[How To] Getting your droid to Sync with Exchange 2003/2007
This will be my first How To for the droid, though I do hope to have many more coming.
This past week I have spent a lot of time searching for answers to get my droid to sync to our companies Exchange server, only to find bits and pieces of what I need on different sites. So I'm gonna save anyone else this hassle and post a full guide. Also I do apologize if this guide is a little too dumb down, I'm just use to writing how to's here for none tech people.
1). Things you need to know
Ok this guide will cover the necessary setup for Exchange 2003 or 2007 to use ActiveSync or OWA(Outlook Web Access) to do live calendar, contacts, tasks, and email sync to the Android Phone.2). Setting up your network.
This guide expects that you already have Exchange Installed with at least a standard install and setup and will only tell you the modifications that need to be made.
This guide is based on only things I've have done to get our Droids here at our office to sync up to exchange. I am not responsible for any damages that may occur. If this guide doesn't help or there are problems I'll be more then glad to assist in any way I can (with in reason).
Simply ensure that port 443 is forwarded to your IIS server that holds the OWA or ActiveSync directories. I leave how this is done up to you. As each network is setup differently with different hardware and software.
If your a IT Professional that worries about unwanted outside server access (I know I am one of them). I will explain the process of locking down IIS (if you don't use OWA).
3). Setting up IIS and Exchange
First off we need to make some of the necessary components are installed on server.
- Open up Control Panel ->Add or Remove Programs ->Add/Remove Windows Components
- Now if you want to lock down the IIS, make sure "Certificate Services" is checked.
- Next select "Application Sever" and then click "Details"
- Next select "Internet Information Services (IIS)" and then click "Details"
- Next select "World Wide Web Service" and then click "Details"
- Make sure that "WebDav Publishing" is check.
- Then hit the "OK"
- Then hit the "OK"
- Then hit the "OK"
- If you made any changes hit next and follow the prompts.
4). Settings Up Your Droid
Next we need to check and confirm some settings in the Exchange.
- Open the Exchange System Manager (ESM).
- Expand the Global Settings tree.
- Right click on Mobile Service, choose Properties
- Ensure that the ActiveSync options are all checked.
- Leave "Device Security" and OMA (Outlook Mobile Access) as is.
Now if you are wanting to beef up security to help prevent unauthorized access to the server here is what you can do.
- If you use OWA from outside your company network, there really isn't much more you can do. At this point you should have already planned out a decent secruity setup.
- If you don't use OWA from outside your network and plan to use ActiveSync on your Droid (the best way to get your information from exchange). What you can do is step through all base folders on IIS under "Default Site" (or what ever site has your OWA and ActiveSync installed) and set the security on them to block all none local network traffic. The only folder you need to leave available to the internet is the directory Microsoft-Server-ActiveSync.
- If you plan to use OWA for your syncing, then do the same number 2, but this time leave exchweb and exchange folders open to the internet.
- If you plan to use Client SSL's you need set the directories you left open to Require SSL's first and then Require Client SSL's.
Note: I have only set up the droid for the Motorola DroidThere it is. I'll be adding images as soon as I can and cleaning up this how to as things are asked or pointed out. I'm also going to go through and verify some of the IIS settings for none ActiveSync based syncing.
version 2.0 Firmware. So this setup my not work for others.
Now their are several program that you can use. The built in ActiveSync controls for the droid are fine, but they have limitations. Such as:
- You can't use a client ssl for extra secruity
- You can't move emails to different folders.
The program we have chosen to use here is TouchDown by Nitrodesk. The primary reason we chose to use it because of client ssl's and the ability to move emails to different folders. So I'm going to be starting off with the setup for that first.
- Download and Install TouchDown from the market.
- If your not using Client SSL's
- Launch Touchdown
- If it does not ask you to do quick configure on the left hand side of the screen click the gear icon and it will take you to setup and then ask if you want quick configuration.
- Do the quick configuration.
- Enter in your information (username, domain, email, password, server) and click next
- On use SSL, say Yes. and click next
- Then on the protocols page leave all 3 checked and click next
- Touch down will then go through and check the settings and the server to see if it can sync.
