Step 1: Configuring the Microsoft-Server-ActiveSync virtual directory
The first step in the ActiveSync configuration process is to install an SSL certificate on each client access server that hosts the Microsoft-Server-ActiveSync virtual directory. For the purposes of this tutorial, I'm assuming that you've already acquired an SSL certificate for use with your Exchange 2007 server. You must now configure the Microsoft-Server-ActiveSync virtual directory to require SSL encryption.
Begin by selecting the Internet Information Services (IIS) Manager command from the Windows Administrative Tools menu.
When the IIS Manager console opens, navigate to the Web Sites -> Default Web Site -> Microsoft-Server-ActiveSync container.
Right click on the Microsoft-Server-ActiveSync container and select Properties.
Go to the Directory Security tab and click the Edit button found in the Secure Communications section.
Select the Require secure channel (SSL) checkbox and click OK to complete the process.
Step 2: Adjusting firewall settings for ActiveSync
The next step in configuring ActiveSync is to adjust the firewall settings to allow ActiveSync to use Direct Push. The actual procedure for doing so will vary depending on your firewall. What I can tell you is that if you have the Client Access Server role and the Mailbox Server role installed on two separate Exchange servers, you will need to open TCP port 135 on any firewall that might exist between the two servers. This will allow the RPC Locator service to communicate between the two servers.
Since you're requiring SSL encryption for the Microsoft-Server-ActiveSync virtual directory, you must open TCP port 443 on any firewall standing between the Internet and that the Exchange server on which the Client Access server role is installed.
In addition to opening these ports, Microsoft recommends that you set your firewall's timeout period to 30 minutes. Shorter timeout periods will cause mobile devices to initiate new HTTPS requests on a more frequent basis. These requests not only consume bandwidth, but they also shortened battery life on mobile devices.
Step 3: Creating an Exchange ActiveSync mailbox policy
The third step is to create an Exchange ActiveSync mailbox policy.
Open the Exchange Management Console and select the Client Access container to view the details pane, where any existing ActiveSync mailbox policies will be listed (there shouldn't be any, since this is a new server).
Click the New Exchange ActiveSync Mailbox Policy link found in the Actions pane to activate the New Exchange ActiveSync Mailbox Policy wizard.
The first step in the ActiveSync configuration process is to install an SSL certificate on each client access server that hosts the Microsoft-Server-ActiveSync virtual directory. For the purposes of this tutorial, I'm assuming that you've already acquired an SSL certificate for use with your Exchange 2007 server. You must now configure the Microsoft-Server-ActiveSync virtual directory to require SSL encryption.
Begin by selecting the Internet Information Services (IIS) Manager command from the Windows Administrative Tools menu.
When the IIS Manager console opens, navigate to the Web Sites -> Default Web Site -> Microsoft-Server-ActiveSync container.
Right click on the Microsoft-Server-ActiveSync container and select Properties.
Go to the Directory Security tab and click the Edit button found in the Secure Communications section.
Select the Require secure channel (SSL) checkbox and click OK to complete the process.
Step 2: Adjusting firewall settings for ActiveSync
The next step in configuring ActiveSync is to adjust the firewall settings to allow ActiveSync to use Direct Push. The actual procedure for doing so will vary depending on your firewall. What I can tell you is that if you have the Client Access Server role and the Mailbox Server role installed on two separate Exchange servers, you will need to open TCP port 135 on any firewall that might exist between the two servers. This will allow the RPC Locator service to communicate between the two servers.
Since you're requiring SSL encryption for the Microsoft-Server-ActiveSync virtual directory, you must open TCP port 443 on any firewall standing between the Internet and that the Exchange server on which the Client Access server role is installed.
In addition to opening these ports, Microsoft recommends that you set your firewall's timeout period to 30 minutes. Shorter timeout periods will cause mobile devices to initiate new HTTPS requests on a more frequent basis. These requests not only consume bandwidth, but they also shortened battery life on mobile devices.
Step 3: Creating an Exchange ActiveSync mailbox policy
The third step is to create an Exchange ActiveSync mailbox policy.
Open the Exchange Management Console and select the Client Access container to view the details pane, where any existing ActiveSync mailbox policies will be listed (there shouldn't be any, since this is a new server).
Click the New Exchange ActiveSync Mailbox Policy link found in the Actions pane to activate the New Exchange ActiveSync Mailbox Policy wizard.
