ActiveSync Guide
Contents
1. lt Class gt Contacts lt Class gt lt SyncKey gt 33 lt SyncKey gt Collectionld 2d97d4e09a389f127e37a69c79b45c159 Collectionld Status 1 Status Commands Change lt Serverld gt 3b137c61c028 lt Serverld gt lt ApplicationData gt LastName xmIns Contacts gt Alex E lt LastName gt lt FileAs xmIns Contacts gt Alex lt FileAs gt lt ApplicationData gt lt Change gt lt Commands gt lt Collection gt lt Collections gt lt Sync gt lt Server sent the changed item to the client gt Page 422. Collection Class Emall Class lt Synckey gt 335 lt Synckey gt Collectlonid aficd994dfcb9286c394d142687ff5a0 Collectiontd lt DeletesAsMoves gt lt DeletesAsMoves gt pf te nts i ar a es E windowsize 50 windowsize options SW fd Bet tl e lt Truncation gt 1 lt Truncation gt lt MIMETruncation gt 1 lt MIMETruncation gt MIMESupport 0 MIMESupport options lt Col lection gt lt Collections gt lt Sync gt 5715efb8b0cd303a3d2c8262625559ef 0000 14 21 28 gt gt gt 200 OK sync xmlnssz Airsync Collections collection lt Class gt Email lt Class gt SyncKey 336 5 Wed H collectionId aficd994dfcbo286c394d142687ff5a0 CollectionId lt Status gt 1 lt Status gt pr gt lt serverId gt 68503 lt ServerId gt Applicationbata DateReceived xmlnss Email 2009 04 20T12 53 40 000Z DateReceived lt DisplayTo xmlns Emall 3ohn Doe john doeeicewarp com gt lt DisplayTo gt From xmlnss Email Jon Lord jon lord icewarp com gt lt From gt Importance xmlns Emall 3 Importance MessageClass xmlnss Email IPM Note MessageClass Read xmlns Ema11 gt 0 lt Read gt Subject xmlnss Email Re 2 EAS s no Push pro iP na icewarp com lt Subject gt To xmlns Emall John Doe lt john doe icewarp com To Body xmlnss Email Hello this is just a test email Body BodySize xmlns Email 33 BodySize Bod
3. Version 11 Icel arp S Contents ActiveSync GUI de ac iuit diio 0 EL 1L aana a 5 ADOUt et Ry OE ER EE PER ERE A pe ERE E ere OR E ena 6 ARSS ottenuto ad e od de d cmd s 11 Security Policies ene E EUMD ia 13 L cal and Remote Device Wipe i Gre RH e Re EE ere eode 13 Local Device Wipe i oen n e e a E PORE Y P RR M RI 14 Remote Device Wipe seesseeseseseesseeeeeeenene nenne ennt nennen nennen ene nn nnne 14 E mail Confirmation s ient i t e eb Eee 14 Defining Policles ED iene Reed ee RS Re 14 Global tevel Policies rh et met o on dis 14 Default Policies err ERO EE E RO ORT RE EORR OPES 14 Domain Level Policies remit t Ec a b xr Edeka 18 UseriLevel Policies ii 18 Device Level Policies 2 ree eei eie ae Lin ER E FR Ee RH ELS 18 Policies Inlieritarice reet p e Ule e decre ER S 19 Accepting the Policies ssar n a e eA E E eb e b E Ca iem ies 19 E mail Confirmations rere mite RE REIP RH aa opar aa EEAS 19 Exempting Non Provisionable DeVICES cccsccsesccsssecesseessecseessueeeeessnecseeseseeeseesseenees 19 Exempting Trusted User concordia rx EXPE y REV eI Ende a Ee ERE EEEn 20 Cancelling the Security Policy i uio ee ied 20 Device Managemeht i rr HE rer EP iia 21 Device Configuration e e RM 24 Back p Existing Data etcetera iting 24 Gonfig tation ii i eee e IRURE IRR RI IE 24 Troubleshootihg rnt ri e rot e ceva od ava P c a EO ORE M e P a 6a 26 Resetting the A
4. The character groups are defined as lower case alphabetical characters upper case alphabetical characters numbers and non alphanumeric characters For example if the value is 2 a password with both upper case and lower case alphabetical characters would be sufficient as would a password with lower case alphabetical characters and numbers Enable password recovery A recovery password is a password that is created by the device that gives the administrator or user ability to log on to the device once using the recovery password Next time this user is forced to create a new password The device then creates a new recovery Page 15 IceWarp Server ActiveSync Guide password If checked the device can send a password but the server does not enforce the policy If not checked the device should not send a recovery password because the server will refuse to store the password Password expiration days The password expiration is policy that specifies the maximum number of days until a password expires 0 passwords do not expire Enforce password history This is the policy that specifies the minimum number of previously used passwords stored days to prevent their reuse by the client 0 storage of previously used passwords is not required Value gt 0 minimum number of previously used passwords to be stored Inactivity time minutes Tick the box if you want to define the time after that an inactive device will lock
5. NotifySync Astrasync Plugin required Yes NotifySync AstraSync ERN LR ERN Deme EI Dm t as EN Pas LC NNNM EIN E Push Schedule Peak Off peak GAL Lookup Sub folders Folder Management Filters email e e e calendars tasks AutoDiscover Security Provisioning iMIP meeting response available not available DirectPush support is only available on PDAs and smartphones that are running Windows Mobile 5 0 with the Messaging and Security Feature Pack MSFP AKU2 and higher Windows Mobile 6 x Additionally SSL with a trusted certificate must be enabled on Windows Mobile devices for DirectPush and AutoDiscover to work properly See the SSL and Windows Mobile Devices chapter RoadSync comes preloaded on select LG Nokia Samsung and Sony Ericsson handsets or can be installed as new on most Symbian powered devices Roadsync Beta is also available for Android RoadSync email only is also available for Java MIDP 2 0 Motorola phones RAZR KRZR and Palm OS devices ceWarp Server enables clients to synchronize Tasks and Notes via Tasks as Events and Notes as Events modes Page 10 IceWarp Server ActiveSync Guide On server Setup Setting up ActiveSync in IceWarp Server is easy since it does not have almost any administration controls 1 10 In Help Licenses verify that you have at least one valid client license for ActiveSync If expiration shows negative days the license
6. Wipe device after failed Tick the box if you want to enforce defined number of failed PIN entry attempts before the attempts device wipes itself If set to zero 0 this feature is disabled Require encryption on device Tick the boy if you want the device to use encryption Require encryption on storage Tick the box if you want the device to encrypt also content that is stored on the storage card card Refresh settings on the device Tick this box if you want to enforce settings refresh interval This feature is a powerful tool hours for device security enhancement Allow access to devices that Tick this box if you want to allow devices that do not support provisioning to communicate do not support security and work with the IceWarp Server EAS module settings Policies E Policies are inherited from server level Security Synchronization Device Device Applications General Disable Direct Push when roaming 7 Past Mail items Y Truncate Mail size to Disable HTML formatted Mail Disable attachments to be downloaded to device 7 Maximum attachment size Calendar 7 Past Calendar events Apply Higher Level Policies E A Disable Direct Push when If ticked the device requires manual synchronization when roaming Page 16 IceWarp Server ActiveSync Guide Past Mail items Specifies the email age limit for synchronization Messages that are older than
7. full or trial already expired and you need to obtain an updated license In System Services start GroupWare Notification service In the Properties dialog of this service make sure its default port is not blocked by another local service You may want to change the port number You do not need to open any ports on the firewall as this service only runs locally The service collects all changes on all accounts from IMAP GroupWare in a UDP stream and is used by ActiveSync SyncML and Outlook Sync to trigger synchronization in real time as items arrive Do not enable the service logging unless for a short time if required for troubleshooting as the amount of data can be overwhelming If you do not intend to use DirectPush on any devices which keep the device always up to date but also consume considerable battery power you may want to leave this service inactive If you have a load balanced high availability architecture you need to disable the GroupWare Notification service and ActiveSync service on the secondary machine so that all requests are routed only to the primary server This server will take care of IMAP GW notifications for all users and its Control service will manage any client ping requests In other words Push will not work load balanced ActiveSync service can be enabled on the secondary machine only if you do not intend to use Push at all In System Services verify that Control module is running Open the servi
8. groupware activity on the server restart the Control service Try changing the UDP port where the Notification service is running You should see events in the log corresponding to account activity Observe the ActiveSync log to see if the device initiates a sync upon some activity Remember no ping no push The device must first send the ping command in order to receive push responses Look for the Ping entries linked with the affected user account device according to the DevicelD the first string of the log entry A healthy log entries upon receiving an alert from the server about new data to push should look like this Page 28 IceWarp Server ActiveSync Guide 5715efb8b0cd303a3d2c8262625559ef 0000 14 18 47 Ping Ping xmlnse Ping Folders Folder Id 029dd8578cdd59125628c9c33327a11d Id Class Contacts Class Folder Folder Id ffc4c02e222b3350bda0d55b98b038b9 Id Class Calendar Class lt Folder gt lt Folder gt lt Id gt aficd994 dfcb9286c394d142687Ff5a0 lt Id gt lt Class gt Email lt Class gt lt Folder gt Folders lt Ping gt 5715efb8b0cd303a3d2c8262625559ef 0000 14 21 23 gt gt gt 200 OK Ping xmlnse Ping gt Status 2 status Folders Folder aficdoo4dfcbo286c304d142687ff5a0 Folder Falders lt Ping gt 5715efb8b0cd303a3d2c8262625559ef 0000 14 21 28 lt lt lt Sync sync xmInse AirSync collections
