I have been battling a problem for quite sometime. I think the end result is I somehow need to dig through the IISLogs for activesync information and pass it to the PA via their API. Unfortunately I have no clue how to get started on this.
Story is as follows:
Typical AD environment. Ipads and other non domain devices are coming inside our network. Since the PA can monitor the internal exchange server logs and determine User-IDs, I figured this was the perfect solution to be able to use the PA rules by User-ID, regardless of the device. If all else fails it falls back to the captive portal.
It ends up that the only time the authentication of an "activesync" client is logged to the windows event logs is during the setup process....why, I am not sure. But I can see the activesync activity in the IIS logs but NOT in the windows event logs.
End result is the Ipad IP-user mapping expires and falls back to the captive portal. While the captive portal does work, the timeout for the user is limited to 1440 minutes and is not terribly convenient for my many types of users (young students to teachers and everything between), especially since they are already authenticating for email!
Anyway, any thoughts would be appreciated,
I just posted a doc that uses this specific Active Sync event as an example. Would you take a look at it and let me know if it addresses your situation?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!