Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-30-2012 02:06 PM
I have been battling a problem for quite sometime. I think the end result is I somehow need to dig through the IISLogs for activesync information and pass it to the PA via their API. Unfortunately I have no clue how to get started on this.
Story is as follows:
Typical AD environment. Ipads and other non domain devices are coming inside our network. Since the PA can monitor the internal exchange server logs and determine User-IDs, I figured this was the perfect solution to be able to use the PA rules by User-ID, regardless of the device. If all else fails it falls back to the captive portal.
It ends up that the only time the authentication of an "activesync" client is logged to the windows event logs is during the setup process....why, I am not sure. But I can see the activesync activity in the IIS logs but NOT in the windows event logs.
End result is the Ipad IP-user mapping expires and falls back to the captive portal. While the captive portal does work, the timeout for the user is limited to 1440 minutes and is not terribly convenient for my many types of users (young students to teachers and everything between), especially since they are already authenticating for email!
Anyway, any thoughts would be appreciated,
Bob
01-15-2013 11:42 AM
Hi Bob,
I just posted a doc that uses this specific Active Sync event as an example. Would you take a look at it and let me know if it addresses your situation?
Using Windows Events as sources for the User-ID XML-API
Nick
01-15-2013 02:15 PM
Thank you for your help. However, I am not seeing any events on my DCs, or exchange server, that contain an the IP address of one of the ipads.
Please note that I am currently on Exchange 2007, not sure if that matters.
Thanks,
Bob
01-15-2013 02:29 PM
Hi Bob,
Can you check to see if you are getting event 4624 on your Exchange server?
Nick
01-15-2013 02:45 PM
I am not seeing any events 4624 on Exchange. I have enabled auditing via GPO for a number of items on the server and still nothing. I am seeing some 4624s on the DCs, but no reference to the Ipad IP addresses.
Thanks
bob
01-15-2013 02:55 PM
Hi Bob,
I can see these messages on my Exchange 2007 server in my lab. Do you have all the exchange roles installed on the same server or did you separate out the CAS role? If we need to dig into the log files it becomes more complex....
Nick
01-15-2013 03:24 PM
All are on a single Exchange server. I did inherit this server and it is a sketchy build (at best). I will look for some more places that the previous admin may have disabled some logging. I do know they did all kinds of strange things on this network.
Thanks again and any further suggestions would be appreciated.
Bob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