9. gt lt TITLE gt Microsoft Server ActiveSync lt TITLE gt lt MODULE gt activesync lt MODULE gt lt SCRIPT gt activesync index html lt SCRIPT gt lt ITEM gt lt SPECIAL gt Other error message See the error detail displayed on screen or in help Perform a hard reset of your device Turn Off and back On the synchronization of the affected item s Delete the synchronization profile the user s ActiveSync Account on the device and configure it from scratch Use the ActiveSync Device Management Delete Device option to reset the device and cause it to full synchronize Upgrade your device to the latest firmware version or obtain the latest version of the synchronization application Refer to user s manual support pages or contact the device application vendor s helpdesk For Windows Mobile devices there is a useful listing of all numeric error codes available on the web The textual descriptions may be useful for troubleshooting with other devices implementing Microsoft Exchange ActiveSync Note that most entries are specific to Microsoft Exchange and some resolutions won t be directly applicable http www pocketpcfaq com faqs activesync exchange errors php Noerrors were produced but no items have been synchronized from the server Review all reason listed above If none applies it indicates an incorrectly migrated GroupWare database This may happen after upgrade from an older version of IceWarp Server causing localized
10. level security configuration dialog uncheck the Enforce device password option click OK and click Apply The neutralization provision as described in the Defining the Policies section will be sent to the device cancelling the previously configured policies The existing security policy will be overwritten with the default factory settings as soon as the next synchronization occurs immediately if Push is turned on NOTE This does not automatically cancel the passcode lock User first needs to enter the existing password before he she is able to modify the security settings or disable the passcode requirement B NOTE When you uncheck the Enforce device password option the neutralization provision is sent to the device in order to cancel any existing security policies but the previous configuration will be preserved in the security configuration dialog in the form of greyed out options for this device until the device is removed using the Delete Device option This behavior allows administrators to review their decisions and quickly re enforce exactly the same security policy in case they cancel it by mistake Page 20 IceWarp Server ActiveSync Guide Device Management The Device Settings dialog allows you to manage other device features Folders Synchronization etc Folders Tab Private Folders Group Ware Folders Default folders only a Mail Folders All folders X Special Folders 7 A
11. new emails Suitable for slow connections GSM WAP EDGE Messages are downloaded in the background as they arrive No fees for SMS alerts SmartSync Advantages Completes the sync gracefully where normal server would initiate a full synchronization Saves data transfers time and battery life Ensures data consistency by resolving any possible conflicts Prevents infinite loops on synchronization errors Suited to networks areas with low quality of data connection GroupWare Mailbox Access Access to Files Notes Tasks within the built in e mail application One way synchronization from server to handheld Independent on the file size limit of email No applications required works out of the box Simple configuration SSL secured access HTTPS Tasks as Events Notes Notes as Events Page 8 ActiveSync Guide IceWarp Server ActiveSync Compatibility Matrix Plugin required Email Calendar Contacts Tasks Notes SMS DirectPush Push Schedule Peak Off peak GAL Lookup Subfolders Folder Management Filters email calendars tasks AutoDiscover RemoteWipe Security Provisioning iMIP meeting response Windows Phone 7 x 8 x Windows 8 RT desktop Outlook 2013 Apple iOS iPhone iPad Page 9 Nokia N Series Nokia E Series No Mail for Exchange ActiveSync Guide IceWarp Server ActiveSync Guide Android 4 x BlackBerry BlackBerry 10
12. occur In this case lowering the protocol version can help Page 17 IceWarp Server ActiveSync Guide Disable Tick the items device features you want to disable For Bluetooth select level Policies In order to inherit policies from a higher level click Apply button bellow Scouty Smcironzaion Device Device Appa C Tick the items applications you want to disable Domain Level Policies Domains amp Accounts Management domain Services ActiveSync Devices Domain Policies The dialog allows you to configure domain specific security policies or exempt some domains from the security provisioning by unchecking the Enforce password on device option If you select a particular device from the Devices list and click the Device Policies button instead or double click an item you are opening the security policies configuration dialog on the device level User Level Policies Domains amp Accounts Management domain user Services ActiveSync Devices User Policies The dialog allows you to configure account specific security policies or exempt some users from the security provisioning by unchecking the Enforce password on device option If you select a particular device from the Devices list and click the Device Policies button instead or double click an item you are opening the security policies configuration dialo
13. synchronization plug in thus reducing deployment time and enabling new features not available with the open SyncML protocol Microsoft Exchange ActiveSync is optimized to work together with high latency and low bandwidth networks typical to mobile devices environments The protocol based on HTTP and XML lets smartphones gain centralized access via IceWarp Server to an organization s most important information IceWarp with ActiveSync enables mobile device users to access their e mail calendar contacts and tasks and to have access to this information also while they are working off line To avoid any doubt the desktop ActiveSync application Communication Center in Windows Vista is using a different XML based communication protocol to synchronize locally connected devices tethered via Bluetooth serial or USB Similarly iSync in Mac OS X is using a proprietary SyncML based protocol for synchronization of devices connected locally to the user s computer Neither of these protocols is supported by IceWarp Server Trademarks and Support Disclaimer Windows Vista Exchange SQL Server ActiveSync AutoDiscover DirectPush RemoteWipe are registered trademarks of Microsoft Corporation Blackberry BIS Blackberry Internet Service BES Blackberry Enterprise Server are registered trademarks of Research In Motion Inc iPhone iSync Mac OS X are registered trademarks of Apple Inc Symbian is a registered trademark of Symbian Software Ltd Palm Pa
14. the specified age are not synchronized Tick the box and select from the list Truncate Mail size to Specifies the truncation size for plain text or HTML formatted email messages 1 no truncation 0 truncate only the header value gt 0 maximum size in bytes emails are truncated to this size Tick the box enter the size and select units Disable HTML formatted If ticked the device uses plain text formatted email Mail Disable attachments to be If ticked email attachments download is disabled downloaded to device Maximum attachment size You may want to limit the attachment size If ticked the specified attachment size is used as download limit Bigger attachments are not downloaded Past Calendar events You may want to specify the maximum number of calendar days that may be synchronized Tick the box and select from the list Policies lea In order to inherit policies from a higher level click Apply button bellow Secuy Schronzaton Device Device Aonicaton Maximum allowed protocol version 14 0 Y Buetooth a Camera F Desktop synchronization Infrared E Intemet sharing from device POP IMAP mails Remote desktop from device F Removable storage V Text messaging PRENNE Maximum allowed protocol version Tick the box and select the maximum allowed protocol version After device firmware upgrade some synchronization issues can
15. ative GroupWare format is always attached and can be easily forwarded to another users in need of the data who can read it or save it directly into their groupware How it works GroupWare folders are mapped to IMAP email folders GroupWare items are converted to e mails Accessible in any client which supports email sub folders see Compatibility Matrix Fully transparent to any mobile device immune to problems with incapable devices Notes include full detail sorted by modification time attachments included Tasks completed are not synchronized if email filter is set to less than 7 days Files acceptable file size is limited only by the device capability Category is recorded as the email sender One way synchronization from server to client The setup on Windows Mobile based and most other devices requires the user to check mark the GroupWare folders for synchronization under the ActiveSync synchronization settings Mail app of the Apple iPhone lists all folders including sub folders by default and they are available out of the box only DirectPush needs to be enabled in Settings if desired Some devices don t list any extra folders but the default ones Inbox Drafts Sent Trash and therefore the GroupWare Mailbox Access cannot be used in some cases it might be possible to move the GroupWare folders under the Inbox to access them Page 32 IceWarp Server ActiveSync Guide Battery Life Considerations Turn Push off to con
