Reset Search
 

 

Article

KB16934 - What validation does Pulse Connect Secure (PCS) perform when the option "Allow ActiveSync Traffic Only” is enabled?

« Go Back

Information

 
Last Modified Date7/17/2017 6:04 PM
Synopsis
This article provides information about validation performed by the Pulse Connect Secure (PCS) when "Allow ActiveSync Traffic Only" is enabled.
Problem or Goal
Cause
Solution
When "Allow ActiveSync Traffic Only" is enabled, the following validation is performed:
  • HTTP method is POST or OPTIONS
  • URI string must contain "/Microsoft-Server-ActiveSync*" in the request

An example of a typical ActiveSync request URI is:
POST /Microsoft-Server-ActiveSync?User=johndoe&
DeviceId=789123456789012345&DeviceType=iPhone&Cmd=Sync

When the Web request is not consistent with ActiveSync protocol requirement, the following event is generated in the User Access Log:
WEB30439 2010-03-23 12:33:53 - node1 - [10.130.36.6] Root::System()[Activesync] - 
Access blocked due to invalid ActiveSync request. Host: XX.XXX.XXX.XXX, 
Request: /XXXXXXX

It is important to note when using the autodiscover feature to discover user's mailbox when there are multiple Exchange servers, the autodiscover URI will be formed as follows:

autodiscover.exchange.com, Request: /autodiscover/autodiscover.xml

Since this URI does not contain the required parameters to be recognized as an ActiveSync URI and if the option to "Allow ActiveSync Traffic Only" is enabled, then these requests will be denied.  In order to use autodiscover with ActiveSync through the PCS device, it will be necessary to add the autodiscover URL's as Authorization Only sign-in policies and ensure "Allow ActiveSync Traffic Only" is disabled for these URL's. 


For additional details please refer to: http://technet.microsoft.com/en-us/library/bb124307(EXCHG.65).aspx

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255