Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ActiveSync via Firepass

I'm trying to set up ActiveSync through a v6.0.1 Firepass 4100. I want to be able to do this for multiple internal Exchange servers in different internal domains, authenticating with SecurID. The instructions in the on-line help tell me to create a landing URI of "Microsoft-Server-ActiveSync, the reserve name" which makes me think I can only have one landing URI for ActiveSync. Has anyone

a) got ActiveSync to work?
b) got it to work to multiple internal Exchange servers and multiple URI's?
c) got either of the above to work with SecurID authentication (or anything other than password AD username/password)?

Thanks


0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I have it working with AD only. We have several OWA servers behind a bigIP that are used for activesync. I setup a new web service on Firepass for activesync. I installed a Verisign certificate for the site. Note that Verisign now requires an intermediate certificate to work. Under Maintenance/URI-Customization I added an entry Microsoft-Server-ActiveSync set to activeSync authentication. For each master-group that will use Activesync in Protal Access:Web Applications:Master Group Settings turn on Proxy basic and NTLM auth using Firepass user logon form, and Auto-logon to Basic using Firepass user credentials and put in the domain. Add the Minimal Content-Rewriting Bypass entry for Firepass for /Microsoft-Server-ActiveSync* that points to your internal server. For the client set the hostname to the Firepass web service name, and supply the user NT authentication.

We have this working in a pilot mode now. We have been able to get it to work with most devices.

Given the way this works I am not sure if it is possible to map to multiple Exchange servers. You may want to try using different master groups with different minimum content Rewriting pointing to different servers. Exchange also may provide a way of having a single front end server talk to multiple Exchange servers.

I am using radius authentication with this process. As long as the user ID and password match the AD login it should work.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
im having issues with this at the moment but can't seem to find an issue, it looks to be a user account issue but not sure.

I followed the above instructions but my device won't connect.

i have version 6.0.3 on a 1200 and when browsing to https:firepassaddress.domain.com/Microsoft-Server-ActiveSync it propmts for a username and password.

When the username and password is entered i recieve the following error:

my.activation.php3 - client data is invalid! (logon was not allowed)

Any Ideas?
0