16. ce properties Verify the port is set to standard HTTP port 80 If not set it to use port 80 If the service does not start it means it is being blocked by another service such as Microsoft IIS and you need to either stop the other service or change its port ActiveSync will not work unless you have the Control module running on port 80 For GAL lookup a user has to be able to read at least one GAL type folder Search within GAL is performed by EAS itself on the server To have GAL synchronized into a device the Public folders check box ActiveSync Devices dialog Manage Device Device Settings dialog Folders tab has to be ticked See the GAL Public Folder section for details Enable SSL on the default port HTTP 443 in System Services SSL ensures that mail and other data are securely encrypted during wireless transmission BE AWARE If SSL is not used all data even passwords etc are sent in plain text In the Web Service node under the Default host or another host you have configured verify that in Scripting tab it shows the activesync and autodiscover extensions associated with php php dll For details see the Troubleshooting section In the ActiveSync node do not modify the port and URL end part Change only the hostname if required by a special setup Check that WebDAV access is enabled on the Options tab for the host under Web Service Web Site dialog On the domain and user Policies tabs Acce
17. ce receives the wipe command alerting the account owner that the wipe occurred and has been completed successfully The device will appear in the list again after the first successful synchronization once the ActiveSync account has been reconfigured NOTE Remote Wipe is specific to a device user can synchronize his her account with a secondary device even if Remote Wipe has been initiated in Waiting state for the primary Page 21 IceWarp Server ActiveSync Guide Clear Remote Wipe Click the button to cancel set Remote Wipe You will be asked to confirm it You can cancel Remote Wipe only when it is in the Waiting state before another synchronization Normally you will have little chance to cancel Remote Wipe if the device is enabled for Push Fade Srchrorizaton Mail Past Mail items One week v Calendar 7 Past Calendar everts Tasks V Sync Tasks as Calendar events Incomplete tasks only v chronization type Merge to default calendar folder M Notes Sync Notes as Events M Synchronization type Merge to default folder M COEN Past Mail items Tick the box if you want to have past mail items synchronized into the device Select how old items are to be synchronized Past Calendar Tick the box if you want to have past calendar events synchronized into the device events Select how old items are to be synchronized Sync Tasks as In the case the device does not support tasks synchronization tasks can b
18. ctiveSync Database enne nennen nnns 30 Changing the Server Heartbeat Interval c ccscccssssesessssesseeceseessseeseessneeeseeeseessnesenees 30 Email Message ActiveSync Folder Push Request Status cccscccssessssesseesseeeseeeseeeees 31 GroupWare Mailbox ACCeSS tite tbt PR E EO LS ied 32 Battery Life Corisideratioris nee ia 33 Security TIpS citt tet tre E e EE E e EAE e proe 34 SMED iia A AA AR A A ARA ASEAN 35 DEV A A 35 Howiit WORKS eet p cepto P e ee Ut ele ure eere e 35 Config ration z EUER dE 37 Global Address lists OSEE Beat NOH Creating GAL ienero EE TAEAE YING EPT T E N np nacidas IceWarp Server ActiveSync Guide ActiveSync Guide Registered Trademarks iPhone iPad Mac OS X are trademarks of Apple Inc registered in the U S and other countries Microsoft Windows Outlook and Windows Phone are either registered trademarks or trademarks of Microsoft Corporation in the United States and or other countries Android is a trademark of Google Inc IceWarp is a registered trademark in the USA and other countries Page 5 IceWarp Server ActiveSync Guide About Microsoft Exchange ActiveSync EAS is a proprietary data synchronization protocol created by Microsoft for wireless synchronization of mobile devices with Exchange Server IceWarp has licensed this protocol to support native over the air synchronization of iPhone and Windows Mobile powered devices without the need to install any
19. data with IceWarp Server over ActiveSync protocol to impose agreater level of security on sensitive user data including e mail contacts address book entries and any other data or documents stored on the mobile device Security Policies are enforced by the server before the transmission of any user data occurs and the device is provisioned upon the next synchronization over the air even if the policy did not apply to it before It is recommended to use them corporate wide exempt as little users as possible replace any non compatible devices with fully compatible models or upgrade the firmware or operating system of partially capable devices with a fully compatible version When coupled with the remote device wipe mechanism Remote Wipe these Security Policies help to provide an effective means of preventing an attacker from recovering data from a device At the same time they allow engaging the built in device passlock with the strongly recommended option to perform off line device wipe Local Wipe in case the unlock attempts are expended This leaves little room for a potential attacker to guess the password and deletes all user data after preset number of failed attempts even when the device is unable to access network and thus unable to receive the Remote Wipe command In addition these Security Policies do not have the performance or battery life overhead of solutions that encrypt all data on the device as it is created or moved and consu
20. e com lt LoginName gt lt Protocol gt lt Protocol gt lt Type gt XMPP lt Type gt lt Server gt localhost lt Server gt lt Port gt 5222 lt Port gt lt LoginName gt john doe com lt LoginName gt lt Protocol gt lt Account gt lt Response gt lt Autodiscover gt Each server type consists of these attributes Some of them are optional some of them apply only to certain types Page 36 IceWarp Server ActiveSync Guide Type ID of the protocol Server Server address or URL Port Port for for hostname based services lt LoginName gt Username used for authentication Configuration 1 The administrator needs to ensure that either of these DNS records exist DNS Arecord autodiscover icewarpdemo com normally it does not exist DNS A record icewarpdemo com where the domain is the exact hostname of the server where all services are running normally it does not exist for a plain mail server but can be already established for web XMPP or SIP services Use the supplied DNS Query utility found in Installation root gt dnsquery exe to check your A records Host address if the SmartDiscover fails for ActiveSync clients NOTE For Notifier and other IceWarp native clients the records do not have to be established in DNS these clients will also check the hostname using the MX records i e if the email is working Notifier will configure itself without additional DNS changes Howe
21. e simple password W Require both numbers and letters F Minimum number of character sets Enable password recovery Password expiration days Enforce password history items E Inactivity time minutes Wipe device after failed attempts Require encryption on device Require encryption on storage card E Refresh settings on the device hours V Allow access to devices that do not support security settings ED n O O Require password on device Check this box if you want to have possibility to enforce password properties to devices NOTE If this box is not ticked the intended options are disabled NOTE Password parameters set here override device settings NOTE If this box is ticked but non of intended options is ticked and defined password use is enforced device password parameters are used Minimum password length Tick this box to enforce password length defined here characters Disable simple password Tick the box if you want to restrict users from using simple passwords e g 1234 or abcd Require both numbers and Tick this box to enforce use of stronger passwords If the box is not ticked only numbers are letters used Minimum number of character Specifies the required level of complexity of the client password Valid values are 1 to 4 sets The value specifies the number of character groups that are required to be present in the password
22. e synchronized as events Calendar events Tick the box and select whether you want to have synchronized All tasks or Incomplete tasks only Synchronization Those tasks can be synchronized either to a New calendar folder or Merged to default calendar type folder In the case of a New calendar folder option a new calendar type folder with an original task folder name is automatically created Sync Notes as In the case the device does not support notes synchronization notes can be synchronized as other item types Select whether you want to have notes synchronized as Events Tasks or Tasks amp Notes Android app Synchronization Those notes can be synchronized either to New folders or Merged to default folder type In the case of New folders option a new folder of the respective type with an original notes folder name is automatically created Page 22 IceWarp Server ActiveSync Guide Field ES This field shows the device ID which cannot be edited Device Model This field skows the device model Page 23 IceWarp Server ActiveSync Guide Device Configuration A WARNING The first synchronization will delete all current contacts and calendar data from your device and replace them with the data in your server account This is the intended behaviour when a new device is assigned to an employee and avoids item duplication Backup Existing Data However in real world valuable data often exist on the device befor
