Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 19787 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ActiveSync not disabling on non compliant devices?

MrS

Has anyone managed to get the ActiveSync to disable correctly when a device becomes non compliant?

I have iPad's & iPhones that are showing as non compliant in SMC as I have removed the passcode, and yet I am still able to access, send & recieve email using the enterprise exchange server? Are there any other steps that you need to do?

Thanks

:32913


This thread was automatically locked due to age.
  • 0

    Hey MrS! 

    I ran into this issue and in MY particular case I didn't realize that I was supposed to be using the Mobile Control server as the Mail Server in the ActiveSync profile. Not sure if this may be the same case for you. 

    After I changed my devices from 'WEBMAIL.COMPANY.ORG' to 'MDM.COMPANY.ORG' the whole non-compliant/limiting access to email rules fully applied.

    Thanks! 

    Justin 

    :33303
  • 0

    Hi Justin,

    Thanks for the suggestion but if I put the Mobile Control server in, I recieve the following error 'Exchange Account: Unable to verify account information" ?

    Maybe I have missed a step somewhere? I have got a support call raised with Sophos so when I get a resolution I will post the info here.

    :33333
  • 0

    Did you ever get a resolution on this? I have the same issue - with support at the moment but no point in re-inventing the wheel if someone knows the solution...

    :39611
  • 0

    Hi Dirk,

    you should make sure the following things are fullfilled:

    1. The EAS Proxy feature of SMC is successfully installed and configured correctly to point to your Exchange ActiveSync server.

    2.The mailbox of the userwhich should get email access has activated the ActiveSync feature.

    3. Your device uses an email profile using the SMC server as the email server.

    4. The device is shown in SMC as compliant

    If these things are fullfilled, the email access should be possible.

    Best regards

    Stefan

    :39659
  • 0

    1. True

    2. True

    3. If the SMC server is set as the exchange server the email setup does not complete - you get 'server error occurred. Check your username & password and try again' (credentials are correct)

    4. Although this is true, the whole point is that when a device is not compliant ActiveSync is not disabling.

    The original post appears to be the same issue - they had to use the exchange server in the email settings because using the SMC server caused an error. Obviously activesync cannot be disabled when connecting direct to the exchange server but when EAS Proxy is set up correctly and the user account is set up correctly you would expect to be able to configure a device correctly and you can't

    I'd hoped the OP had found a fix as this problem has been with support for 4 weeks and I am no further forward.

    :39677
  • 0

    Wondering if the OP or anyone found a solution to this.  I have the same issue.

    EAS works fine on the phone if hitting exchange server directly.  Can't connect through SMC.domain.com as email server.  Made sure phone isn't blocked via compliance issue.  I get the following in the EASProxy.log file on the SMC server:


    2013-06-17 12:38:02,762 INFO [EASP_HTCe11e182587a92d6b1172bdb99aa5e smartphone_solutions.easproxy.ProxyServlet] verify user 'XXXX' with active sync id 'HTCe11e182587a92d6b1172bdb99aa5e', deviceType is 'HTCOne', user-agent is 'Android-EAS/6.0.2313181912.565089.518216', protocol version is '2.5', request method is 'OPTIONS'
    2013-06-17 12:38:02,772 WARN [EASP_HTCe11e182587a92d6b1172bdb99aa5e easproxy.db.DataBaseAccess] could not find database entry for ActiveSync id HTCe11e182587a92d6b1172bdb99aa5e
    2013-06-17 12:38:02,772 INFO [EASP_HTCe11e182587a92d6b1172bdb99aa5e smartphone_solutions.easproxy.ProxyServlet] active sync id is unknown, try to resolve username to a device
    2013-06-17 12:38:02,772 INFO [EASP_HTCe11e182587a92d6b1172bdb99aa5e smartphone_solutions.easproxy.ActiveSyncIdResolver] resolveActiveSyncId()
    2013-06-17 12:38:02,782 INFO [EASP_HTCe11e182587a92d6b1172bdb99aa5e smartphone_solutions.easproxy.ActiveSyncIdResolver] failed to resolve active sync id 'HTCe11e182587a92d6b1172bdb99aa5e', could not find a matching device
    2013-06-17 12:38:02,782 WARN [EASP_HTCe11e182587a92d6b1172bdb99aa5e smartphone_solutions.easproxy.ProxyServlet] could not resolve active sync id 'HTCe11e182587a92d6b1172bdb99aa5e' to a device
    2013-06-17 12:38:02,782 INFO [EASP_HTCe11e182587a92d6b1172bdb99aa5e smartphone_solutions.easproxy.ProxyServlet] cache permission for device id 'HTCe11e182587a92d6b1172bdb99aa5e', traffic is forbidden, expiration Mon Jun 17 12:38:32 EDT 2013

    :40887
  • 0

    Our EAS proxy works fine, but for me the next question is, how can we prevent users from adding an Exchange account on their devices using the exchange server directly?

    We are using OWA (outlook web access) and I wondered how we can enable access to our exchange directly (for owa purpose only) but disable eas access directly, because both use HTTPS 443?

    :41141
  • 0

    Hello mkc_admin,

    for me its look like the smartphone isn´t  linked over ldap to the user.

    Is it possible that you use an internal directory and not the external active directory?

    with kind regards

    Björn

    :41533
Unfiltered HTML