iPhone 3G[s]

[Burble]

Setting them up for Exchange is a doddle.

Go to Settings > Mail, Contacts, Calendars > Add Account... > Exchange. Enter the information it asks for and away you go.

I assume you've already got OWA working? The iPhone talks to OWA.

[Toby]

Funny you should mention OWA as it's the Exchange side I'm more worried about, what with certificates and so forth.

OWA works on the Exchange box but no-one uses it (server isn't exposed to the outside world anyway) and I've never explicitly configured anything to do with OWA or OMA. It's the opening of inbound SSL connections and sorting a certificate that concerns me, together with whatever other machinations I have to perform on the server.

On the subject of the 3Gs in general - i want one! They are rather damned sexy and I really fancy a nice new phone after years of my knackered old thing.

Problem is I've been on SIM only cashback deals for several years now which wind up costing me literally a few pounds a month so moving to the iPhone is going to cost me around £30 a month. If you're already paying around £30 a month for another contract then switching doesn't seem much different but when you're looking at a straight hike of £30 every month it starts looking rather expensive.

So convince me people - is the 3Gs worth £30 a month more than I currently pay?

[Burble]

Quote:

Originally Posted by Vertigo1

OWA works on the Exchange box but no-one uses it (server isn't exposed to the outside world anyway) and I've never explicitly configured anything to do with OWA or OMA. It's the opening of inbound SSL connections and sorting a certificate that concerns me, together with whatever other machinations I have to perform on the server.

The iPhone needs to have connectivity to OWA so if that isn't setup to work from outside your company then it'll only work if your boss happens to be using a WiFi network from within the company. Not entirely convenient.

The setup side of things to get around that isn't difficult. You could create and use a self signed SSL certificate for IIS but TBH a fully valid SSL certificate is cheap enough that in a professional environment I'd insist on using a valid and trusted SSL certificate.

How many Exchange servers do you have? If you have more than one hosting mailboxes then you'll need an additional Exchange server setup as a front end server (basically it proxies access to the mailboxes on the other servers). If you have just the one then you can use that but will need to tweak the IIS config a bit because if /Exchange is set to use SSL then the iPhone won't connect but all you need to do is create a new virtual directory that doesn't need SSL but you don't need to have 80/tcp open from the internet to the Exchange server.

I'll stop there before I derail the thread any more but feel free to PM me if you need any pointers.

[Toby]

Oh I realise I'll have to open the server up to OWA connections from the outside world - not a problem, just never needed to mess with that before is all

I'm erring towards an SSL certificate but, the last time I looked at this with WinMo devices a few years back it was a nightmare, with only the seriously expensive providers like Verisign supported by the device. I think the 3Gs supports GoDaddy.com certs which look pretty cheap - or can you recommend another good source I've not considered?

We only have a single Exchange Server (2003 SP2) and will be connecting directly to that. There's no way I'm allowing inbound connections to it on port 80 - I'm nervous enough about allowing SSL in on 443 but that's the least I'll accept so I need to get it working properly with SSL.

Just a bit cautious about it all as I've never done this sort of config before but we'll see how it goes - may well PM you when it all ends in tears, thanks for the offer

[Burble]

It really is easy Any trusted SSL supplier will be fine, I used GoDaddy when I setup the front end server at my place and it cost €178.48 for 3 years. GoDaddy even have instructions on how to incorporate the certificate into IIS.

With a single Exchange server you'll need to add the additional virtual directory that I mentioned. Instructions for doing that are here, look for 'Method 2.' If you don't setup that extra virtual directory then you'll get this showing in the event log:

Quote:

The mailbox server [your exchange server name here] has its [exchange] virtual directory set to require SSL. Exchange ActiveSync cannot access the server if SSL is set to be required. For information about how to correctly configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).

[Toby]

Just had a quick play with the Exchange box and, although OMA works fine via standard HTTP, it won't work at all via SSL on port 443. Is this because I haven't got a cert installed atm or is there something more fundamentally wrong which I have to configure? I was under the impression that SSL should still work without a cert but I'd just get warnings about it or am I mistaken?

EDIT: Ah just read your last post (hadn't refreshed when I posted again - oops), will have a look at that now, thanks

[Daz]

Haven't got time to write a great deal but as a flying comment, I wouldn't expose IIS directly to the web, I use apache with some reverse proxy directives. IIS is a real target unfortunately. Most people wont really be a target but sticking apache in front isn't any real price to pay to take IIS out of the equation

Good example config here, though I dont reverse proxy to the internal ssl interface, just plain old http.

[Burble]

Good point Daz, I'd actually forgotten that I do actually do this both for the work setup and my own private one.

[Toby]

Arg, don't tell me that - know bugger all about Apache

Much as I don't want to expose IIS either, I cant see myself having much choice as the boss is going to be on my back to get it working and I don't have the time to work out how to put Apache or a front-end Exchange server in front of it

[Mark]

Just as long as your boss understands the consequences. It's unlikely, but as Daz says, IIS is a target. I don't see anything like the number of attempts as I used to when IIS had more holes than swiss cheese, but the odd drive-by attempt still happens.