your AV software. Take a look at this Microsoft KB article: http://support.microsoft.com/kb/827615. I also recommend running the Exchange Best Practices Analyzer which can identify some of the top issues your server may be experiencing: http://technet.microsoft.com/en-us/exchange/bb288481.aspx.

Reply

Answer 2

Willius

Level 1

10 points

Aug 14, 2008 7:08 PM in response to Mr Upson

My company runs exchange without SSL enabled. For a long time, I was unable to get push to work. Today, I found a thread (which I cannot seem to locate now) that said to do the following:

1. Obtain the certificate of your exchange server.
2. Email this certificate to an account that you can access on your iPhone.
3. Install the certificate via the email on your iPhone.

After doing this, I am able to confirm that push is working without using an SSL connection.

Getting the certificate can be tricky. I used Firefox 3. First I accessed my company's OWA via https://www.mydomain.com/owa. I was presented with a message about the certificate. I clicked on 'View Certificate', then drilled down to details, and then exported the certificate to my desktop.

Hope this helps.

Reply

Answer 3

ethanm

Level 1

5 points

Aug 14, 2008 7:23 PM in response to Willius

If you're using https to access OWA, then you're using SSL. There is confusion between "enabled" and "required". SSL is enabled for your Exchange server, but if you can access via http, then it's not required.

Reply

Answer 4

Willius

Level 1

10 points

Aug 15, 2008 4:34 AM in response to ethanm

True, I use https when connecting via my browser so that I can obtain the certificate. However on the iPhone, I must have SSL turned off because it is not "enabled" (and therefore not "required") for OTA ActiveSync in our configuration. In this instance, the certificate on my phone is only used authenticate the sender of the push request.

Why in the world my company chooses to have exchange running OTA connections without SSL is beyond me, but that is a discussion for a different thread. 😉

Reply

Answer 5

ethanm

Level 1

5 points

Aug 15, 2008 4:28 PM in response to Willius

Willius,

This makes no sense. If OWA works with HTTPS, then any EAS device (Windows Mobile / iPhone) connection should work over HTTPS. EAS and OWA work off the same virtual server. They're just two different virtual directories (/OWA & /Microsoft-Server-ActiveSync). There is no way to "disable" SSL connections at a per virtual directory level in IIS as far as I know.

It's quite possible the certificate isn't trusted on your iPhone, but even that would be easy to get around by clicking "Accept" when the "this certificate isn't trusted" prompt comes up during configuration.

Reply

Answer 6

Willius

Level 1

10 points

Aug 17, 2008 1:32 PM in response to ethanm

I agree that it does not make sense, but it is, in fact, the way it works for me. When I enable SSL via the iPhone, I get a message that states I cannot connect. I have inquired with the IT staff at my company and the said that SSL is not supported in our current configuration. However, when I access OWA, I must connect over https. And installing the self-signed certificate from that connection on the iPhone made push work.

Reply