tag:blogger.com,1999:blog-798194812750898417.post3650234639186509815..comments2011-12-12T15:36:29.080-08:00Jeffhttp://www.blogger.com/profile/05278298222887921824noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-798194812750898417.post-11985250650494198702011-12-12T15:36:29.080-08:002011-12-12T15:36:29.080-08:00If you need to access EAS over the ASA VPN, they will still need to do that. The solution presented would still not change.Jeffhttp://www.blogger.com/profile/05278298222887921824noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-85466175829652851162011-12-12T11:49:18.032-08:002011-12-12T11:49:18.032-08:00Thanks Jeff for the insightful step-by-step guide. Was wondering if you had any thoughts on how this might change if we used Cisco ASA SSL VPN with two factor authenication?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-42890295890102783362011-10-12T08:16:23.716-07:002011-10-12T08:16:23.716-07:00EAS does not offer any mechanism for users to change their expired password or unlock their account. The user will need to change their expired password using normal channels (logging in from a domain joined workstation or using OWA, assuming it&#39;s configured to do so).Jeffhttp://www.blogger.com/profile/05278298222887921824noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-50725447934423311952011-10-12T06:47:51.046-07:002011-10-12T06:47:51.046-07:00Excellent Stuff. My Q.<br /><br />How do you deal with 90 day password changes in AD and the iphone user is locked out. Is there a technical solve for this?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-53937329260286917152011-06-23T11:18:02.284-07:002011-06-23T11:18:02.284-07:00Your document is very clear and detailed, however we cant get auth to work. I think we are missing something in the exchange server setup or maybe ad. Whenever we turn on the &quot;require cert auth&quot; in exchange, our phones get error that cant connect to mail server. The cert generation part is different too, i dont see an option to put in the company name and most of that other stuff. any ideas?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-42450473432145428952011-04-04T13:14:55.712-07:002011-04-04T13:14:55.712-07:00Loved the article but was wondering there is a way to provide the web page via isa server?ochimohttp://www.blogger.com/profile/02165237413979173336noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-34998864965679002842010-06-30T14:15:59.568-07:002010-06-30T14:15:59.568-07:00Now when iPhone 4.0 has been released I tested all the ActiveSync policies to see which ones that worked. Here&#39;s a summary: http://www.sysadminlab.net/activesync/iphone-os-4-and-exchange-activesync-policies-what-really-worksAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-79797499940088644422010-02-17T03:57:54.153-08:002010-02-17T03:57:54.153-08:00Highly interesting topic Jeff - and you&#39;re right; Apple isn&#39;t anywhere near providing actual documentation. (Their guide should almost be labeled foilware...)<br />I covered parts of SCEP (for device certificates) and the over-the-air provisioning process over at my blog (http://mobilitydojo.net/2010/01/20/sinking-our-teeth-into-scep/), but I didn&#39;t cover the entire scenario like how to setup the CA, and configuring ISA and/or Exchange. From your description it looks like you might be looking at cradling the iPhones and using iPhone Configuration Utility, or accessing the certsrv site via WiFi, am I right?<br />Anyways, looking forward to proper documentation of how this should be done :)Andreashttp://mobilitydojo.netnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-42909529445571465012010-02-14T13:57:37.933-08:002010-02-14T13:57:37.933-08:00Hi Jeff<br />This sounds good, as it is similar to a requirement I have. My exchange server is on a Windows 2003 SBS, but access is via a Cyberguard firewall. What must I do to enable my iPhone to get past the firewall to the server? I sit just port forwarding, and if so, which port? 445?<br />Rod RocketAnonymousnoreply@blogger.com