23. e triggered on a device with device lock enforced if a user incorrectly enters the password more than a specified number of times the policy default is 8 times but the administrator can adjust this value After a few missed attempts the device displays a confirmation prompt that requires the user to type a confirmation string usually a1b2c3 to continue This prevents the device from being wiped by accidental key presses Once the password retry limit is reached the device immediately wipes itself erasing all local data Remote Device Wipe Remote wipes occur when the administrator issues an explicit wipe command through the Microsoft Exchange ActiveSync Device Management dialog Remote wipe operations are separate from local wipes and a device can be wiped remotely even if Microsoft Exchange ActiveSync security policies are not in force The wipe command is pushed as an out of band command so that the device receives it on its next synchronization The device user cannot opt out of the remote wipe E mail Confirmation The system sends an acknowledgment message as soon as the device receives the wipe command alerting the account owner and the system administrator in Cc that the wipe occurred and has been completed successfully Devices that do not support security policies do not support Remote Wipe and the Remote Wipe status in the ActiveSync Devices dialog will show Unsupported The administrator will need to exempt such devices from s
24. e wireless synchronization is enabled Some devices have the option to merge existing data with server account two way sync while other do not you need to use another synchronization method to keep any existing data For testing create a backup of your device data using desktop tethering and application supplied with your mobile device ActiveSync iSync Nokia PC Suite You can then restore the data on the device and synchronize them back to your account For production you can either move your contacts to a SIM card first and after ActiveSync setup copy them back to your address book or use a SyncML client prior to ActiveSync setup to synchronize all contacts and calendar data to your server two way sync or one way sync to a server first The same data will then be available after the first synchronization on the device and within your server account Configuration Locate ActiveSync settings on the device Usually when you create a new account a wizard will walk you through the setup process If there are any existing ActiveSync accounts you need to remove them first install the client application on the device a wizard will walk you through the setup process For details see the accompanying literature to these products For devices with AutoDiscover you will need to enter only username this is your email address and password the server name and domain name will be located according to the email address domain part if it ma
25. ecurity policies on his own decision and instruct the device user to engage the on device security features to passcode protect the device and perform Local Wipe after 10 unsuccessful passcode entry attempts Defining Policies System administrator can define mobile security policies on global domain user and device levels and they will be applied to individual users automatically unless the policy is specifically disabled or modified for a particular domain user or device No policies are enforced by default B NOTE The window title of the ActiveSync Devices dialog tells you for which account or domain the policies apply Global Level Policies GroupWare ActiveSync Device Management Global Policies The global level policies are applied to all domains users and devices accessing the server unless configured otherwise on lower level Default Policies By default global level policies are not enforced and configured to use so called neutral provision this is a policy which cancels any previously defined policies and reverts the on device security settings to factory defaults where they can be freely configured by the user or turned off completely Page 14 IceWarp Server ActiveSync Guide Policies F UM Ex In order to inherit policies from a higher level click Apply button bellow Sese Scrat Dese Den jan V Require password on device 7 Minimum password length characters E Disabl
26. ent proceeds but SyncKey is the same SmartSync is initiated there was a change on server gt a4a5231d6acc77f60e477a8e23c12c2c alex icewarpdemo com 0000 15 35 43 gt gt gt 200 OK Sync xmlnsz AirSync Collections Collection lt Class gt Contacts lt Class gt lt SyncKey gt 32 lt SyncKey gt Collectionld 2d97d4e09a389f127e37a69c79b45c159 Collectionld lt Status gt 1 lt Status gt lt Responses gt lt Add gt lt Clientld gt 26477 lt Clientld gt lt Serverld gt 3b137c61c028 lt Serverld gt lt Status gt 1 lt Status gt lt Add gt lt Responses gt lt Collection gt lt Collections gt lt Sync gt lt Server sent OK status to resume the synchronization of the preceding item but with a new SyncKey gt a4a5231d6acc77f60e477a8e23c12c2c alex icewarpdemo com 0000 15 36 12 lt lt lt Sync Sync xmlnsz AirSync Collections Collection Page 41 ActiveSync Guide IceWarp Server ActiveSync Guide lt Class gt Contacts lt Class gt lt SyncKey gt 32 lt SyncKey gt Collectionld 2d97d4e09a389f127e37a69c79b45c159 Collectionld DeletesAsMoves GetChanges lt WindowSize gt 50 lt WindowSize gt lt Collection gt lt Collections gt lt Sync gt lt Client requested standard incremental sync gt a4a5231d6acc77f60e477a8e23c12c2c alex icewarpdemo com 0000 15 36 34 gt gt gt 200 OK Sync xmlnsz AirSync Collections Collection
27. ers to always enable the encrypted SSL connection At best install a CA issued certificate Verisign DoCoMo on your server Use on server anti spam and anti virus wherever possible to filter out malicious emails phishing and malware Use encryption options or install software enabling this for any sensitive user data stored on memory cards Never store passwords PIN numbers and other sensitive information on a mobile device If you have to use a password manager application which allows setting a strong keychain password can wipe data on failed password entry and synchronizes with a desktop software so that you do not lose data when device is lost stolen or wiped Disable Bluetooth Discoverable mode and enable it only when pairing with a new accessory e g a headset or another mobile device e g when receiving a business card Consider to install Anti Virus even on mobile devices especially on Windows Mobile platform Use the advanced Security Provisioning features to establish corporate security policies Set a reasonably short Inactivity timeout before the device locks Require PIN for unlocking Local Wipe on failed unlock attempts Minimum PIN length strength and expiration Instruct users to engage the built in security features themselves even if they are not predetermined by Security Provisioning Page 34 IceWarp Server ActiveSync Guide SmartDiscover Overview Due to many different services and protoco
28. es the user should be instructed to use Synchronize Now option to re establish the connection after the charge 9 Push does not work Push capability may not be available PocketPC Windows Mobile 5 0 See the ActiveSync Compatibility Matrix All Windows Mobile devices and some Nokia handsets require SSL to be enabled for push to work See the SSL and Windows Mobile Devices chapter The SSL certificate used by the server may be expired On device make sure Push is turned on for Windows Mobile go to ActiveSync Menu Schedule Peak times Off peak times and select As Items Arrive for iPhone go to Settings Mail Contacts Calendars Fetch New Data and turn Push on other devices will have similar options in advanced settings Windows Mobile devices are not capable of Push if Wi Fi is the only connection available in spite you configure them for Push they will poll the server each 30 minutes for changes until you activate a cellular data connection GPRS EDGE or 3G Note that most devices are set to turn off data connections while abroad roaming make sure it is not the case Some clients also allow you to set a schedule for Push e g each workday 8AM to 5PM make sure you are within the schedule or disable this option On IceWarp Server check that GroupWare General Push Server is active Enable the logging in System Logging Services GroupWare Push If it is blank for a long time while there is conclusive email and
29. ess to devices that do not fully support password settings check box Page 19 IceWarp Server ActiveSync Guide Exempting Trusted Users Administrator can also exempt individual domains or users from policies defined on global or domain level respectively by creating an individual policy configuration on the corresponding level For example you can specifically disable the security policies for individual users who you want to exempt from the settings you have configured on a global domain level These exceptions are useful if you have specific trusted users who do not require device security settings However when using this feature bear in mind that executives or other key employees who might request exemptions most likely have highly valuable data on their devices and should not necessarily be exempted from security policies To exempt a user open the ActiveSync Devices dialog in that user s Service tab click User Policies and tick the Allow access to devices that do not fully support password settings check box t may be useful to leave the Refresh settings on device option enabled so that the provisioning is regularly retried in case the device firmware or ActiveSync client version was upgraded with the support for security policies the password policy would be automatically applied In other cases it may be turned off Cancelling the Security Policy To cancel the security policy on a particular device navigate to the device
30. evice model to our Product Support Helpdesk 8 Push works sometimes gets stuck stops after period of time stops randomly Check if there are no schedule settings causing Push to stop When using WiFi only in network connection settings e g Connections WiFi Settings Power Mode make sure there are no settings enabled that would prevent WiFi from working while the screen is off or the device in standby sleep locked On device disable any force like settings related to Hearbeat interval or set it to a lower value maximum supported by the server is 30 minutes see chapter Changing the server Heartbeat interval Heartbeat interval means how much time that the device calculates should pass between pings to the server See ActiveSync logs after how much time the device disconnects and if it reconnects afterwards or not In some cases a mis configured WiFi access point may prevent the device from reconnecting try on a different network or turn off WiFi to test if this is specific to WiFi connection only or Wifi mixed with 2G 3G Verify power saving settings on the device Some models such as new Nokia E series turn off data connectivity automatically to conserve the remaining power when on low battery Blackberry s turn off the radio completely on low battery It can take the full heartbeat interval for the device to reconnect after its charged and only the first and the following events after the reconnect will be notified In such cas
