For those of you who have been living under a rock recently, Server ActiveSync is the Microsoft protocol which enables Windows Mobile-based devices to communicate with an Exchange Server to remotely synchronise Email, Contact, Calendar and Task information between the PDA and the user’s Exchange mailbox.

This functionality has been around since the release of Pocket PC 2003, but it was the release of Windows Mobile 5 (AKU-2) that introduced ‘push’ capability. The current release at the time of writing, Windows Mobile 6.1, has incorporated further improvements – such as the ability to access the Exchange Global Address List (GAL) as well as enabling and disabling out of office messages.

The Server ActiveSync protocol has been licensed by Microsoft to other handset manufacturers, including Nokia and Apple among others, enabling the same functionality on non-Microsoft-based platforms: a clever move as it allows the user a wider-range of handset whilst requiring the corporate IT department to deploy Microsoft Exchange at the back end (which obviously requires a Microsoft operating system to run on).

But how does it work? In this article I will look briefly at how the client device is configured, what needs to be enabled on the back-end server infrastructure as well as common problems and their resolutions. Finally, I will look at Server ActiveSync’s big brother, which not all of you may know about: Outlook Anywhere.

Configuring the Windows Mobile Client

In this example I have used a Pocket PC device, but the process is very similar on a Smartphone device.

From the Today Screen, tap and Start and select Programs

From the list of available programs, launch ActiveSync. The following screen will be displayed:

Select the option to set up your device to sync with an Exchange Server. The following screen will be displayed:

You will be prompted to enter your email address, from which the wizard will attempt to determine the correct server settings to use automatically (if your PDA is running version 6.1 of the Windows Mobile software), I will look at this process in more detail later. If you know the correct settings to use, untick the option to ‘Attempt to determine Exchange Server settings automatically’ and tap Next. The following screen will be displayed:

Enter the address of the Exchange Server. This will be the same address used by Outlook Web Access (OWA) – if you check your mail via a web browser ever, this will be the address to use. If you don’t know the address to use, your network administrator will be able to tell you.

Usually you should use leave the option to use an SSL connection ticked, unless specifically told by your network administrator. Tap Next, the following screen will be displayed:

Enter your username, password and domain details. These details will be the same that you use to log into your desktop or laptop PC in the office, if you have one. Again, if you don’t know the details, your network administrator will give you the correct settings to use. Tap Next, the following screen will be displayed:

Select the folders in your mailbox that you want to synchronise and click Finish.

You’re all set. Provided that you have a connection to the Internet, the contents of your Exchange mailbox will now be synchronised to your PDA automatically.

Automatically determining the server address

If you leave the option to determine the Exchange Server address automatically, the wizard will attempt to perform an MX lookup on the domain entered in the email address, and from that ascertain the mail server details for the domain.

To explain, the domain in an email address is the bit after the @ sign. So, for example, if I enter my email address of ‘james.liddiard@devicewire.com’, the domain is ‘devicewire.com’.

If you browse to www.devicewire.com from a web browser on your PC, your PC does not know what devicewire.com is, instead it consults a DNS server. DNS is the domain name system, and is essentially a very large table that maps ‘friendly names’ to IP addresses, which PCs can understand. Therefore, by browsing to www.devicewire.com, I am really connecting to 62.189.60.223

If I want to send an email to someone at devicewire.com, my email application will also consult a DNS server to find out what the IP address is of the devicewire.com domain, but rather than performing a simple DNS lookup, it will perform an MX lookup. MX stands for eMail eXchange and contains details of the email server for a given domain.

You can find out the MX record for a domain quite easily from any PC connected to the Internet. Open a command window and enter a command of ‘nslookup’ and press Enter

Now issue the command, ‘set type=mx’ and press Enter

Now enter the domain and press Enter. This screenshot shows the response for the devicewire.com domain:

This is the procedure that the Windows Mobile 6.1 wizard performs. Once completed, the user is then still prompted to enter their username, password and domain information, it is only the server address that is determined by this procedure.

This procedure will not succeed if the domain specified uses a mail relay service, such as MessageLabs, as emails are not sent directly to the target domain (as is the case with devicewire, as shown in the above screenshot).

Addendum - the configuration of a Windows Mobile client can be achieved a lot more easily if the Microsoft System Center Mobile Device Manager 2008 solution is also deployed alongside Exchange. I looked at this solution in an earlier post, here:

http://blog.devicewire.com/blogs/devicewire/archive/2008/04/13/system-center-mobile-device-manager-2008.aspx

Configuring the Exchange Server

In order to achieve Push functionality with a Server ActiveSync-capable client, the Exchange Server must be running Exchange 2003 Service Pack 2 or later.

By default, the Server ActiveSync push functionality is enabled already. On a server running Exchange 2003 SP2, the functionality is enabled and disabled within the Exchange System Manager:

Expand the Global Settings and open the properties for Mobile Services. Ensure that the option to Ensure Direct Push over HTTP(s) is enabled.

On a server running Exchange 2007, Server ActiveSync is configured as a mailbox policy. Launch the Exchange Management Console. Expand the Organisation Configuration container and select the Client Access folder. Select the option to create a New Exchange ActiveSync Mailbox Policy:

Configure the settings as desired.

The newly configured profile can then be assigned to individual users. Within the Exchange Management Console, expand the Recipient Configuration container and select the Mailbox folder. Open the properties of a user’s mailbox and click on the Mailbox Features tab. Ensure that the Exchange ActiveSync feature is enabled.

