Thursday, January 26, 2006

AKU2 / MSFP and SP2 DirectPush configuration

The requirements are an Exchange Server 2003 with SP2 and a Mobile Device with Windows Mobile 2005 that includes the Messaging Security Feature Pack (MSFP aka Adaption Kit Update 2 (AKU2)) and for sync via USB with your machine you need ActiveSync 4.1 (Although this is not absolutely required). Furthermore for administration of the remote wipe features you will need the ActiveSync Web Administration tool.

The MSFP is actually a new version of the Windows Mobile OS so you need to wipe the device completely - with WM5 it is a pretty straight forward process; I started the phone in bootloader mode, connected it to USB and started the upgrade process. There's a very good TechNet Webcast called "Managing Windows Mobile-based Devices with the Messaging and Security Feature Pack" that includes very detailed info on security in Windows Mobile 5, the new features in MSFP and how upgrades can be done.

On the server side you need to change the IIS and Firewall timeout values. This is due to the fact that "DirectPush" works by keeping an http connection open to the server (Through a concept called heartbeats, where the mobile device periodically pings the server). If the firewall timeouts before the periodic ping, the device will need to ping/reconnect more frequently and errors might turn up in your eventlog. KB Article 905013 on "Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology" explains more on this subject.

If you are using ISA server as a firewall you can change the timeout on the Web listener for your Front End mail server (Find it under properties for the web listener, Preferences, Advanced) and also you need to change the IIS timeouts on your Exchange Servers to a corresponding value (I'm currently using 30 minutes or 1800 seconds, which seems to work fine in a small environment).
It will be interesting to measure the scalability effects of these connections in Exchange 2003, where many users now not only will have an Outlook 2003 connection but also (almost always?) an active connection to their mobile devices - according to Microsoft its part of the reasoning that Exchange 12 will be 64 bit only (Longer story - I'm part of the beta program so I'm preparing to test it on my newly acquired AMD x64 Acer Ferrari 4000 notebook).

In overall the MSFP/DirectPush experience is great (Mail at times arrive on my mobile device before RPC/HTTPS syncs ;-), configuring the security policies and applying them to the devices also works fine, I can’t understand how I ever lived without GAL Lookup and I only have a few negative comments. The most annoying part is that the phone insists on informing me that a new mail has arrived, also when I’m at my desk. If I change my profile to “No sound” on mail arrival it will also turn of sound from SMS messages.
Another annoyance is the fact that the keyboard lock and device lock features doesn’t work together. So when the device is locked by the security policies and the phone is in my pocket – It doesn’t lock the keyboard and after x failed attempts it will wipe the device (Guess the rest of the story yourself ;-)


Anonymous said...

This is a great post and I am looking forward to referring to it at the earliest opportunity -- in other words, when I get AKU2. Which leads me to my question, which is: is AKU2 out now? I have not see it on my OEM's site (i-mate) and there doesn't seem to be an announcement on MS's Windows Mobile site. What is the development that triggered this post? Kind regards, Michel

Wendell Ying said...

Very nice post - very clear. Just out of interest, I assume yuo used Qtek 8310 device or similar to test this. I was not aware of a AKU2 ROM update for 8310. Is this available via a "hidden" channel?

Anonymous said...

Yet another "nice" article with no specifics - i.e. what device are you using, how did you get the AKU2 update etc. Next to noone has push email / exchange up and running yet and there's a severe lack of any real information available on the net.

Dennis Lundtoft Thomsen said...

Thanks for you comment. The article was written at a time when there was no information at all to find and the main goal was to describe the server configuration. Therefore the lack of details (And because it isn't the purpose of this blog to write whitepapers), since this post there has been published a 69 pages microsoft whitepaper on the subject (Check and I still think the webcast mentioned in the post is worth a view.

Soop said...

I agree with the other comments - you have a very clear writing style, and you know your stuff. I'd like to ask though; is there no non-Microsoft equivilant yet? I just know I can't afford an exchange server...