Pulse Secure formerly SSL VPN
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 16
Registered: ‎03-04-2010
0

Activesync for iPhone setup has broken OWA

Hi,

 

Hope someone can help.  I recently setup Activesync so that mail is available on an iPhone through our SA2000.  However I have now noticed that this setup seems to have broken the Outlook Web Access.  When someone tries to use OWA they get a page cannot be displayed and in the User Access log I get the following:

 

Access blocked due to invalid ActiveSync request. Host: hostname.domain.co.uk, Request: /exchange

 

I setup a new signing in policy for Activesync to allow only activesync traffic.  I then created a resource profile which auto created a resource policy.  Something with this is abviously causing a conflict, is there a way round this?

 

Many thanks,

 

D

Trusted Contributor
Posts: 186
Registered: ‎12-04-2007
0

Re: Activesync for iPhone setup has broken OWA

Hi,

 

This is because the ACL for ActiveSync and OWA are conflicting.

 

The simplist way around this is to create a host entry on the IVE for something like "mobilemail" and point it to the private IP address of your exchange server.  Then edit the sign-in URL for your Activesync to point to the hosts entry.  This allows you to have one ACL for Activesync, one for OWA and never the twain shall meet.

 

HTH

 

Kendal

Contributor
Posts: 16
Registered: ‎03-04-2010
0

Re: Activesync for iPhone setup has broken OWA

Hi,

 

Thanks for the advice.  Sorry to sound a bit dumb but I just wanted to confirm something.

 

I have setup a host of mobilemail pointing to the IP address of the Exchange server (10.1.1.2 for example).

In my signing in policy which section do I have to change?  I have a virtual hostname of name.domain.co.uk and and backend URL of http://mailserver.domain.co.uk:80/*

 

Which bit on the signing in policy do I need to change?

 

Thanks,

 

D

Trusted Contributor
Posts: 186
Registered: ‎12-04-2007
0

Re: Activesync for iPhone setup has broken OWA

Hi,

 

It's the back-end URL you need to change as that the bit the ACL applies to..

 

Regards

 

Kendal

Contributor
Posts: 16
Registered: ‎03-04-2010
0

Re: Activesync for iPhone setup has broken OWA

[ Edited ]

Hmmm, I can't seem to get this working.  I have done the following:

 

Under Network, Hosts, I have added an entry called mobilemail and pointed it to the internal address of the mail server

In the Signin policy I have changed the backend URL to various different things.

 

None of the changes I have made to the backend URL seem to work, if I check the User Access log then I can see lots of DNS lookup failures.

 

Apologies if I am bieng a bit dim Smiley Happy

 

Thanks,

 

D

Contributor
Posts: 16
Registered: ‎03-04-2010
0

Re: Activesync for iPhone setup has broken OWA

Hi,

 

I don't suppose anyone knows how to fix this?  I can't get the two systems to work at the same time and it is driving me mad Smiley Sad

 

Thanks,

 

D

Contributor
Posts: 138
Registered: ‎03-17-2008
0

Re: Activesync for iPhone setup has broken OWA

I came accross this issue, OWA cannot be published in the two ways at the time due to the fact that the IVE is acting a proxy to the same resource twice - only one of them will work for you - most likely is that the activesync will overcome,

 

i have found a solution for this issue - I use IVS = virtual system :

1.On the IVS the OWA is published to the users on the portal

2.On the IVE ROOT the activesync feature is applied

 

all is working great,

 

 please note that an IVS is not that cheap license and is supported from the SA4000 model and up.

 

Kodu me if you like this solution  :-)

rock the boat , dont sink the ship
Contributor
Posts: 16
Registered: ‎03-04-2010
0

Re: Activesync for iPhone setup has broken OWA

Hmmm, so this issue cannot be fixed without splashing some cash?

 

Thanks,

 

D

Contributor
Posts: 145
Registered: ‎05-04-2009
0

Re: Activesync for iPhone setup has broken OWA

[ Edited ]
  1. Create a Virtual host name, “the redirect”

Authentication -> Signing in -> Sign-in policies

Click “New URL “button

Select “Authorization Only Access”

Virtual Hostname must match the certificate in step 4.

