Outlook Mobile Access from an Exchange Newbie
Published Mar 16 2004 07:09 PM 1,969 Views

Well we’ve seen a fair amount of reminiscing in the blogs to date.  It’s interesting even to me to hear from the Exchange veterans about the high-flying times back in the 4.0 and 5.5 days.  I’m a relative gremmie on the Exchange team although I did develop the administrative components for the Key Management Service on Exchange Server 2000 (Platinum).  After a couple of years diverging into the untethered world of Mobile Information Server, I came back to help build some mobility into Exchange Server 2003.  One of those pieces is Outlook Mobile Access.  This browse application is similar to Outlook Web Access but much lighter weight and meant to be viewed on today’s latest cell phones.  I thought that I’d walk you back through its development and share some of our experiences as we brought it to life.

As some of you may know, OMA’s roots come from Mobile Information Server.  It was a much different beast back then, deriving its functionality from the unmanaged internals of MIS and IIS.  After shipping a couple of versions, part of the dev team started looking at abstracting out the interface to the Exchange server and using the new-fangled C# managed environment. For one reason or a hundred, the MIS tent was folded but Exchange was still interested in OMA for its just-launched Titanium project.

One of the more painful issues of building an application for the cell phone market is the disparity in phone browsers that still exists today.  Think of web development for IE+Navigator and multiply by a hundred.  The dev team was swarmed by test engineers entering device-specific bugs.  The markup looked great on one device and was illegible on another.  Enter the .Net Mobile Controls.  Our friends on the Visual Studio team were willing to take some of the browser disparity burden off of our shoulders and, at the same time, deliver a great device-agnostic framework for the phone-developer community at-large.  We work closely with that team today in testing OMA with their latest device-update web releases for new/additional phones as they hit the market.

Another area where the OMA developers were pushing the envelope was the use of the .Net Framework and ASP.Net.  OMA is the only Exchange server component that runs under the managed environment. Originally we were worried about performance, but we found that OMA can handle quite a few client sessions without server degradation.

I’d love to hear any feedback from those of you who have deployed or used OMA.  Let us know what’s not working for you and how we can make it better.  In the meantime, we’re dreaming up our own ways to make it better.

Greg Bolles

27 Comments
Not applicable
OMA rocks. Not quite as cool as EAS if you have a smartphone though ;-).
Not applicable
Ya, OMA is cool. My problem is that on my phone (Sanyo 8100), I have a bookmark set to the Inbox part. Everytime I come back to that bookmark after not using it, I get a page that says I've been inactive for too long and I have to go back to the main page.

Not a HUGE problem, but something like 2 extra clicks and page reloads -- not as speedy to do on a cell phone.

Then again, I know my device isn't supported yet, so who am I to really complain?
Not applicable
I'd really like to see OMA work over SSL. While there are many people that still deploy OWA using Basic authentication and no SSL, it's still a security risk. Plus, if you do want to implement SSL for OWA and do not have a FE/BE setup, there are several things you have to do in order to get OMA working. I've got OMA deployed (in test lab) and have accessed it using PocketPC 2003 and it looks terrific and is pretty fast. Perhaps SSL won't work because of cell phones, but I think something should be done to address security concerns.
Not applicable
Ben,
Unless I'm doing something stupid and being taken in by a false padlock on my browser, I'm pretty sure OMA does work over SSL - its deployed here and works fine for me surfing in on a smartphone 2003 system.

The only downside - and I am 99.9% certain this is us being dumb and not looking into the problem properly yet anyway - is that it constantly "forgets" what the default domain is to authenticate users against.

I don't even remember doing anything "fancy" with IIS to make it work either. We are using a fe/be configuration though.

Regards
Rob Moir
Not applicable
I have deployed OMA in our enterprise environment, and my disenchantment with the product is that it is locked down to using only the default namespace. With 20000 users, we have six SMTP namespaces, which means for someone to use OMA, I have explicitly give them a primary namespace address, even though they don't work for the primary namespace's company. It is similar to the ActiveSync limitation because of its ties to the /exchange vdir. I wish I could deploy AS and OMA to custom vdirs/namespaces, just like I can do with OWA.
Not applicable
It is possible to change OMA aspect/look&fill ?
It function great on my smartphne(Treo 600) but is it possible to make more nice interface?

Thanks
Not applicable
A few answers to questions above.

