[isapros] Re: ActiveSync and ISA FBA (HTML Forms)

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Mon, 24 Sep 2007 07:29:30 -0700

That's the point of the weirdzards; to prevent "oopsies" for all the
fine details about publishing Exchange and SharePoint services.

You don't want the FBA timeout applied to EAS clients.
The folks in Exch, WM6 and ISA all agreed that a wide-open 30-minute
timeout was good for  battery life.  If you close that sooner, the
client has to re-authenticate.

Jim

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason Jones
Sent: Monday, September 24, 2007 7:25 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ActiveSync and ISA FBA (HTML Forms)

Hmmm...when you select ActiveSync in the wizard, it appears to disable
the "apply session timeout to non-browser clients" in the advanced form
options dialog. If you choose OWA, this options is enabled.

As my rule was created manually (by copying the OWA rule and amending)
the option is still enabled on the shared listener...never realised the
wizards had that level of granularity TBH.

This all sounds very feasible as to the cause of my problem, so just
need to wait and see if this changes fixes the issue

Comments?

JJ

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: 24 September 2007 15:05
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ActiveSync and ISA FBA (HTML Forms)

Do these:

1. make sure your web publishing rule was created using the Exch
weirdzard.  I've seen manually-created rules cause this sort of behavior
2. make sure your CAS (FE) is responding to all requests properly.  The
best way to determine this is to examine the IIS logs at the CAS.  My
RPC/HTTP part 3 blog has several of the more common win32-status error
states you'll find for IIS auth problems

Jim

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason Jones
Sent: Monday, September 24, 2007 4:41 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] ActiveSync and ISA FBA (HTML Forms)

Hi,

Is anyone aware of any problems with ActiveSync when ISA is configured
to use FBA with fallback to basic?

We have recently moved to a single web listener as part of our Exchange
2007 upgrade and users are now getting intermittent password prompts
when ActiveSync tries to authenticate to ISA. If users provide their
credentials, the connection is successful. I have also seen the issue at
a couple of customers in the past, but assumed it was a device issue.

If we go back to a second listener configured for basic authentication
only (not HTML forms) users are no longer intermittently prompted and
stability is good.

Ideally, I would like two listeners, one for OWA/ActiveSync using FBA
and one for Outlook Anywhere using Integrated (with KCD).

Any sneaky KBs I may have missed??

Cheers in advance...

JJ



All mail to and from this domain is GFI-scanned.





All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 09-2007