Different policies can be configured for different users.

When clients communicate with the Exchange Server via the Server ActiveSync protocol, they do so either via HTTP or HTTPS (the S meaning that the connection is ‘secured’: the tick box that the user can select when configuring the connection indicating the server requires a secure connection). Both HTTP and HTTPS are protocols used by web browsers to access web sites (we saw earlier that the server address entered in the server activesync client is the same address as that used by Outlook Web Access). Therefore, on the Exchange Server, there is a web site running. Within the IIS (Internet Information Services) Management Console on the Exchange Server, this web site can be viewed as ‘Microsoft-Server-ActiveSync’.

Exchange 2003:

Exchange 2007:

Client devices communicate with this web site running on the server, which then processes client requests against the users mailbox. It is beyond the scope of this article to detail this process further, but should authentication problems arise, it is the configuration of this web site that should be verified.

Common Problems

A complete list of Server ActiveSync error codes can be downloaded from our web site, here:

ftp://ca:welcome@ftp.hughsymons.com/Hugh%20Symons%20Telecom%20-%20Reseller%20Area/Microsoft/Windows%20Mobile/Microsoft_Server_ActiveSync_Error_Codes.pdf

90% of Server ActiveSync problems turn out not to be related to Server ActiveSync at all, but to Internet connectivity issues.

If the device is not able to establish a connection with the exchange server, it could simply be that the device is not able to connect to the Internet. Verify that the connection settings are correct on the device and that you are able to browse web pages.

If you are able to connect to the Internet, but not to the Exchange Server, then it could be a DNS issue. Try entering the IP address of the Exchange Server within the ActiveSync client rather than the friendly name.

If you receive an error indicating that the certificate used on the Exchange Server is invalid, this indicates that you are using a self-issued certificate on the server (ie, not a ‘root-trusted’ certificate). Self-issued certificates can be used, but the corresponding client certificate will need to be installed on the client device manually. I have detailed this procedure in an earlier article:

http://forum.devicewire.com/forums/thread/176.aspx

If using a self-issued certificate, it is important that when issuing the certificate the ‘web’ name of the machine to be certified is used, rather than the Netbios name of the machine: ie the name of the website to be certified, not the server itself that the web site is running on.

Outlook Anywhere

I have looked at Server ActiveSync, the technology that enables PDA devices to remotely synchronise PIM data with an Exchange Server. But what if you could remotely synchronise a laptop PC running Outlook with Exchange in the same way? Well, you can! The technology is known as Outlook Anywhere, and was also introduced with Exchange 2003.

It is not as well known or as commonly used as Server ActiveSync as it does require that Exchange be deployed in a specific manner, the cost of which is prohibitive for smaller businesses.

It is, however, the technology by which companies offering Hosted Exchange services provide remote email access to their customers and for that reason alone is worth a blog post.

When Exchange is deployed in a ‘front-end back-end’ topology, the front end server, placed in the perimeter network, receives and authenticates client requests and forwards them to the back-end mailbox server on the local network. This process is known as RPC over HTTP(S) – Remote Procedure Call over HTTP(S). Essentially, SSL-encrypted communications are sent between the Outlook client and the front end Exchange Server using the HTTP protocol (HyperText Transfer Protocol), where they are decrypted and sent to the back end Exchange Server for processing.

On an Exchange 2003 server, this is configured within the System Manager: expand the Administrative Groups container and open the properties of the Exchange Server. The role of the server is defined on the RCP-HTTP tab:

NOTE – it is not possible to make a server a front-end server without first configuring a back-end server. To make a server a front-end server, the RPC over HTTP Proxy service must be installed. This is a Windows component and is done with the Add/Remove Windows Components applet in the Control Panel:

On a server running Exchange 2007, the RPC-HTTP Proxy service must also be installed first. The Outlook Anywhere function is enabled within the Exchange Management Console. Expand the Server Configuration container and select the Client Access folder:

Select the option to Enable Outlook Anywhere – a wizard will be displayed:

Enter the external name of the server and configure the authentication options to be used.

Once the server has been configured, the Outlook client must be set up. In order to use Outlook Anywhere, the Outlook client must be running version 2003 or later of the software. I have detailed the setup procedure for Outlook in a separate post here:

http://forum.devicewire.com/forums/thread/831.aspx

Companies that provide hosted Exchange, often provide Outlook as a free download from their web site. NOTE – Outlook is not the only client that can be used with this technology: Entourage for MacOS as well as Apple’s own mail application, Mail, can be used to access an Exchange Server in this way.

When launched, Outlook looks and feels exactly the same as if the user were in the office and does not need to be aware of the processes happening in the background to ensure secure communication to the remote mail server. Full Outlook functionality is possible – access to additional mailboxes, public folders, shared calendars, etc.

Bootnote

Exchange, therefore, can provide remote access to end users in a variety of ways: Server ActiveSync provides seamless synchronisation with Windows Mobile-based PDAs as well as any other device that runs the licensed Server ActiveSync protocol (Nokia’s implementation of the software is called ‘Nokia Mail for Exchange’ and is a free download from the Nokia web site). Outlook clients can access Exchange via any Internet connection exactly as if the user were in the office connecting via the local network, provided that the back end resources have been deployed correctly.

Let’s not forget that Exchange also allows mailbox access via any web browser using Outlook Web Access:

All of this access does require that Microsoft Exchange be deployed rather than any other mail platform, but then there is a reason why it is still the market leader and industry standard!