Reset Search



KB16934 - What validation does Pulse Connect Secure (PCS) perform when the option "Allow ActiveSync Traffic Only” is enabled?

« Go Back


Last Modified Date7/17/2017 6:04 PM
This article provides information about validation performed by the Pulse Connect Secure (PCS) when "Allow ActiveSync Traffic Only" is enabled.
Problem or Goal
When "Allow ActiveSync Traffic Only" is enabled, the following validation is performed:
  • HTTP method is POST or OPTIONS
  • URI string must contain "/Microsoft-Server-ActiveSync*" in the request

An example of a typical ActiveSync request URI is:
POST /Microsoft-Server-ActiveSync?User=johndoe&

When the Web request is not consistent with ActiveSync protocol requirement, the following event is generated in the User Access Log:
WEB30439 2010-03-23 12:33:53 - node1 - [] Root::System()[Activesync] - 
Access blocked due to invalid ActiveSync request. Host: XX.XXX.XXX.XXX, 
Request: /XXXXXXX

It is important to note when using the autodiscover feature to discover user's mailbox when there are multiple Exchange servers, the autodiscover URI will be formed as follows:, Request: /autodiscover/autodiscover.xml

Since this URI does not contain the required parameters to be recognized as an ActiveSync URI and if the option to "Allow ActiveSync Traffic Only" is enabled, then these requests will be denied.  In order to use autodiscover with ActiveSync through the PCS device, it will be necessary to add the autodiscover URL's as Authorization Only sign-in policies and ensure "Allow ActiveSync Traffic Only" is disabled for these URL's. 

For additional details please refer to:

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255