- You can then go back into the settings are and go to advanced and adjust settings and folders as you see fit.
- If you are using Client SSL's
- Open up IE (you have to use IE other broswers wont be able to export port out the client ssl properly) and go to http://<ip_address/hostname>/certsrv or where <ip_address/hostname> is the ip address or hostname of your IIS box.
- Login with the username your setting up the sync for.
- Click "Request a certificate"
- Click "User Certificate"
- Click "More Options >> "
- Click "use the Advanced Certificate Request form"
- Change "Certificate Template" to user.
- Make sure "Mark keys as exportable" is checked
- Then click Submit
- Then click "Install this certificate"
- Now in IE open Tools->Internet Options->Content Certificates
- Select the certificate that was just installed.
- Click "Export"
- Select "Yes, export private keys"
- Click "Next"
- Make sure "Personal Information Exchange - PKCS #12(.PFX)" is select. As well as all it's sub options.
- Type in a password that will be used when you import the certificate into the phone.
- Click "Next"
- Pick where you want to save the file and name it client.pfx
- Click "Next"
- Click "Finish"
- Go ahead and close I.E.
- Now connect the droid to the computer and mount the SD card so the computer access it.
- Place the client.pfx file in the base directory of the SD card.
- Unmount the SD card.
- Open Touchdown. If it asks for quick configure say no.
- Click the gear icon to the left.
- If it asks for quick configure say no
- On the account tab, enter in Login ID, email address, password, and Folder language.
- Hit "Save" and then go to the advanced tab.
- On the advanced tab go down to the bottom of it and client "Client Certs".
- The window that pops up, click "Set".
- It show ask you for a password, enter the password you gave the certificate when you exported it.
- Now go To the connections tab.
- If select the connections mode you want.
- Enter in your server's external domain name or ip address.
- Make sure Use SSL is checked.
- Check "Fetch and trust certificate" if you use a self signed SSL, or your SSL is expired.
- Then click the "ActiveSync..." if your using ActiveSync, then click refresh.
- This is the point where most problems come in. If you get any errors read the error and look at the response code.
- If you see 403, means you enter the wrong account info, or there is something wrong with the client ssl.
- If you see 404, then you entered the wrong server name in on the connection page.
- As you see they are just standard HTTP error codes.
- After you have gotten it to accept your connection settings, go back to advance.
- Check "Automatically check for new messages" if you want that
- Set your Polling interval
- If you use active sync insure Enable Push is checked.
- Message History, depending on the size of the email account you want to start small and work your way up. I have over a 1GB email box and had to increase it after every full sync tell I got to 180 days. Though i have noticed with this much data the program does run sluggish ever now and then.
- The options I'll leave up to you.
- Now, after you set the options the way to like, goto "Choose Folders..."
Depending the Connection Mode you choose, you may need to hit the "Refresh Folders" button before anything shows up in "Choose Folders...".
- Then select all the folders you want available on the phone. Note: To sync calendar, contacts, and tasks you have to select them in that list.
- After you have selected the folders, click "Save".
- Then I always like to hit the backup "Backup Settings" button and then go onto the SD card and pull the back up of it in case something happens.
- Then click close and your phone will start syncing.
Note: It best to let the phone sit while this first sync is taking place. I've seen it today where one of the people I just got setup started going crazy with app installs and playing with the phone and cause the sync was taking place his phone locked up and corrupted a lot of data and applications. So we had to resetup touchdown. Which is why I back up settings now.
For the built in Sync for the droid (this method does not support client ssl). You do the following:
- from your home screen open "Settings"
- Select "Accounts & sync settings"
- Click "Add an Account"
- Select "Corporate"
- Enter the email address you will sending from
- Enter your password
- Check if you want to send from this account by default
- Click next
- Enter the Domain Name and username to login with
- Enter the password for that login
- Adjust the Exchange Server if it is not correct.
- Make sure "Use secure connection (SSL) is checked
- Check "Accept all SSL certificates" if you use a self signed certificate.
- Then click "Next".
- The phone should now check and validate your connection settings.
- It should then start to sync.
Please leave comments. If you have questions shoot me a message and I will answer to the best of my ability. Now on to the VPN nightmare.