Hi,

This is because the ACL for ActiveSync and OWA are conflicting.

The simplist way around this is to create a host entry on the IVE for something like "mobilemail" and point it to the private IP address of your exchange server. Then edit the sign-in URL for your Activesync to point to the hosts entry. This allows you to have one ACL for Activesync, one for OWA and never the twain shall meet.

HTH

Kendal

Hi,

Thanks for the advice. Sorry to sound a bit dumb but I just wanted to confirm something.

I have setup a host of mobilemail pointing to the IP address of the Exchange server (10.1.1.2 for example).

In my signing in policy which section do I have to change? I have a virtual hostname of name.domain.co.uk and and backend URL of http://mailserver.domain.co.uk:80/*

Which bit on the signing in policy do I need to change?

Thanks,

D

Hi,

It's the back-end URL you need to change as that the bit the ACL applies to..

Regards

Kendal

Hmmm, I can't seem to get this working. I have done the following:

Under Network, Hosts, I have added an entry called mobilemail and pointed it to the internal address of the mail server

In the Signin policy I have changed the backend URL to various different things.

None of the changes I have made to the backend URL seem to work, if I check the User Access log then I can see lots of DNS lookup failures.

Apologies if I am bieng a bit dim

Thanks,

D

Hi,

I don't suppose anyone knows how to fix this? I can't get the two systems to work at the same time and it is driving me mad

Thanks,

D

I came accross this issue, OWA cannot be published in the two ways at the time due to the fact that the IVE is acting a proxy to the same resource twice - only one of them will work for you - most likely is that the activesync will overcome,

i have found a solution for this issue - I use IVS = virtual system :

1.On the IVS the OWA is published to the users on the portal

2.On the IVE ROOT the activesync feature is applied

all is working great,

please note that an IVS is not that cheap license and is supported from the SA4000 model and up.

Kodu me if you like this solution :-)

Hmmm, so this issue cannot be fixed without splashing some cash?

Thanks,

D

1. Create a Virtual host name, the redirectÓ

Authentication -> Signing in -> Sign-in policies

Click New URL button

Select Authorization Only AccessÓ

Virtual Hostname must match the certificate in step 4.

Changed URL from mail.co.com to autodiscover.co.com (default exchange) OWA uses mail.co.com See set 3 for explanation.

1. The redirects (Virtual host names) can be created ahead of time, if you want, and set to be disabled. Caution: Juniper creates a virtual DNS name for the entire VPN. That is why the above was changed; OWA was no longer able to use mail.co.com. It appears to be only set for the policy but it is truly the entire VPN, even if policy is disabled.

Ahead of time create URL with bad reference, example mobility999.co.com. After it is created select by checking box and click disable. Double click URL and adjust to the correct URL. When you click save changes the Virtual hostname is still disabled. Verify the check is not there.

1. Need a valid certificate

The Certificate should be created and installed ahead of time. However want to purchase near the conversion date since the certificate has a finite date. Import the Certificate into new Active Sync VPN. System -> Configuration -> Certificates -> Device Certificates Import Cert and KeyÓ

I just created a CNAME record in DNS for my internal activesync server and used that CNAME in the Virtual Hostname Sign-in Policy. No cash required...