31. f higher level provisions Policies configured on an upper level are automatically propagated to all lower levels If they were previously customized they can be overwritten using the Inherit button When you open a policy configuration dialog for a domain the options configured on the global level will be already enabled and similarly for domain user and user device levels B NOTE The label at the top of the ActiveSync Devices dialog it reads whether the policies were inherited from default server domain user level or if they were customized tells you that you can inherit them from upper level You can tell that a policy was inherited from an upper level by opening the policies configuration dialog and observing the Inherit button if it is greyed out it means the policy was not set on this level but inherited from higher or default level If it s enabled it means the policy was customized on this level domain user or device and gives you the option to cancel the customization and revert to the policy configured on higher level global domain or user Accepting the Policies Once the device security policy is defined on the server it is sent over the air to each device upon the next synchronization including the first synchronization after configuring ActiveSync on the device On the initial receipt of the policies the user is asked to accept or decline the policy If the policy is not accepted the user will be unable to sy
32. folder names to be incorrectly translated to UTF To verify this is your case try the synchronization with a newly created account If it works you need to fix records in your GroupWare database First of all make a proper backup for roll back in case of any problem Then in the Administration GUI System Tools Database Migration select the destination DB and tick the Repair UTF 8 character set check box Click Start Migration When done go to the GroupWare General tab and in Database Settings select the database you have just created Apply the settings and restart GroupWare service In case the issue persists contact our support engineers Page 27 IceWarp Server ActiveSync Guide 5 Enable the ActiveSync logging System Logging Services Then check ActiveSync log for activity related to the affected account 6 If there are no entries in ActiveSync log the service has failed to initialize This can be due to mis configured PHP processor See the PHP Error log for unusual entries Re install IceWarp Server to recover a corrupt PHP installation Re install IceWarp Server to recover a corrupt ActiveSync installation 7 If there are some errors in ActiveSync log that you are unable to decipher and the problem still persists having attempted all the resolutions above copy the relevant part of the log along with some entries before and after the error to a plain text file and email it with a brief issue description and d
33. g on the device level Device Level Policies Device specific security policies are special since they can be created only for a device which has already connected to the server before meaning its DevicelD is known to differentiate it from other similar devices of the same user GroupWare ActiveSync Device Management user device type Manage Device Device Policies or Domains amp Accounts Management domain Services ActiveSync Devices user device type Manage Device Device Policies or Domains amp Accounts Management domain user Services ActiveSync Devices user device type Manage Device Device Policies or double click an item in the device list on any level and select Device Policies Page 18 IceWarp Server ActiveSync Guide The dialog allows you to configure device specific security policies cancel or exempt some device from policies inherited from an upper level from the security provisioning by unchecking the Enforce password on device option This is particularly useful in case the account is synchronized with several devices and you wish to relieve just a specific device from the previously applied policies while any other devices the user is using or will use as a replacement in the future should have the security policies applied Policies Inheritance Lower level provision are meant for fine tuning or customization o
34. his email is sent to the user when the device is requesting changes for an invalid folder ID such as when the folder was deleted and does not react to folder synchronization request sent by the server The server attempts 3 times to send folder synchronization command to the device when the device does not react server stops responding to ping commands regarding that folder Solution Just do what it says delete and recreate the EAS account on the device Or if everything continues to work normally you can ignore it Page 31 IceWarp Server ActiveSync Guide GroupWare Mailbox Access GroupWare Mailbox Access extends the capability of ActiveSync compatible mobile devices to work with resources which are not natively supported by Microsoft Exchange ActiveSync such as Files Notes and Tasks These items are transparently converted to email messages and made available in mobile email client under the corresponding folder name exactly as seen in WebClient or Outlook multiple folders or localized folder names are supported too Where users would normally need to install and multitask with several applications on their devices to enable the synchronization such as WebDAV client SyncML task manager thanks to GroupWare Mailbox Access the items are securely synchronized to the device as emails on demand or using DirectPush where available including their full detail categorization attendees and attachments The original Versit object the n
35. ialog This dialog lists all devices that use ActiveSync See lower DB Settings Click the button to reveal the Database dialog Here you can define ActiveSync database properties ActiveSync Devices server Devices Account gt Device Model Device Type Protocol Version Registered Last Sync Remote Wipe mike icewarp com B l iPad OS 6 1 3 108329 14 0 2013 09 04 13 14 2013 09 18 15 32 Waiting mike icewarp com Outlook 2013 1 WindowsOutlook15 14 0 2013 09 19 14 33 2013 09 19 16 51 Menage Devoe bs Devoe toms ox J ewe PRENNE Global Policies Domain Click the button to set security policies on server domain user level for all devices For more Policies User Policies details refer to the Security Policies section Manage Device Click the button to manage device settings The Device Settings dialog opens For more information refer to the Device Management chapter Delete Device Click the button to delete the selected device This action will remove the device from the ActiveSync database and will cause it to full synchronize on the next scheduled or manual sync This option can be safely used to resolve some synchronization errors without affecting other devices Clicking this button brings you to the Status Logs page with ActiveSync selected Page 12 IceWarp Server ActiveSync Guide Security Policies Security Policies can be applied to mobile devices synchronizing
36. ified value in milliseconds tool set system C PushServer Heartbeat 1800000 If you wish to set the heartbeat higher than the default 30 minutes you need to modify the web server settings to extend PHP session timeout In case you are running ISAPI web server mode this is the default on Windows this step is not required In case you have switched the default ISAPI mode to FCGI Fast CGI see WebClient Administration Guide for details or search the knowledge base for FCGI or if you are running Linux where FCGI is default then you need to modify the web server settings accordingly Edit this section in Installation root gt config webserver dat and set the same value in milliseconds for Linux lt ITEM gt lt TITLE gt activesync lt TITLE gt lt MODULE gt fastcgi var phpsocket scripts phpd sh 1800000 lt MODULE gt lt ITEM gt for Windows lt ITEM gt lt TITLE gt activesync lt TITLE gt lt MODULE gt fastcgi php php exe 1800000 lt MODULE gt lt ITEM gt Email Message ActiveSync Folder Push Request Status Users can experience the situation when they obtain the following message For technical maintenance reasons the server requests your mobile device iPhone appl866254sede to perform a synchronization of your folders In the case the synchronization is not performed by the device automatically remove and add your ActiveSync account If problems persist contact your technical helpdesk Explanation T
37. int your browser on a computer located within the same LAN as the device to https hostname Microsoft Server ActiveSync A dialog window should come up asking for username and password If it does not the web service is misconfigured the Scripting settings for ActiveSync are missing for the Default web service host a firewall is blocking the connection or there s some other network error You can confirm this by checking the web server log and PHP error logs for some related entries in this case there would be no track of the ActiveSync connection Verify the settings in Web Service Default or other site you have configured Scripting It should look like on the picture below The corresponding entries can be found in Installation root config webserver dat Page 26 IceWarp Server ActiveSync Guide Error Responses HTTP Header Rewrite Directory Aliases Web Site Options Access Scripting MIME Documents Scripting Add modules wes dll wes 3 php php dll web Ed php php dll activesync Delete php php dll php php dll php php dll php php dll Cancel NOTE There should be ActiveSync related entries under the lt EXTENSIONS gt group as well as under the lt SPECIAL gt group lt EXTENSIONS gt lt ITEM gt lt EXIT gt lt MODULE gt php php dll lt MODULE gt lt TITLE gt activesync lt TITLE gt lt ITEM gt lt EXTENSIONS gt lt SPECIAL gt lt ITEM