OMA+SSL
As Rob says above, there should be no problem getting OMA to work with SSL. All devices listed as supported by OMA, have also been tested using SSL again IIS.

OMA vdirs
It is possible to rename or create new vdirs for OMA and EAS just as it is for OWA. It's easiest to do this through ESM. You can also make OMA and EAS use some other vdir than /exchange to access backend data by using the
"HKLMSYSTEMCurrentControlSetServicesMasSyncParameters
ExchangeVDir" registry key on the FE machine. Set it to ‘/mailboxDataAccess’, or whatever the name of the BE vdir that is exposing DAV+OWA is.

Modifying OMA UI
It is true that E2003 OMA UI on PPC/Smartphone isn't as good looking as it could be. OMA was written with the goal of having it work on as many mobile devices as possible, and making it look great on richer devices wasn't a high priority (especially not for PPC/Smartphone, where great Exchange access through Pocket Outlook and EAS is available). Unfortunately there is no good way of modifying the OMA UI.
Not applicable
Iffy:

If you change your bookmarked URL to not include the session ID (the weird string of characters) then you shouldn't get the session timed out message everytime you use the bookmark. Hope this helps.
Not applicable
You can open up usage to other than the default namespace by creating new vdirs as Kristian states above. You may need to provide the users with a default namespace address but you can supply an additional SMTP address that will actually be used by the user when supplying credentials. See the nice article on hosting at http://www.msexchange.org/tutorials/Shared_Hosting_Exchange_2003_Part1.html as a way to get this done.
Not applicable
Help! My new Nokia 6820 Phone is limiting my USERNAME field in OMA to 16 characters. This isn't long enough for me to enter my full domainusername. So I can't access OMA!!



Is there a way to embed the username in the URL ie.


https://servername/oma/username



Why would Nokia limit this field to 16 characters anyway?

Not applicable
I can't seem to get OMA to work. I always get this message:

A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.

I've tried the solution that Microsoft suggested at http://support.microsoft.com/default.aspx?kbid=817379&product=exch2003
but I still get the same message. I know that my Exchange Virtual Directory isn't using SSL or Uses Form-Based Authentication.

I'm running Exchange Server 2003 and Windows Server 2003 on the same box and trying to connect with a Nokia 3650. Any ideas?
Not applicable
The list of devices that have been tested (and are supported by Microsoft) with OMA can be found at http://www.microsoft.com/exchange/techinfo/outlook/owa_mobile.asp. To get support for all these devices, you need to install the latest available 'Device Update' (see link) on your Exchange Front-End server. Microsoft continuously releases new Device Updates adding support for more devices.

The Nokia 6820 mentioned above is not on the supported list. This can mean it was never selected to be tested, or that Microsoft couldn't make it work well with OMA. It indeed sounds strange that the username input field for Basic Authentication would be limited to 16 characters.

The Nokia 3650 mentioned above is on the supported list, but only if you have installed the most recent DU (Device Update). You could try looking in the Event Log of your Exchange server to see if there are any OMA events giving more information than the end user error message.
Not applicable
I have set up OMA at home and when I try to access it on my Sony Ericsson T616 I get the following message:

500: Web Service problem: Please contact teh service provider.

I can access it fine using Internet Explorer, I think the error is being generated because I don't have an SSL certificate from one of the providers specified in my T616.

Has anyone else run into a similar problem?

Thanks
Simon
Not applicable
Hi Simon,


A number of different things may be happening, and it is hard to pinpoint anything with just this one bit of diagnostics information. Here are a couple of pointers to check out:


- SSL negotiation failure may indeed be a problem, but it is likely not due to your phone cert list. Unless your carrier has deployed a WAP2 end-to-end SSL capable gateway, your phone is probably communicating to gateway machine on carrier network using WTLS,

and that gateway computer initiates an SSL session with Exchange server on phone's behalf. If the gateway does not trust the SSL certificate installed on your Exchange server, the SSL handshake will fail and you may see an error 500. This is likely to occur

if the Exchange server has a self-issued certificate - most carrier gateways will trust SSL certs issued by large companies in that business, such as Thawte, Verisign, Baltimore, etc. Since the IE client uses a direct IP connection to Exchange and does not

have a carrier network/gateway to deal with, this might explain it working properly. If this is indeed the problem, purchasing an SSL certificate from a well-known issuer is probably the easiest workaround.


