Infralin's (not so) Frequently Asked Questions on Mobile device support

© Gijsbert van der Linden ()
Infralin Consultancy (
    Last updated: 22-5-2005


Notes on ActiveSync

When a PocketPC (PPC) is connected through an USB connection with a PC it has a Pass Through connection to its network interface as soon as the ActiveSync state is Connected (in that case an icon appears at the bottom of the desktop of the PPC). Noting needs to be configured on the PPC for this.

Before creating a BlueTooth connection with a phone check the following:

On the PPC:

Start Bluetooth settings
Tab Dial-Up Networking
Mark Enable service
Mark Authorization required
Mark Authentication (passkey) required
Mark Encryption required if you like

A BlueTooth connection is created on the PPC to a BT Phone by staring the BT Manager and then tapping the BT icon with the yellow star at the bottom. Click subsequently

Connect to the Internet
Select Connect via a dial-up device…
Tap Tap here to choose a device
Select the phone you want to connect to
(make sure BT is activated on the BT phone and the BT mode of the phone is discoverable)
Mark Create a shortcut for this connection (default)
Change the name of the shortcut if you like
Mark Use a secure, encrypted connection if you like
Tap Finish
Select the connection just created and tap OK
Select Accept on the phone.

The IIS Virtual Server required for ActiveSync is installed by Exchange by default. It is recommended to install it on a dedicated front-end Exchange server, but it also works in a single Exchange environment.

Be aware that the front-end ActiveSync IIS Virtual Server (Microsoft-Server-ActiveSync) communicates with the backend Exchange IIS Virtual Server using Windows Integrated authorization and not using SSL. So the backend Exchange IIS Virtual server must be configured to support these. The backend Exchange IIS Virtual server should not support Forms Based Authentication. If conflicts arise because of this a separate IIS Virtual Server could be created. A registry entry has to be created to point the ActiveSync IIS Virtual Server to the backend IIS Virtual Server (see Q817379). The same applies to OMA.

If you use SSL  the certificate should be installed on the (front-end) Exchange server. The client should be configured using the name of the certificate as the server name (DNS should be configured such that this name resolves to the IP address of the (front-end) Exchange server of course.

If an ISA reverse proxy server is used in front of the ActiveSync IIS Virtual Server, a standard SSL bridging rule should be setup for the URL http(s)://<certificatename>/Microsoft-Server-ActiveSync. If SSL is used the certificate should also be installed on the Reverse Proxy server. The name of the server certificate should on the Internet resolve to the Reverse Proxy server and on the reverse proxy server itself to the (frontend) Exchange server running the ActiveSync IIS Virtual server.

SecurID authentication can be configured on the ISA server to support strong authentication using the normal way of publishing a SecurID authenticated web site. Be aware that the ACE Userid must be the same as the AD/Exchange userid. Also notice that the SecurID userid/passcode is prompted for everytime a synchronization takes place.

Accounts having non-default SMTP addresses could cause ActiveSync not to work. See Q886346.

An ActiveSync session takes, using a regular dial-in account and a regular GSM phone (no GPRS/UMTS) about 1 minute.