38. ion request should be returned from the server When authenticated properly via HTTP Authentication an XML response is returned from the server 2 Original domain attempt If the URL does not exist or failed with an error the client should retry additional URL using the same mechanism https domain com autodiscover autodiscover xml Page 35 IceWarp Server 3 MX query host attempt ActiveSync Guide If still not successful a client MAY issue a DNS MX query for the domain to list the records that correspond to the server s hostname It checks all MX records in the order of preference and attempts to contact the same URL as in step 2 https mxhost1 autodiscover autodiscover xml https mxhost2 autodiscover autodiscover xml B NOTE This step is specific to clients developed by IceWarp and does not follow the original Microsoft specification Response When received a successful HTTP 200 OK response with Content Type text xml the following structure is returned lt Autodiscover gt lt Response gt lt Culture gt en en lt Culture gt lt User gt lt DisplayName gt John Doe lt DisplayName gt lt EMailAddress gt john doe com lt EMailAddress gt lt User gt lt Account gt lt Protocol gt lt Type gt MobileSync lt Type gt lt Server gt http localhost Microsoft Server ActiveSync lt Server gt lt Name gt http localhost Microsoft Server ActiveSync lt Name gt lt LoginName gt john do
39. lm OS WebOS are registered trademarks of Palm Inc Android is a registered trademark of Google Inc Nokia for Exchange is a registered trademark of Nokia Corporation NotifySync is a registered trademark of Notify Corp AstraSync is a registered trademarks of MailSite Software Inc Moxier is a registered trademark of Emtrace Technologies Inc MySQL is a registered trademark of MySQL AB For support of the aforementioned products or to inquire about legal and privacy issues arising from their use please contact the respective vendors or visit their websites for more information Compatibility Microsoft Exchange ActiveSync supports many mobile operating systems out of the box Windows CE PocketPC Windows Smartphone Windows Mobile 5 x 6 x Apple iOS Symbian S60 S90 powered Nokia phones latest firmware PalmOS4 Google Android BlackBerry 10 Windows Phone 7 x 8 x Windows 8 x desktop MS Outlook 2013 If native ActiveSync support is not available optional 3rd party application needs to be installed on the device to allow synchronization using ActiveSync Older versions of Nokia N Series E Series S60 v3 Mail for Exchange free download from Nokia Symbian S60 S80 S90 UIQ DataViz RoadSync BlackBerry Notify Corp NotifySync OS 4 0 and higher MailSite Software AstraSync OS 4 2 and higher 8xxx 9xxx series Android OS Exchange by Touchdown or Moxier Mail by Emtrace Technologies Motorola
40. ls used in communication software these days end users are often in doubt how to setup their client applications email client mobile synchronization VoIP client and so on Administrators need to use various mass configuration tools or create detailed how tos for end users It is also time consuming and prone to error to configure all server s protocols in the client application A solution to retrieve all the server s capabilities and supported protocols is required SmartDiscover is a mechanism which ensures that any client application once supplied email address and password every user must know their email address and password and authenticated by the server will receive a complete list of available protocols ports URLs and server addresses All communication is encrypted by SSL connection between client and server and SSL certificate is also used to validate the server hostname User can start working immediately with zero configuration required SmartDiscover within ActiveSync is 10096 compatible with Microsoft AutoDiscover technology Microsoft has implemented AutoDiscover in Exchange server for Outlook and Windows Mobile ActiveSync clients only IceWarp goes further and extends available applications by its own email client SIP and IM clients and the notifier utility Virtually any protocol settings can be configured using SmartDiscover feature provided that the corresponding client has SmartDiscover support built in MSDN Links htt
41. me very little data traffic even when re enforced on a regular basis The screenshot below show the security settings on Apple iPhone that can be user defined As soon as the server security policy is enforced the user can not modify the enforced options Apple iPhone Settings General Passcode Lock tl T Mobile 23 55 om General Turn Passcode Off Change Passcode Require Passcode After 15 min gt Erase Data ET Erase all data on this iPhone after 10 failed passcode attempts Local and Remote Device Wipe When a mobile device is lost or stolen the potential security risk can be significant Mobile devices often contain sensitive business data including personally identifiable information of employees and customers sensitive e mail messages and other items Microsoft Exchange ActiveSync helps minimize this risk by providing two levels of device wipe capability Wiping the device locally or remotely has the effect of performing a factory or hard reset all programs data and user specific settings are removed from the device The device wipe implementation wipes all data settings and private key material on the device by overwriting the device memory with a fixed bit pattern greatly increasing the difficulty of recovering data from a wiped device Page 13 IceWarp Server ActiveSync Guide B NOTE Time to complete device wipe on Apple iPhone can take up to an hour Local Device Wipe Local device wipes ar
42. nchronize with the system and no data will be sent to the device from the server Once the policies are accepted the only way to disable them is to do a hard reset on the device which will also delete any user data including the previously configured ActiveSync account Similar dialog is shown when the policies have been changed requiring the user to change password according to the new policy requirements E mail Confirmation If the policy is not accepted by the user or if the security policies are not supported by the device see the ActiveSync Devices dialog the Remote Wipe column would read Unsupported and administrator does not allow non conforming devices the user and server administrator in Cc will receive an e mail informing that the device could not connect to the server Exempting Non Provisionable Devices Another feature allows the administrator to specify that users with older devices without security policy capacity may still connect to the system This enables administrators to allow connections from older devices Windows Mobile 5 0 without Feature Pack Palm devices until those devices can be replaced while still providing policy controls for devices that fully implement Microsoft Exchange ActiveSync and automatically enforce them as soon as the older devices are replaced with fully compatible models To exempt a device open the Device Policies dialog or double click the device in the device list and tick the Allow acc
43. nnected devices by domain user including exact model name Remote Wipe to wirelessly delete all data from a stolen lost handheld Remote look up in company wide Global Address Lists GAL email address auto complete email contact list look up User access to devices lists some policies and Remote Wipe from WebClient AutoDiscover simplifies the device setup to entering just username and password SmartSync Smartly recovers from situations when network error occurs during server response to client requests Meeting invitation retrieval and accept decline actions Security policies to enforce device password its strength maximum allowed unlock attempts local wipe to delete all data in case of abuse all security policies are implemented on IceWarp Server side real functionality depends now on a device side ist of supported policies Current Limitations TNEF formatted meeting invitations sent from Outlook are not supported can not be responded to by the means of EAS or IceWarp WebClient Page 7 IceWarp Server Over the air Synchronization Advantages No middleware servers No desktop sync software or cables No service or subscription fees Advantages over SyncML Broad device support for out of the box functionality Device management features Push over TCP IP Access to shared folders Multiple folder synchronization on some devices DirectPush Advantages Immediate notification of
44. onization frequency and the battery life Resetting the ActiveSync Database WARNING This will cause some devices to full synchronization and some devices which were enabled for Push may experience up to one hour break before Push kicks in again Full synchronization means that all data which were up to now synchronized to the device will be deleted and synchronized again in one step This can cause undesired data transfers and tax the battery Therefore it is recommend to always use a limited look back range for email synchronization ActiveSync is using a database storage for data which are processed on the fly but need to be preserved when a service is restarted or server rebooted No maintenance is required from the server administrator the database entries are manageable from GUI in Management user Options ActiveSync settings you can list active devices disable the account remove a dead device perform RemoteWipe and set Security Policies The database comes pre configured with server installation and is using PDO connection to the server By default it is using SQLite RDBMS same as WebClient which comes default with PHP installation but for better performance can be switched to MySQL or Microsoft SQL Server through controls in WebClient PDO Connection To resolve general errors with ActiveSync you may want to delete the database or just rename it to keep a backup for roll back Delete the file IceWarp Installa