Changed URL from mail.co.com to autodiscover.co.com (default exchange) OWA uses mail.co.com  See set 3 for explanation.

 

  1. The redirects (Virtual host names) can be created ahead of time, if you want, and set to be disabled.  Caution: Juniper creates a virtual DNS name for the entire VPN. That is why the above was changed; OWA was no longer able to use mail.co.com. It appears to be only set for the policy but it is truly the entire VPN, even if policy is disabled.

Ahead of time create URL with bad reference, example mobility999.co.com.  After it is created select by checking box and click disable. Double click URL and adjust to the correct URL. When you click save changes the Virtual hostname is still disabled. Verify the check is not there.

  1. Need a valid certificate

The Certificate should be created and installed ahead of time. However want to purchase near the conversion date since the certificate has a finite date. Import the Certificate into new Active Sync VPN. System -> Configuration -> Certificates -> Device Certificates “Import Cert and Key”

Trusted Contributor
Posts: 51
Registered: ‎06-17-2008
0

Re: Activesync for iPhone setup has broken OWA

I just created a CNAME record in DNS for my internal activesync server and used that CNAME in the Virtual Hostname Sign-in Policy.  No cash required...

Juniper Employee
Posts: 9
Registered: ‎08-07-2010
0

Re: Activesync for iPhone setup has broken OWA

Once we enable Active Sync(AS) on IVE and tried to access OWA(virtual host name configured on IVE) using url like http://ivevirtualname.exchange.com/owa.. it will fail with error as traffic is not going through AS. To access exchange server through active sync on iphone.. please follow the steps given below:

 

Steps to configure Exchnage Active Sync on iPhone:

1) Tap on Settings -> Select Mail,Contacts,Calenders
2) Tap on Add Account
3) Choose Microsoft Exchange from the list.
4) Configure User account and Server details.

Note: You need to mention “Virtual Hostname” (configured on IVE) in Server field

 

One you it configured..you should be able to sync email on your iphone. to confirm traffice going thorugh AS..please check user access logs..

 

Hope this will help Smiley Happy

 

 

Please accept the solution..If this will help you to fix the issue.

Highlighted
Juniper Employee
Posts: 9
Registered: ‎08-07-2010
0

Re: Activesync for iPhone setup has broken OWA

Once we enable Active Sync(AS) on IVE and tried to access OWA(virtual host name configured on IVE) using url like http://ivevirtualname.exchange.com/owa.. it will fail with error as traffic is not going through AS. To access exchange server through active sync on iphone.. please follow the steps given below:

 

Steps to configure Exchnage Active Sync on iPhone:

1) Tap on Settings -> Select Mail,Contacts,Calenders
2) Tap on Add Account
3) Choose Microsoft Exchange from the list.
4) Configure User account and Server details.

Note: You need to mention “Virtual Hostname” (configured on IVE) in Server field

 

One you it configured..you should be able to sync email on your iphone. to confirm traffice going thorugh AS..please check user access logs..

 

Hope this will help Smiley Happy

 

 

Please accept the solution..If this will help you to fix the issue.

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Activesync for iPhone setup has broken OWA

To add another solution to this documented behavior: use the IP of the Exchange server for one of the URLs. It tends to be easiest done against the backend URL for the Authorization-only URL since the client only sees the IVE which already HTTPS; but if you are running OWA over HTTP then using the IP for OWA works just fine.

(please note that this requirement & behavior is noted in the admin guide)
Juniper Employee
Posts: 9
Registered: ‎08-07-2010
0

Re: Activesync for iPhone setup has broken OWA

Juniper KB Articles for Active Sync Configuration:

 

1) How to configure ActiveSync on IVE for mobile clients
2) How to configure certificate based authentication through ActiveSync protocol for iPhone
http://kb.juniper.net/InfoCenter/index?page=content&id=KB19325

 

Hope this help Smiley Happy

New User
Posts: 1
Registered: ‎02-12-2013
0

Re: Activesync for iPhone setup has broken OWA

Thank you very much, this works seamlessly. No certificate issues too with the ActiveSync IVE.