Forefront Threat Management Gateway and Activesync – Password Prompt Issues on Windows Phones

Since installing Microsoft Forefront Threat Management Gateway in Front of my Exchange 2010 server, my Windows Mobile Phone has been regularly prompting me to enter my password (I have an HTC HD2). If I hit Cancel instead of entering the password, the phone will continue to sync (of course I could have entered my password, but I felt that it wasn’t necessary).

So – presumably there is a problem with a rule somewhere or a rule missing that is causing this problem.

After my business partner (Mark) had done some digging, he discovered a potential fix for this and emailed me a link. On checking the link, I did some research and there appeared to be a setting in my OWA / Activesync Publishing Rule that when de-selected (it is set by default), seems to happily solve the problem. To change the setting, please do the following:

Open up Forefront TMG Management, Click on “Firewall Policy” in the tree in the left-hand pane and then find your OWA / Activesync rule.

Double-click on your OWA / Activesync Publishing Rule, then click on the Listener Tab, then the Properties Button for the Listener, then click on the Forms Tab, then the Advanced button on the Forms Tab and you will see a Check box call “Apply Session Timeout to Non-Browser Clients”.

Untick this check box, click on OK 3 times, Apply the rule changes and then the Password Prompt on your Windows Mobile phone should have stopped and syncing will resume normally.

As Activesync needs to keep a connection open with the Exchange server, with this setting selected, the connection is dropped and thus the phone thinks it needs to re-authenticate with the server. With the setting not selected, then phone is allowed to keep a connection open with the Exchange server and thus the password prompt doesn’t pop up.

Advertisements

3 Responses

  1. Not sure if this is related or not. We are looking for a way that once we setup Exchange on our users IPHONE they no longer have to worry aout the password. Now, when their password changes they have to change it on their IPHONE and this causes a lot of lock outs and what not.

    With our old Black Berry’s the user never had to put a password in.

    We have an Exchange 2010 server wtih Forefront.

    Do you know a way to accomplish this?

    • Hi Preston,

      It isn’t related, but the problem is one that so far I have not discovered a workaround to. As the password is saved in the iPhone, when the password is changed on the domain, it needs to be manually changed on the device otherwise it will cause the account to be locked out.

      Sorry.

      Alan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: