Log in


Tags » ‘Client Access Server’

Autodiscover for ActiveSync!

Categories: Microsoft Related
October 25th, 2009 by

Microsoft has introduced a new feature in Exchange 2010, autodiscover for mobile devices.  The idea here is that a user will enter their email address and their password.  The mobile will then query a DNS server looking for autodiscover.domain.com and grab an xml file from the web server.  The xml file will then configure the device for the user!  This communication is over SSL so it is secure.  Talk about making the deployment of mobiles even easier!  Of course the mobile device needs to be able to support audodiscover.

Tags:
No Comments »

Client Access Servers in the DMZ

Categories: Microsoft Related
October 21st, 2009 by

I came across an interesting article over at the Exchange Team blog, http://msexchangeteam.com/archive/2009/10/21/452929.aspx.  Basically explaining why not to place a CAS in the DMZ. 

I have to agree, I have come across this request a number of times in the past while at client sites stating that they would like to place a CAS in the DMZ and I have always recommended (even when the subject doesn’t come up) to place an ISA server in the DMZ to act as a reverse proxy.  ISA 2006 really gives you added benefit protecting your servers from a number of different attacks.  By allowing users to authenticate at the ISA level in the DMZ your remove the opportunity for a malicious user to attack your servers.  There is also the aspect that you can use ISA to load balance and perform link translation, that’s where your internal link is different than your external link. 

The other added benefit?  You don’t have to open your internal firewall to all the required ports Exchange will use.  This would be termed swiss cheese. 

So, if you’re thinking about placing a Client Access Server in the DMZ think twice, you really shouldn’t.

Thanks to the MS Exchange team for posting a reminder out there!

Tags:
No Comments »

Exchange 2010 Client Access Server Proxying…

Categories: Microsoft Related
October 20th, 2009 by

I came across an interesting note on the Exchange 2010 ActiveSync and Exchange 2003

Users who have mailboxes on an Exchange 2003 server who try to use Exchange ActiveSync through an Exchange 2010 Client Access server will receive an error and be unable to synchronize unless Integrated Windows authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server. This enables the Exchange 2010 Client Access server and the Exchange 2003 back-end server to communicate using Kerberos authentication.

 Proxying isn’t supported between virtual directories that use Basic authentication. For client communications to be proxied between virtual directories on different servers, the virtual directories must use Integrated Windows authentication. 

 http://technet.microsoft.com/en-us/library/bb310763(EXCHG.140).aspx

Tags:
No Comments »
Newer Entries »