Tuesday, April 10, 2007

Mobile: Exchange Mobile Messaging

I started writing a post about how to enable and manage Exchange Mobile Messaging – also known as DirectPush – when I found a really good series of articles written by Henrik Walther. It’s too bad they weren’t available when we were putting together our SBS client deployment process last year as they’re great time savers. So, instead of reinventing the wheel, I’ll just give the high-level overview with some SBS tips, and then refer you to his articles for deployment details.

What is Exchange Mobile Messaging?

Commonly referred to as DirectPush (or always-up-to-date; AUTD v2), Exchange 2003 Mobile Messaging enables your Windows Mobile clients (i.e. smartphones) to synchronize their mailboxes (specifically - Calendar, Contacts, Tasks, and Inbox) over-the-air (OTA).

What do I need to know to make this happen?

  • Exchange 2003 SP2 must be installed (DirectPush is enabled by default),
  • You need to configure a device security policy – open ESM>Global Settings>Mobile Services, Device Security. At a minimum enable “Enforce a Password on the device” so that if/when a phone is lost, you’ll be able to provide a degree of data protection. Keep in mind that when you enable this setting, when devices subsequently sync they will prompt users to create an unlock pin (We recommend 4-digit pins – and don’t get too much push-back from clients).
  • Messaging and Security Feature Pack (MSFP) needs to be on the phones (this is already on most newer phones).
  • Microsoft Exchange Server Active Sync Administrator tool (MobileAdmin) installed on the Exchange server. After installed, this is a web-based tool available at http://servername /mobileadmin – it will prompt for login credentials. You’ll be able to remotely wipe devices if they are lost.
  • SBSers, the only problem I’ve seen after installing the MobileAdmin tool is that sometimes you’ll find that you’re unable to use the web-based interface to search mailbox partnerships under “Remote Device Wipe” (with an error saying “failed to access user’s Mailbox…”). In this case, you may need to uncheck “Require Secure channel (SSL)” option on the “Exadmin” virtual directory in IIS.
  • If you use the MobileAdmin tool to remotely wipe a device, all data is deleted from the device. After doing so (and the device has subsequently been found or replaced )- remember to cancel the wipe – because subsequent partnerships on new/found devices will continue to wipe.

Isn’t this difficult to accomplish on SBS? I’ve heard there are certificate problems.

Assuming you have Exchange SP2 installed - It’s not very difficult. If you’re using self-signed certificates, you might run into a few snags. Obviously, a certificate from a trusted certificate authority will make this easier - some phones don’t like the self-signed certificates. However, we’ve been able to get self-signed certificates working on Samsing Blackjack (Cingular), and Treo 700 (Verizon) phones without issue.

No comments: