Networknet.nl

Since ActiveSync role was published in ISA 2006 to my Exchange Server 2007 my Samsung i600 Windows Mobile 6 client start complaining with the warning message below.

"Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings.  Contact your Exchange Server administrator.
Support code: 0×85010004"

Before it was published with NAT and I have never seen this warning. I was not able to sync the mobile device anymore.

To fix this problem locate the Microsoft-Server-ActiveSync virtual directory in IIS MMC and uncheck Require secure channel (SSL) checkbox. Restart IIS.

This fixed my problem. Make sure you configure the internal SSL bridge to encrypt the data behind your ISA firewall. The communication between ISA and Exchange 2007 is not encrypted which is fine for lab, but for production generate a computer certificate on both ends for encrypted communication.

The default firewall configuration in ISA 2006 is to deny all traffic from and to any host. I successfully configured the OWA publishing rule for Exchange 2007 but after my initial tests from the Exchange 2007 server I found out that ICMP was disabled. All hosts behind the internal network were prohibited to use the ping command.I created new access rule to enable ICMP. See my screencast for more details.