Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

ActiveSync / OWA separation issue

  • 07-03-2013 3:36pm
    #1
    Registered Users, Registered Users 2 Posts: 386 ✭✭
    Boycott Israeli Goods & Services


    Hi All,

    I need to configure Exchange to accept Outlook Web Access connections from the Internet and also to reject ActiveSync connections from the Internet, but let it allow connections from another local server (a Mobile Device Management server running an ActiveSync proxy). The mobile devices would then be forced to connect to the ActiveSync proxy or they would be unable to access mail on their device, but Outlook Web Access should remain unaffected

    The problem is they are all on the same server with the same protocols (http, https), so you can't block one without blocking the other at the firewall.

    Has anyone ever done something like this and how is it done?

    Thanks


Comments

  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    What version of IIS?

    In version IIS 7.5 in Windows Server 2008r2, (and very similar in versions since '03.)
    You open up the IIS management console.
    Under
    <myservername>\sites\default web sites\Microsoft-server-activesync
    there is "IP address and domain restrictions" which you can use to restrict access to individual IIS applications using ALLOW and DENY rules.


  • Registered Users, Registered Users 2 Posts: 386 ✭✭Zirconia
    Boycott Israeli Goods & Services


    Hi Ressem,

    I tried that, but the IP address and domain restrictions appear to be a site level restriction rather than a folder level restriction. It did only allow mail via the MDM proxy when I only allowed that to connect, but it also prevented outside users connecting in via Outlook Anywhere (seems that it doesn't affect OWA though) , so I had to remove the restriction.


Advertisement