Shulou(Shulou.com)05/31 Report--

This article mainly shows you "how to configure ActiveSync in Exchange Server 2010", which is easy to understand and clear. I hope it can help you solve your doubts. Let me lead you to study and learn how to configure ActiveSync in Exchange Server 2010.

In Exchange Server 2010, ActiveSync has three main authentication types to choose from, including basic authentication, certificate-based authentication, and tag-based authentication.

Open the Exchange Management console, expand "Server Management"-"client configuration"-double-click "Microsoft-Server-ActiveSync" at "Exchange ActiveSync" below and open its properties dialog box to set it.

Basic authentication

Basic authentication is the simplest authentication method. When using basic authentication, the server requires the client to submit a user name and password. The submitted username and password will be sent to the server in clear text via Internet. The server verifies that the user name and password provided are valid, and if so, grants access to the client. By default, this type of authentication is enabled for Exchange ActiveSync. However, unless you also deploy SSL, it is recommended that you disable basic authentication. When using basic authentication based on SSL, the user name and password are still sent in plain text, but the communication channel is encrypted.

Certificate-based authentication

Certificate-based authentication uses digital certificates to verify identity. In addition to the user name and password, other credentials are provided. These can prove the identity of the user who is trying to access the mailbox resource stored on the Exchange 2010 server. A digital certificate consists of two parts: the private key stored on the device and the public key installed on the server. If Exchange 2010 is configured to require certificate-based authentication of Exchange ActiveSync, only devices that meet the following conditions can synchronize with Exchange 2010:

1. The device installs a valid client certificate created for user authentication.

2. The device has the trusted root certificate of the server to which the user connects to establish a SSL connection.

After certificate-based authentication is deployed, users with only usernames and passwords will not be able to synchronize with Exchange 2010. The client certificate used for authentication has a higher level of security, and the client certificate for authentication is installed only if the device is connected to a computer that joins the domain through Desktop ActiveSync 4.5 or later in Windows XP or Windows Mobile device Center in Windows Vista or Windows 7.

Tag-based authentication system

Tag-based authentication system is a dual authentication system. Dual authentication is based on a piece of information that the user knows (such as his own password) and an external device (usually in the form of a credit card or key card) that the user can carry with him. Each device has a serial number. In addition to hardware tags, some vendors also provide software-based tags that can run on mobile devices.

Tokens work by displaying a * number, usually six digits in length, which changes every 60 seconds. After the token is issued to the user, it is synchronized with the server software. To authenticate, users need to enter their user name, password, and the number currently displayed on the token. Some tag-based authentication systems also require users to enter PIN.

Tag-based authentication is a strong form of authentication. The disadvantage of token-based authentication is that authentication server software must be installed and deployed on each user's computer or mobile device. Moreover, there is a risk that users may lose external devices. The cost may be high due to the need to replace the lost external equipment. However, without the authentication information of the original user, the device is of no value to a third party.

A number of companies have released token-based authentication systems. One of them is RSA. Its products come in a variety of forms, including key cards and credit cards. The one-time authentication code is sent through the tag. Each authentication code is valid for 60 seconds. Most tags also have an expiration indicator on the device, for example, a series of dots will disappear as the remaining useful time of the code becomes shorter and shorter. This helps prevent the user from entering the correct code, but it expires before the authentication process is completed. After authentication is complete, you do not have to use the new code for authentication unless you log out due to user selection or device inactivity timeout. For more information about how to configure a tag-based authentication system, see the documentation for that particular system.

To use the command line manager to configure Exchange ActiveSync virtual directory properties

This example will configure the Exchange ActiveSync virtual directory with basic authentication and the External URL for http://contoso.com/Microsoft-Server-ActiveSync.

Set-ActiveSyncVirtualDirectory-Identity "http://contoso/microsoft-server-activesync"-BasicAuthEnabled:$true-ExternalURL http://contoso.com/Microsoft-Server-ActiveSync

This example configures an Exchange ActiveSync virtual directory with basic authentication and adds a site to the block list.

Set-ActiveSyncVirtualDirectory-Identity "contoso\ microsoft-server-activesync"-BasicAuthEnabled:$true-RemoteDocumentsBlockedServers http://fourthcoffee.com

To use the command line management program to view Exchange ActiveSync virtual directory properties

This example returns the settings for the Exchange ActiveSync virtual directory on the CAS-01 server.

Get-ActiveSyncVirtualDirectory-Server "CAS-01"

This example returns the settings for a specific Exchange ActiveSync virtual directory on the CAS-01 server.

Get-ActiveSyncVirtualDirectory-Server "CAS-01"-Identity "Microsoft-Server-ActiveSync"

This example is the setting for the domain controller DOM-01 to return the Exchange ActiveSync virtual directory on the CAS-01 server.

Get-ActiveSyncVirtualDirectory-Server "CAS-01"-DomainController "DOM-01"

These are all the contents of the article "how to configure ActiveSync in Exchange Server 2010". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.