This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using iPhone 3G with Exchange OMA ActiveSync

Using your iPhone with Exchange Outlook Mobile Access (OMA)

If you already have Outlook Web Access (OWA) set up, then you likely have nothing to do on your V7.3 Astaro firewall to get your iPhone working with Exchange OMA.  If you haven't setup OWA, then you will need to do the preliminary setup at the bottom of this post.

When setting up the Exchange mailbox on your iPhone, the server address to use is the one you're already using for OWA (the same as the one created in step 1 below): outlook.yourdomain.com (using our example).

The only other firewall-related issue discussed in the iPhone/Exchange setup instructions is the HTTPS connection timeout.  Apple wants you to make sure it's set at an hour or longer.  No worries - your Astaro's timeout is set at four days!

A final iPhone tip unrelated to the Astaro.  The ActiveSync conversation between the iPhone and OMA will sometimes stall.  To restart it, just "reboot" the Mail app: while in Mail, shut it down by holding the home button down for 8+ seconds.  When the home screen appears, you have stopped Mail.  The next time you touch the Mail icon, it will start up from scratch and restart the conversation with OMA.  If this is the first ActiveSync device you are using with your Exchange server, you might need to do the simple registry edit described in: http://marc.info/?l=patchmanagement&m=121632162501913&w=2

Preliminary setup if you aren't already doing Outlook Web Access

In Network >> Interfaces, select the Additional Addresses tab and create a new public IP address named (for example) Outlook_External on the external interface. Have an entry added to your public authoritative name server for this address named (for example) outlook.yourdomain.com
In Definitions >> Networks, create a host named (for example) Outlook_Server with the IP address of the server where OMA and/or OWA will run.
In Network Security >> Packet Filter, select the Rules tab and create a new rule named (for example) Outlook_Access allowing Any network to use the HTTPS service to Outlook_External (in our example).
In Network Security >> NAT, select the DNAT/SNAT tab and (using our example names) create a DNAT rule rerouting HTTPS traffic from Any source destined to Outlook_External to Outlook_Server.

This thread was automatically locked due to age.

0 BAlfson over 17 years ago

And the only thing I found that would resolve all issues was doing a restart on the server.  Once OWA was accessible, my iPhone also started receiving pushed messages.

An interesting phenomenon was that the iPhone would get cranky with OMA and start hitting the server with packets the Astaro labeled "WEB-MISC PCT Client_Hello overflow attempt ... sid=2515 ... Attempted Administrator Privilege Gain" - I assume that was because the server wasn't responding correctly.

I believe the correct analysis of the situation is at

   http://m***changeteamcom/archive/2007/07/18/446400.aspx

NOTE! - the BBS doesnt like *** so replace the *** above with s, e and x

They suggest that you disable the TCP chimney offload feature.  Do this without rebooting by running the following command from the prompt:

   Netsh int ip set chimney DISABLED

If that works for you, you might want to consult http://support.microsoft.com/?kbid=948496 so that you don't have to run the command after each reboot.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 17 years ago in reply to BAlfson

I continued to have to reboot the server occasionally.  I finally just started trying to restart individual services.  None of my guesses worked.  Eventually, I tried 'Routing and Remote Access Service' - BINGO!

Now, when I hear that OWA is not working, or I notice that my iPhone won't download from Exchange, I use my iPhone to VPN into the Astaro and, using the WinAdmin Remote Desktop app I bought for my iPhone, I restart RRAS and everything is fine.  To cut down on the need to do that, I scheduled the following batch file to run automatically on the server at 5AM every day:
NET STOP wblogsvc
NET STOP RemoteAccess
NET START RemoteAccess
NET START wblogsvc

We don't use that server to provide VPN services, so no one notices when these services are resarted during the day.  I imagine any organization larger than the smallest would have a similar situation.

If anyone knows of a fix that would replace my work-around, please let me know.

Thanks - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 14 years ago

I received the following questions via email from RoelofW, so I edited the how-to in Post #1.

1. When I put an additional address to the external interface, what IP do I have to put there? An external IP or the one of my Exchange server?
2. Creating the DNS record, do I have to do that in the Astaro or should I create it in my AD?

Hopefully, it's now clear that the IP on the External interface is a public IP, different from the one pointed to by the FQDN in the MX record. And, also, that the DNS record is added in public, not private, DNS.

We also add an internal FQDN for outlook.yourdomain.com that points to the server's internal IP so that users with laptops can access it with the same link whether they're outside or inside the network (physically, or via VPN).

CHeers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 denko2k over 14 years ago in reply to BAlfson

Dear Bob,

thanks for this example, but:

In Network >> Interfaces, select the Additional Addresses tab and create a new public IP address named (for example) Outlook_External on the external interface. Have an entry added to your public authoritative name server for this address named (for example)...

In "Interfaces & Routing" >> "Additional Addresses" >>
I only can define a IPv4 addresse!
I use DynDNS.org and my OWA (Exchange 2003) already works fine with WAF (Port. 4445).

Could you please tell me how to config OMA by using DynDNS?
Thanks.

(I use Astaro Soft 8.2)
Cancel
Vote Up 0 Vote Down

Cancel