Exchange - Direct Push Setup for Exchange 2003/Windows Mobile 5.0/6

Exchange Server
Compatibility Information

Exchange
Server Version
Compatibility 5.5 No

2000 No

2003 Yes

2007 No

Direct Push Setup for Exchange 2003/Windows Mobile 5.0/6
Author: Simon Butler, Exchange MVP, MCSE
Last Page Review: 30/01/2008

This article explains how to configure Exchange 2003 to work with the Direct Push functionality of Windows Mobile 5.0 or 6. If you are using Small Business Server then you should follow the guide on Microsoft's web site here: http://www.microsoft.com/technet/prodtechnol/sbs/2003/deploy/winm5.mspx . If you are using the full product, then this guide should help you.

An Exchange 2007 version of this article is under preparation.

Requirements

Exchange 2003 with Service Pack 2 installed
Trusted commercial SSL certificate*
Windows Mobile 5.0 handheld with MSFP** or Windows Mobile 6

Optional Components

Windows Mobile 5.0 Emulator (more information)***

Notes

* While it is possible to deploy this feature without SSL, it means that your username and password details are going across in the clear.
It is also possible to deploy this feature with a home grown certificate. However a certificate that is trusted by Windows Mobile 5.0 with the MSFP update can be purchased for US$20 a year (link), which provides a more professional approach.

** If your Windows Mobile device is WM6 then it has the required components. If it is version 5.0 then you need to check if it has the MSFP Upgrade. To check, on the device, tap Settings, System and then choose About. You will see a version number like this:

OS 5.1.195 (Build 14847.2.0.0).

The key information is the build number, specifically the last three digits. IF they are 2.0.0 or higher, then it has the MSFP update. If they are not, then contact your service provider or handheld manufacturer for an update.

*** If you are going to test this with the Windows Mobile Emulator then you need to ensure that the name on your SSL certificate works internally. You can do this either by using a hosts file (Host file for Windows Mobile) or the preferred way of Split DNS (how to setup split DNS). The split DNS method is the preferred solution as it allows you to use the SSL certificate internally with your users. If you are resetting the Windows Mobile emulator during testing, it is one less thing to worry about.

Exchange Server Configuration

The setup of this feature is very straight forward.

Open Exchange System Manager on your Exchange server. Expand Global Settings.
Right click on Mobile Services and choose Properties.
Enable all of the options.
Click on device security and enable enforce password.
If you do not enable enforce password, then you cannot carry out a remote wipe without a prompt on the device.
Apply/OK out.

Test the Settings

Before moving on the device configuration, you should test the settings.
To do this, there are a number of things that you can do.

On your desktop, browse to https://host.domain.com/oma (where host.domain.com is the name on your SSL certificate). You should get a username and password prompt. Enter your username in the domain\username format. Then enter your regular password. You should get your mailbox in a plain text format.
Repeat the above test, but on a Windows Mobile device or the emulator. If you get an SSL certificate prompt, then the ActiveSync feature will not work as it cannot cope with the certificate prompt. The certificate prompt will tell you what is wrong.
Ensure that you are using the correct address and that the certificate you have is trusted.
More details on dealing with SSL certificates and Windows Mobile devices can be found here.

If you get any other errors, that indicate you do not have permissions, and you are using forms based authentication (your users get a web page to enter their username and password credentials in) and SSL then you should see our guide to that problem here.

If you are getting errors on a frontend/backend scenario, then ensure that you are connecting the device to the frontend server, not the backend.
On the backend server check that forms based authentication is NOT enabled. Finally on the /exchange virtual directory, make sure that integrated authentication is enabled.

Windows Mobile Device Setup

With the Exchange server now configured, you are ready to configure the Windows Mobile Device.
However before starting, carry out some quick prep checks to ensure that the device is working correctly:

Prep Work

If you are using the emulator, it will prompt you that it has found a network. Configure the network as the Internet, even though it is connected to the your LAN.
If you are not using DHCP internally, then configure the correct TCP/IP information in to the device.
Make sure that the SSL certificates issues have been dealt with. Browse to OMA to ensure that you don't get certificate prompts.
Check if you can see the internet from the device. Use our connection check page: http://check.amset.mobi/

Configuration

Tap Start, then Programs and choose ActiveSync.
Tap the option "Setup your device to sync with it".
In the first box, enter the fully qualified domain name of your server, which should match the name on your SSL certificate.
In this example, it is host.domain.com. Note that there is no https, / anything - just the full host name.
You should be using SSL so the option below the host should be enabled.
Tap next. Now enter your username, domain and password.
If you want the push functionality to work, you will need to enable the option to save your password.
Remember to change it here if you have to change your network password frequently.
You don't have to change anything in Advanced, it simply manages conflicts and event logging. The default settings will be fine.
Tap next.
Now you get the chance to adjust settings on how much is synchronised. Not all options have settings that can be changed.
If you tap E-Mail you can change email settings. The attachment handling could be important if you are charged for how much data you transfer.
After taping Finish the device will attempt to sync for the first time.
If you have a wireless network then you may want to connect the device to that for the first sync. You could also connect the device to your desktop so that the first sync takes place over a faster internet connection.
When you sync for the first time, you will be prompted to set a password on the device. Tap OK to continue.
For the push functionality to work, you need to ensure that the schedule is set to "As Items Arrive". You can access the schedule by taping Menu on the ActiveSync screen.
Depending on your device, you may also have to enable push in a wireless manager.

Questions

Q: Should I disable SSL before trying to get this to work?
A: When you put an SSL certificate on to Exchange, most people also enable forms based authentication. Enable FBA changes the behaviour of some of the web functionality that this feature uses. Therefore if you get it to work without SSL, then enable SSL, you may run in to further problems.

Q: I am getting an error message with the code 0x85010014.
A: This is well known - see our resolution here.

Sponsored Links

Last Page Update:
30/01/2008

Back to the Top
Contact Us - Advertise on amset.info
Exchange Index - Home Page

Broadband - Exchange - Login Scripts - Network Admin - Outlook - Windows Mobile - Windows

© Amset IT Solutions Ltd. 1998 - 2008. All rights reserved. Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned on this site. This site is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.