Showing results for 
Search instead for 
Did you mean: 

Clientless OWA for BIS a la Clientless ActiveSync for iPhone/WinMo?

Not applicable

Clientless OWA for BIS a la Clientless ActiveSync for iPhone/WinMo?

How can we allow our Blackberry Internet Service (BIS) users access to OWA through our SA2500?  I have been unsuccessfully trying to use a "No Authentication" policy for OWA along the lines of the process for iPhone/WinMo access to ActiveSync, but I am not wed to this approach.
Much as our iPhone and Windows Mobile devices can use our SA2500's Clientless Exchange Active Sync (EAS) to access internal emails (this is working for us), we'd like to use Blackberry Internet Service's (BIS) support for  OWA as a means for users to access their mailboxes.  In simplest terms, we want to use the IVE to provide SSL encryption for the OWA stream (authentication and mailbox access), otherwise letting BIS connect to OWA as if the IVE didn't exist.
FWIW, we don't currently have POP or IMAP enabled in our Exchange environment and would prefer not to enable them.  We are using standard IVE OWA rewrites to provide access to OWA for human users via bookmarks / web resource profiles.  We are using Exchange 2003.  IVE to OWA communication is via HTTP; SSL is not being used on this leg.
My initial attempts at configuring the Blackberry-OWA authenticationless access a la Clientless ActiveSync have been unsuccessful. Based on the IVE Help topic Enabling ActiveSync warning that OWA and EAS cannot use the same hostname, I created a second virtual host for the OWA front end ( and a distinct backend hostname (ow.private.local).  Note that the public ips for the public hostnames are the same and the private ips for the backend hostnames are the same and no mods have been made to the backend IIS config.  EAS continues to function using as the front end URL and as.private.local as the backend URL.   The virtual host authorization policy for both virtual hosts is set to "No Authorization".  Each "no authorization" sign in policy has an autocreated proxy pass-through policy, pointing to http://as.private.local:80/* for or http://ow.private.local:80/* for
From what I can tell from manually accessing via a web browser (standing in for the Blackberry Internet Service), the IVE returns the internal URL to the browser to the public interface.  I am prompted for OWA mailbox login credentials, which succeeds.  When trying to render the OWA interface, Firefox/IE appear not to be able to resolve the internal URL and the browsers throw an error ("Firefox can't find the server at ow.private.local"; IE doesn't provide any helpful information).  Note that during this process - actually before the name resolution - the address bar URL changes from to https:\\\exchange.  During the rendering, the title bar and tab in IE) changes to read "Microsoft Outlook Web Access".
Occasional Contributor

Re: Clientless OWA for BIS a la Clientless ActiveSync for iPhone/WinMo?

I'm interested to see what response/fix you've received on this. We are having the same issue, and we are actively troubleshooting. To me this issue looks on the surface to be: Because BIS is NOT ActiveSync, the ActiveSync functionality will not work. I just can't get any info as to what the BIS-OWA sync transaction looks like at all. I'm kind of surprised that no JTAC folks have responded here. It is a minor issue, but has prevented us from decommissioning our OWA server, which was one of the key goals in proceeding with the ActiveSync/IVE functionality. Just a pain in the neck, really.

I'll re-post if I find the fix.