Since installing Microsoft Forefront Threat Management Gateway in Front of my Exchange 2010 server, my Windows Mobile Phone has been regularly prompting me to enter my password (I have an HTC HD2). If I hit Cancel instead of entering the password, the phone will continue to sync (of course I could have entered my password, but I felt that it wasn’t necessary).
So – presumably there is a problem with a rule somewhere or a rule missing that is causing this problem.
After my business partner (Mark) had done some digging, he discovered a potential fix for this and emailed me a link. On checking the link, I did some research and there appeared to be a setting in my OWA / Activesync Publishing Rule that when de-selected (it is set by default), seems to happily solve the problem. To change the setting, please do the following:
Open up Forefront TMG Management, Click on “Firewall Policy” in the tree in the left-hand pane and then find your OWA / Activesync rule.
Double-click on your OWA / Activesync Publishing Rule, then click on the Listener Tab, then the Properties Button for the Listener, then click on the Forms Tab, then the Advanced button on the Forms Tab and you will see a Check box call “Apply Session Timeout to Non-Browser Clients”.
Untick this check box, click on OK 3 times, Apply the rule changes and then the Password Prompt on your Windows Mobile phone should have stopped and syncing will resume normally.
As Activesync needs to keep a connection open with the Exchange server, with this setting selected, the connection is dropped and thus the phone thinks it needs to re-authenticate with the server. With the setting not selected, then phone is allowed to keep a connection open with the Exchange server and thus the password prompt doesn’t pop up.
Filed under: Activesync, Exchange 2010, Exchange Server, Forefront Threat Management Gateway, Mobile phones, Windows Mobile | Tagged: Activesync, Forefront Threat Management Gateway, Password Prompt, Windows Mobile | 3 Comments »