45. p msdn microsoft com en us library cc433481 aspx http msdn microsoft com en us library cc463896 aspx Test https www testexchangeconnectivity com How it Works The client application once supplied with the user s email address will try to contact the server through HTTP GET requests using the domain part of the email as a basis The communication is secured by SSL for data encryption and validation of the remote host This assumes an SSL certificate installed on the server that the device can recognize CA issued If the URL does not exist or failed with an error the client retries the other URL using the same mechanism until the server s SmartDiscover service can be contacted The preset URLs are following in order to be compatible with ActiveSync enabled devices https autodiscover domain com autodiscover autodiscover xml https domain com autodiscover autodiscover xml The client will then authenticate by HTTP authentication using the same email address and password combination and if successful the server will return the configuration details in the form of an XML formatted plain text file The client reads the parts corresponding to services it provides and configures itself without any user s interaction Request 1 SmartDiscover domain attempt A client having an email address and password of the user will issue a simple HTTP GET request to https autodiscover domain com autodiscover autodiscover xml Authenticat
46. parent for any client Similar to suspend and resume sync in SyncML it is able to recover from situations when network error occurs in the moment when server responds to client requests The client can t tell if there was a network error unless the connection drops altogether on TCP IP level such as when the network session times out PHP instance is terminated or times out SmartSync is initiated whenever client sends another request with SyncKey equal to the preceding request received This indicates that server response status and on server changes did not arrive to client so it did not increment the SyncKey Exchange Server would initiate a full synchronization at this point to prevent data loss or corruption items could have changed on client or server side in the meantime When in SmartSync mode IceWarp ActiveSync server sends status response to all preceding incomplete requests and then repeats all preceding requests to add change delete items as they were or changed if they have changed in the meantime on the server with conflicts resolved according to user defined settings or the default server wins policy If there were client changes in the meantime server only confirms the status to proceed with synchronization and any client changes are reflected later after the resume The synchronization then continues normally SmartSync can be activated as many times as needed and is able to recover the sync even if up to every other sync req
47. rchive W Public folders Shared folders Dove fle sa ense Woe frie em m SSCS GroupWare Folders select whether you want to have Default folders only All folders or All with GroupWare as email folders synchronized to the device All with GroupWare as email Mail Folders Select whether you want to have Default folders only or All folders synchronized to the device Special Folders Tick the box if you want to have respective folders synchronized to devices e Archive e Public folders e Shared folders Device Policies Click the button to open the Policies dialog For more details refer to the Defining Policies chapter Set Remote Wipe Click the button to initiate Remote Wipe for the selected device You will be asked to confirm that you wish to wipe the device Once Remote Wipe is initiated you can observe its status in the Remote Wipe column The dialog will automatically refresh as the Remote Wipe command is in progress Unsupported means that the device does not support Remote Wipe or other security provisions as well Waiting means that the command will be sent upon the next synchronization if the device is not set for Push or out of coverage the server needs to wait before it reconnects After Remote Wipe is successfully performed on a device the device is deleted from the list and the system sends an acknowledgment message to the account owner and system administrator in Cc as soon as the devi
48. s device when synchronization is attempted Authentication failed Double check the user credentials configured on the device The username is always a full email address Connection to the server failed Network error Check your wireless connection Some devices come pre configured to use a WAP access point to connect to Internet This will not work for ActiveSync over HTTP protocol you need to subscribe to a data plan and configure GPRS 3G access point such as internet t mobile com Check the hostname in ActiveSync settings Check that you can connect to WebClient from within the browser on your device adding webmail pda to the hostname Check if you have the web server running on a standard port number use 80 or 443 for secure connection Check if you have any Rewrite rules configured in Web Service settings Check that default document includes index php Normally after providing the authentication details email address and password the client configuration should proceed with SSL certificate warning in case of untrusted self signed certificate as the device is connecting to AutoDiscover service first If the service is not found the same dialog would come up later in the second round after your enter the server hostname If it does not most probably the problem is not in ActiveSync but rather in web server settings of your server or network configuration To check whether the connection to IceWarp web service is working po
49. serve battery life On some devices Push can be turned off just for email and remain on for PIM synchronization this will provide some advantage in battery life over downloading each new email to the device instantly and still keep the address book and calendar always in synchronization Push generates only a little data traffic until items get actually synchronized with the server comparable to IMAP IDLE for example It is the open network connection which consumes power Turn WiFi off if you have a working connection using 2G or 3G mobile network Turn off scanning for new WiFi networks at the very least Set your home mobile network manual network selection and turn off scanning for other networks automatic network selection unless you are travelling Disable Bluetooth unless you frequently use a wireless headset Set the heartbeat interval if such option is available on the device to a longer period of time up to 30 minutes If you experience issues like fewer new email notifications use the default or automatic heartbeat Do not alter the Heartbeat interval set in IceWarp server unless you urgently need to Setting it lower will cause more frequent updates pings from the device to server which will tax the battery exponentially more Page 33 IceWarp Server ActiveSync Guide Security Tips Establish a strong password policy for server authentication through Administration GUI Policies Password Policy Instruct us
50. ss Mode verify whether ActiveSync is enabled For MobileSync ActiveSync check that in System Services SmartDiscover the same URL appears as in the ActiveSync node URL field See the SmartDiscover section for details In System Services General Web Properties verify that SSL port is set to use port 443 AutoDiscover will not work without this setting For additional security protection and best AutoDiscover DirectPush performance install a digital certificate on the server from a trusted certificate authority such as Verisign Page 11 IceWarp Server ActiveSync Guide ActiveSync URL http server domain Microsoft Server Active Sync ae C URL URL consists of The server address or alias lt mail domain com gt This hostname alias has to be set in a client exactly otherwise synchronization will not work NOTE Default ports 80 for HTTP 443 for HTTPS are not specified The use of other ports for control service is NOT recommended the service could fail The path specified by Microsoft Microsoft Server ActiveSync NOTE This part of URL cannot be changed This part is only made visible for troubleshooting so that you can identify the session in web server logs This URL tells you where each ActiveSync capable device connects by default You should not use this URL part in server name when setting up the device Device Management Click this button to reveal the ActiveSync Devices d
51. tches a part of the server hostname or using an MX DNS lookup if it does not Description Account ID description Any descriptive account name Username lt user usersdomain gt Full email address of the user Password Password User s password You may be asked to accept an untrusted SSL certificate if it s not already installed on the device or if your server is using a self issued rather than CA Certificate for HTTPS For devices without AutoDiscover support you will need to provide additional information Server name hostname e g mx99 icewarpdemo com Domain lt usersdomain gt e g icewarpdemo com NOTE Do NOT use http or https protocol prefix with the hostname Do not enter anything else after the hostname not even a forward slash You can safely leave the domain blank this field is ignored Users are identified solely by their full e mail address Finally there should be options to enable Email Contacts Events and Tasks synchronization Advanced settings may include option to enable Push or if a synchronization should occur on a defined schedule set date range of items to synchronize select folders to synchronize with built in applications set custom notifications and other settings mostly specific to a device platform or application version Passwords are transmitted in plain text as a limitation of the EAS protocol Page 24 IceWarp Server ActiveSync Guide We strongly recommend to t
