Carlos
21-02-2003, 09:28 AM
This is a common question from corporate users, and the answer can be difficult because of the various ways that your network and server(s) may be configured. In this brief article I will try to touch upon the basic principles and give you enough information to at least understand what your specific configuration is and what needs to be changed.
First off, let's clarify some terminology:
Sync: To synchronize data, typically meaning mail/calendar/tasks. Outlook and Exchange have a special proprietary connection which keeps data synchronized between client and server. There is no true Exchange client for the Pocket PC.
POP3 & IMAP4: These are industry standard mail protocols. IMAP is a sync protocol.
Firewall: A device that blocks specific TCP ports (think of them as specific internet services like mail, web, FTP) from being accessed on your internal servers from the internet. A firewall is configurable for specific needs and access.
VPN: Virtual Private Network; a software layer that is established between two points on the internet and provides for secure data transfer. This is typically between a laptop/home user and a firewall device at a company. This basically "punches a hole" in the firewall for the authenticated VPN client user.
Active Directory: This is an authentication protocol used in 2000 Server, Exchange 2000, and newer. It can also run in "mixed mode" if you have older servers (IE, NT).
MIS: Mobile Information Server; this is software from Microsoft which allows you to do a full remote sync with Exchange. It will sync mail/calendar/tasks, but it takes much more time and data. This is generally impractical unless you have a large data transfer budget or have very little data to sync. MIS can NOT be run on a mixed-mode Active Directory installation nor on the old NT authentication scheme. You need to use it with native mode Active Directory only.
Now the absolute easiest way to sync your PPC e-mail is via IMAP directly to the Exchange server. To do this, your firewall needs to have the IMAP ports open between the server and at least the subnet of your wireless carrier. The ports are 143, 220, and 993. You can find out your carrier's subnet range by calling them, or by running vxUtil on your device while you have a connection and getting your IP configuration. Your Exchange server needs to have IMAP enabled, which literally takes just a few clicks. Any Exchange admin can do this in a few minutes.
On the Pocket PC, open the Inbox, tap the Services menu, New Service... Enter your e-mail address in the box, and press Next. Skip the automatic testing. In the next dialog enter your user info such as your real name (as you want it to be in the "from" field), your login name (typically user@domain.com, same as your e-mail address), and password. Hit Next, and select IMAP4 service type, then enter a name for this account (any name you want, this is for you to remember which account this is), hit Next. Here you will enter your mail server names. Typically this is mail.domain.com, but ask your IT department. Tap the options buttons and select "Outgoing mail requires authentication" then hit Next. Set your preferences here, hit Next twice, and you're done.
The only drawback to this method is a very slight security risk which can be averted by keeping the latest service packs on your Exchange server. This is the methodology I use and recommend, and that all of my clients use. I do not know of any specific security risks with IMAP, and find that most objections to it are based merely on FUD (fear, uncertainty, doubt). Unfortunately, FUD plays a big role in many IT decisions. The other factor is the nerds; they want to do lock things down just because they can or think they should. IMAP is a proven, secure, industry-standard protocol that is well-implemented on Exchange server 5.5 and above.
You can also use POP to get your mail. The drawback is that POP is not a sync protocol like IMAP. People using POP tend to run into issues with not knowing whether an e-mail is on the server or has been removed to a client. This makes it undesirable for the non-technical business user. The ONLY caveat for IMAP is that you should sync again after you've done anything with your e-mail to make that change to the server. IE, if you delete an e-mail on the client, it will not be deleted on the server until you sync again.
Now if your IT department refuses to allow outside access directly to the Exchange server, you may need to establish a VPN to the firewall. To do this you will need client software, and this is more complicated than what I'd like to discuss here. The best starting point is to ask the manufacturer of your firewall for a recommendation on a Pocket PC VPN client. Once you connect the VPN, then you can use IMAP as outlined above to get your mail. With a VPN, it will work just as if you were in the office.
Speaking of which, you can test these things using the pass-through function of ActiveSync while the device is in the cradle at the office. This will help you determine the source of a problem, for example. If you can connect in the office but not wirelessly, then you have a proper e-mail configuration but you have a network/firewall issue.
Please feel free to shoot any specific questions my way. However, this is meant as information you can use to guide your Exchange and firewall admins and not a complete how-to for the novice. If you do not have admins on site, someone will need to configure this. You can contact any qualified Exchange and/or firewall admin to help you with this, and I'm also available for implementation, design, and consulting work. My background is in wide area communications, security, and internet services.
