Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 sp2




Download 1.65 Mb.
bet2/147
Sana21.03.2017
Hajmi1.65 Mb.
#1016
1   2   3   4   5   6   7   8   9   ...   147

Contents


Introduction 1

Document Structure 1

Deploying Mobile Messaging: Introduction 1

Assumptions 1

Software Requirements 2

Optional Items 3

Deployment Process Summary 3

Planning Resources 4

Messaging and Security Feature Pack Overview 5

Features 5

Security Features 6

Advanced Security Features 7

Administering the Messaging and Security Feature Pack 8

Understanding the Direct Push Technology 10

Direct Push Technology 10

Network Architecture Alternatives 16

Deployment Options 16

ISA Server 2006 as an Advanced Firewall in a Perimeter Network 22

Deployment with ISA Server in a Perimeter Network 27

Deployment on a Single-Server 28

Forms-based Authentication 29

Deployment with the Exchange Front End Server in a Perimeter Network 30

VPN Configuration 30

Best Practices for Deploying a Mobile Messaging Solution 31

Network Configuration 31

Security: Authentication and Certification 32

Deploying a Mobile Messaging Solution with Windows Mobile 5.0-based Devices 35

Deployment Process Overview 35

Step 1: Upgrade to Exchange Server 2003 SP2 36

How to Upgrade to Exchange Server 2003 SP2 36

Step 2: Update All Servers with Security Patches 37

Step 3: Protect Communications Between Windows Mobile-based Devices and Your Exchange Server 37

Deploying SSL to Encrypt Messaging Traffic 38

Enabling SSL for the Default Web Site 49

Configuring Basic Authentication 51

Protect IIS by Limiting Potential Attack Surfaces 54

See Also 55

Step 4: Protect Communications Between the Exchange Server and Other Servers 56

Using IPSec to Encrypt IP Traffic 56

See Also 56

Step 5: Install and Configure ISA Server 2006 or Other Firewall 57

Install ISA Server 2006 58

Install a Server Certificate on the ISA Server Computer 58

Create the Exchange ActiveSync Publishing Rule 62

Configure ISA Server 2006 for LDAP Authentication 73

Set the Idle Session Timeout for All Firewalls and Network Appliances to 1800 seconds 76

Test Exchange Publishing Rule 76

Step 6: Configure and Manage Mobile Device Access on the Exchange Server 77

Configuring Mobile Access 78

Configuring Security Settings for Mobile Devices 82

Monitoring Mobile Performance on Exchange Server 2003 SP2 86

Step 7: Install the Exchange ActiveSync Mobile Administration Web Tool 87

Download the Mobile Administration Web Tool 87

Step 8: Manage and Configure Mobile Devices 89

Setting Up a Mobile Device Connection to Exchange Server 89

Using the Exchange ActiveSync Mobile Administration Web Tool to Track Mobile Devices 92

Provisioning or Configuring the Windows Mobile 5.0-based Device 94

Appendix A: Overview of Deploying Exchange ActiveSync Certificate-Based Authentication 98

Configuring the Firewall for Certificate-based Authentication 98

Software Requirements for Certificate-Based Authentication 98

Downloading the Certificate Enrollment Tool 99

System Requirements for the Certificate Enrollment Tool 99

Steps to Enable Certificate-Based Authentication 100

Configuring Exchange Server 2003 Front-End Server 100

Configure Kerberos Constrained Delegation 100

Configure Servers to be Trusted for Delegation 101

Configure Windows Mobile Certificate Enrollment 101

Overview of Certificate Enrollment Configuration 101

Appendix B: Install and Configure an ISA Server 2004 Environment 104

Installing ISA Server 2004 105

Creating the Exchange ActiveSync Publishing Rule Using Web Publishing 106

Configuring the Hosts File Entry 111

Setting the ISA Server 2004 Idle Session Timeout 113

Testing OWA and Exchange ActiveSync 113

Testing OWA 114

Testing Exchange ActiveSync 114

See Also 114

Appendix C: Troubleshooting a Mobile Messaging Solution 115

Logging and Troubleshooting Tools 115

Monitoring Mobile Performance on Exchange Server 2003 SP2 115

ISA Server Best Practices Analyzer 116

Issues Related to Direct Push Technology 116

General Direct Push Troubleshooting Tips 116

Path Troubleshooting Direct Push 117

Verify Direct Push Initialization 118

Troubleshooting Direct Push Using Logs 120

Push Mail and GAL Lookup missing when syncing to Exchange 2003 SP2 with a MSFP Device. 122

Issues Related to ISA Server 2006 125

Double Authentication Required after Upgrading from ISA Server 2004 125

Log Off when the User Leaves Site Feature Removed 125

Windows Mobile Users Receive Error 401 Unauthorized 125

Users Receive Access Denied Error Message 125

Certificate Implementation Issues on the Server 128

Communication Issues between the Front-end and Back-end Exchange Servers 128

Frequently Asked Questions 128

Appendix D: Adding a Certificate to the Root Store of a Windows Mobile-based Device 129

Creating the Provisioning XML to Install a Certificate to the Root Store 130

Creating a .cab File that Contains the Provisioning XML 132

Distributing the CAB Provisioning File 132





Download 1.65 Mb.
1   2   3   4   5   6   7   8   9   ...   147




Download 1.65 Mb.

Bosh sahifa
Aloqalar

    Bosh sahifa



Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 sp2

Download 1.65 Mb.