52. tion Root gt calendar activesync db sync db No data will be lost these are stored separately in GroupWare database only the list of devices will be cleared and populated automatically as the devices reconnect To resolve synchronization problems with an individual account administrator should better use the ActiveSync Device Management Delete Device option to the very same purpose However in this case only the specific device will be reset and caused to full synchronization Changing the Server Heartbeat Interval In some rare cases you may want to experiment with the optimal heartbeat interval IceWarp Server accepts any heartbeat interval requested by the device which is lower than 30 minutes Usually the device will configure the optimal setting automatically On some devices you can set it manually Setting it higher can improve battery life while on push but longer than 30 minutes is not recommended as sessions may be interrupted on network level by routers Setting it lower will guarantee frequent updates of the IP address the device is listening on and could be used in cases where Push is stopping after a regular period of time Setting the maximum heartbeat acceptable for the server can be done by setting the internal server variable through a command line tool To display current heartbeat in milliseconds tool display system C PushServer Heartbeat Page 30 IceWarp Server ActiveSync Guide To set the heartbeat to spec
53. uest is not completed as it should The commented log snippet illustrates an interrupted synchronization with subsequent change of the item on the server client device is an iPhone a4a5231d6acc77 60e477a8e23c12c2c alex8icewarpdemo com 0000 15 35 01 lt lt lt Sync Sync xmlnsz AirSync Collections Collection lt Class gt Contacts lt Class gt lt SyncKey gt 31 lt SyncKey gt Collectionld 2d97d4e09a389f127e37a69c79b45c159 Collectionld DeletesAsMoves GetChanges lt WindowSize gt 50 lt WindowSize gt lt Commands gt lt Add gt lt Clientld gt 26477 lt Clientld gt lt ApplicationData gt lt FileAs xmIns Contacts gt Alex lt FileAs gt lt LastName xmlns Contacts gt Alex lt LastName gt Picture xmlns Contacts gt lt ApplicationData gt lt Add gt lt Commands gt lt Collection gt lt Collections gt lt Sync gt lt Client added an item successfully but server response is missing here due to an error gt Page 40 IceWarp Server a4a5231d6acc77f60e477a8e23c12c2c alex icewarpdemo com 0000 15 35 43 lt lt lt Sync Sync xmlnsz AirSync Collections Collection lt Class gt Contacts lt Class gt lt SyncKey gt 31 lt SyncKey gt Collectionld 2d97d4e09a389f127e37a69c79b45c159 Collectionld DeletesAsMoves GetChanges lt WindowSize gt 50 lt WindowSize gt lt Collection gt lt Collections gt lt Sync gt lt Cli
54. ure if the user is a member of more groups GAL can contain photos certificates and other resources associated with a contact Groups in GAL GAL supports listing of group accounts Creating GAL Automatically Create a new group account Ctrl G check the Create a public shared folder option name the folder e g Contacts and check the Populate GAL with group members option Switch to the Members tab click Add and select any accounts on the server then confirm the selection by clicking the Select Account button You can repeat this step until the GAL is populated with all members READ access is enough for GAL Manually Assume you have a user account a group account or a Public Folder which contains a public Contacts folder that you want to publish as GAL Go to GroupWare Public Folders select the account select the Contacts folder if there are multiple Contacts resources you can select which of them will be your GAL in the Folders dialog click Set as Global Address List GAL The GAL tag will appear next to the selected folder Page 38 IceWarp Server Pub c Folder Folder name Account Share Mode mke icewarptest com Account is shared only with defined members Access Control List Folders Files Directory Mapping ActiveSync Guide farc rcm c Page 39 IceWarp Server ActiveSync Guide SmartSync SmartSync is a unique extension to EAS protocol fully trans
55. urn on the SSL option to encrypt all communication B NOTE As a best practice email look back range should be set to a limited number of days This means considerable savings in data transfers and power consumption should an error occur and the device would have to synchronize all data from scratch full synchronization or initial synchronization when account is deleted and added back Page 25 IceWarp Server ActiveSync Guide Troubleshooting To resolve possible problems with Microsoft Exchange ActiveSync go through the following steps 1 Have you upgraded from version 9 or older by other means than by in place upgrade Have you restored settings of version 9 or older on your version 10 server The settings backup is not backward compatible and your webservice dat settings will be corrupted Read on for the correct configuration but you may not be able to make it work and other services are likely to fail as well As many as 40 upgrade scripts are executed through the upgrade to version 10 most prominently GroupWare database transformation takes place thus skipping this part of installation is strongly discouraged and advanced services including Microsoft Exchange ActiveSync are poised to fail Please follow the correct upgrade procedure first Make sure the steps in the On server Setup section have been followed Make sure the DeviceConfiguration steps have been properly followed Note any error message displayed by the wireles
56. ver for ActiveSync one of the A records above must exist 2 Anon expired CA issued SSL certificate needs to be installed on the server for SmartDiscover to work with iPhone Windows Mobile requires a non expired either self signed or CA issued SSL certificate public key to be installed on the device corresponding to the certificate installed on the server Otherwise the SmartDiscover will fail due to untrusted connection with the server and therefore untrusted authentication 3 In System Services Control Properties set SSL port number to 443 SmartDiscover will not work without this setting on most ActiveSync devices Page 37 IceWarp Server ActiveSync Guide Global Address List The Global Address List GAL also known as Global Address Book is a directory service within the Microsoft Exchange email system The GAL contains information about all email users distribution groups and other Exchange resources What is GAL in IceWarp Server GAL is any public contacts folder with a GAL flag an IMAP user account which contains a public Contacts folder set as GAL a Public Folder which contains a public Contacts folder set as GAL GAL can be automatically populated from a group s member list there can be multiple GAL folders one for each public folder and user can browse through all of them on Windows Mobile iPhone or Blackberry taking advantage of a transparent multi folder access having multiple GAL is also a great feat
57. with Java MIDP 2 0 DataViz RoadSync Features ActiveSync allows synchronization of the following items not all items need to be supported by the client device Emails Page 6 IceWarp Server ActiveSync Guide Contacts Calendars Tasks Notes DirectPush always on capability for Email Contacts Calendars Tasks Advanced and device management features Synchronization of the complete folder structure including shared and public folders displaying non email folders in IMAP folder structure multiple folder synchronization if supported by device selecting folders to synchronize with built in applications Folder management add delete rename move operations on folder tree mail folders management is available on all devices native groupware management is available only on Apple devices virtual groupware folders management is available on all devices Complete email handling send reply forward mark read unread etc Flags synchronization flagged replied forwarded Attachment handling including Windows Mobile platform Using filters user defined synchronization Email look back range sync emails not older than specified number of days Email filters sync messages of given size or not including an attachment Event look back range sync events within number of days in the past Tasks sync tasks that are not marked as completed Device Management and Provisioning Listing all co
58. yTruncated xmlnss Email 0 BodyTruncated ApplicationData Add Commands lt Collection gt lt Collections gt Sync 5715efb8b0cd303a3d2c8262625559ef 0000 14 21 33 lt lt lt Ping Page 29 IceWarp Server ActiveSync Guide NOTE In some cases there are tag bodies that would not be valid in XML E g DisplayTo xmins Email John Doe lt john doe icewarp com gt lt DisplayTo gt The lt and gt signs would have to be replaced with the amp lt and amp gt entities In this case the code is WBXML where these signs are allowed and are not in conflict with syntax rules In the log these signs are not replaced to allow better B readability and to show exact content of the sent data NOTE The ping command from device is sent each X minutes where X is the heartbeat interval the range of this interval is preset on server from 1 to 30 minutes i e if the device requests e g X 60 minute heartbeat it is reduced to 30 minutes to alert the server that it is listening for changes on the originating IP address and to keep the session alive The server pings the device within these X minute periods whenever a change in server data occurs and a synchronization of the corresponding resource email folder calendar is initiated Once the synchronization is done a new ping command is sent immediately regardless the heartbeat interval NOTE The device can change the heartbeat interval according to synchr
Download Pdf Manuals
Related Search