First off, let's clarify some terminology:
Sync: To synchronize data, typically meaning mail/calendar/tasks. Outlook and Exchange have a special proprietary connection which keeps data synchronized between client and server. There is no true Exchange client for the Pocket PC.
POP3 & IMAP4: These are industry standard mail protocols. IMAP is a sync protocol.
Firewall: A device that blocks specific TCP ports (think of them as specific internet services like mail, web, FTP) from being accessed on your internal servers from the internet. A firewall is configurable for specific needs and access.
VPN: Virtual Private Network; a software layer that is established between two points on the internet and provides for secure data transfer. This is typically between a laptop/home user and a firewall device at a company. This basically "punches a hole" in the firewall for the authenticated VPN client user.
Active Directory: This is an authentication protocol used in 2000 Server, Exchange 2000, and newer. It can also run in "mixed mode" if you have older servers (IE, NT).
MIS: Mobile Information Server; this is software from Microsoft which allows you to do a full remote sync with Exchange. It will sync mail/calendar/tasks, but it takes much more time and data. This is generally impractical unless you have a large data transfer budget or have very little data to sync. MIS can NOT be run on a mixed-mode Active Directory installation nor on the old NT authentication scheme. You need to use it with native mode Active Directory only.
Now the absolute easiest way to sync your PPC e-mail is via IMAP directly to the Exchange server. To do this, your firewall needs to have the IMAP ports open between the server and at least the subnet of your wireless carrier. The ports are 143, 220, and 993. You can find out your carrier's subnet range by calling them, or by running vxUtil on your device while you have a connection and getting your IP configuration. Your Exchange server needs to have IMAP enabled, which literally takes just a few clicks. Any Exchange admin can do this in a few minutes.
On the Pocket PC, open the Inbox, tap the Services menu, New Service... Enter your e-mail address in the box, and press Next. Skip the automatic testing. In the next dialog enter your user info such as your real name (as you want it to be in the "from" field), your login name (typically user@domain.com, same as your e-mail address), and password. Hit Next, and select IMAP4 service type, then enter a name for this account (any name you want, this is for you to remember which account this is), hit Next. Here you will enter your mail server names. Typically this is mail.domain.com, but ask your IT department. Tap the options buttons and select "Outgoing mail requires authentication" then hit Next. Set your preferences here, hit Next twice, and you're done.
The only drawback to this method is a very slight security risk which can be averted by keeping the latest service packs on your Exchange server. This is the methodology I use and recommend, and that all of my clients use. I do not know of any specific security risks with IMAP, and find that most objections to it are based merely on FUD (fear, uncertainty, doubt). Unfortunately, FUD plays a big role in many IT decisions. The other factor is the nerds; they want to do lock things down just because they can or think they should. IMAP is a proven, secure, industry-standard protocol that is well-implemented on Exchange server 5.5 and above.
You can also use POP to get your mail. The drawback is that POP is not a sync protocol like IMAP. People using POP tend to run into issues with not knowing whether an e-mail is on the server or has been removed to a client. This makes it undesirable for the non-technical business user. The ONLY caveat for IMAP is that you should sync again after you've done anything with your e-mail to make that change to the server. IE, if you delete an e-mail on the client, it will not be deleted on the server until you sync again.
Now if your IT department refuses to allow outside access directly to the Exchange server, you may need to establish a VPN to the firewall. To do this you will need client software, and this is more complicated than what I'd like to discuss here. The best starting point is to ask the manufacturer of your firewall for a recommendation on a Pocket PC VPN client. Once you connect the VPN, then you can use IMAP as outlined above to get your mail. With a VPN, it will work just as if you were in the office.
Speaking of which, you can test these things using the pass-through function of ActiveSync while the device is in the cradle at the office. This will help you determine the source of a problem, for example. If you can connect in the office but not wirelessly, then you have a proper e-mail configuration but you have a network/firewall issue.
Please feel free to shoot any specific questions my way. However, this is meant as information you can use to guide your Exchange and firewall admins and not a complete how-to for the novice. If you do not have admins on site, someone will need to configure this. You can contact any qualified Exchange and/or firewall admin to help you with this, and I'm also available for implementation, design, and consulting work. My background is in wide area communications, security, and internet services.