- Another thing to check is whether your Exchange server has URLScan enabled. We publish a guide (http://support.microsoft.com/default.aspx?scid=kb;en-us;823175) to configuring

URLScan to work with all Exchange web applications including OMA. If you do have URLScan enabled and configured as per above, you may need to also add the HEAD verb to [AllowVerbs] section for OMA. This is due to a device issue on certain firmware revisions

of SonyEricsson phones. We are in process of updating the KB to reflect this change.



Good luck!

Alex

Not applicable
Alex,

Thanks for getting back to me. I'm running Windows Server 2003/Exchange Server 2003 I didn't install URLScan because I read it wasn't needed due to the enhanced security features of IIS 6.

AT&T Wireless is my service provider, on my Sony Ericsson T616 under "Connect > WAP Options > Security > Trusted Certificates" I have the following 4 certificates listed:

Verisign
GlobalSign
CyberTrust; Baltimore
Entrust.net WAP

I have a test certificate from Verisign however the Issuer is different than that of a regular Verisign certificate. I don't really have a spare $300+ to spend on an SSL certificate from one of these trusted authorities and thus far I have been unable to find out how to add Trusted or Client certificates to the phone. Naturally I would rather not access OMA without SSL

Simon

Not applicable
Hi Simon,

As I explained in my previous post, the list of certs installed on your client device is likely irrelevant, as the WAP gateway is probably doing all negotiation and encryption. If the problem is indeed due to SSL handshake failing, you have two options:
- Purchase a server SSL certificate from a well-known, trusted authority
- Negotiate with AT&T Wireless to install your custom certificate signature on their WAP gateway.

What you are hitting on, is an issue of WAP 1.x protocol falling short on providing adequate SSL facilities. Since pre-WAP2.0 phones can not speak SSL directly, translation facility was offered on gateway machines on mobile operators' network edge. It makes sense for an operator to configure their gateways to only trust well-known certificate issuers, in order to protect their customers from spoofing attacks. Unfortunately this means that sites which use custom certificates, or certificates with inconsistent information (like your Verisign test one) may not be accessible from any devices on said carriers' network. This is fixed with direct SSL capabilities of WAP 2.0; however both your device and the carrier gateway must support this feature for it to work.

Please keep in mind that SSL negotiation failure is a likely suspect for your experiencing the HTTP 500 error, but it may not be the actual problem after all. There is not enough information here to really troubleshoot. I'd suggest giving our PSS folks a call if you want to explore other avenues of resolving this issue.

Good luck!
Alex
Not applicable
Alex -
I have looked hi and low for the Exchange Activesync component of 2003...alas I've found everything else Mobile but that...did MS forget to put in on the CD?
Ron
Not applicable
Hi guys,

I've been looking to get OMA working on my Exchange 2003 Server for quite some time now. I have installed Device update 4 and have gotten to the stage that I can log on, get a list of folders, but when I click on Inbox, I get a message saying that I have been inactive for 20 minutes or am trying to back up 8 pages of data???? This happens using my SonyEriccsson T610 and IE6.

Does anyone know what this might mean?

Many Thanks,

Ross.
Not applicable
Ron, Exchange ActiveSync is installed and enable by default with Exchange 2003.
Not applicable
I am having the same multiple namespace + OMA access problem that Scott has. Kristian pointed out adding the registry entry (similar to Q817379). But that registry only points to a different VD which points to a specific (one) SMTP namespace. Is there another way around this.

Thanks
Not applicable
Jason: You're going to have to give us more information about your scenario for us to be able to help out. If you need someone to talk to about the problem, I suggest calling PSS.

Ross: Are you accessing OMA through a URL that looks liks "https://<your server>/oma", or is there something after the '/oma'? If there is something behind the '/oma', the application is going to think that you're trying to access a particular item (eg. an email or meeting request) that you bookmarked from your last session using OMA. Since OMA no longer has information (session state) about what item was matched to the URL you're using, it is letting you know that the session state has been cleared since you last accessed that URL.
Not applicable
Sorry for not describing the situation more clearly. Here is what I am trying to do. One Exchange 2003 server hosting xxx.com and yyy.com. SSL is required. I had to make the changes suggested by Q817379 in order to get OMA working even though I don't have a FE/BE setup. Created a new VD called xxxDAV and have the ExchangeVDir key pointing to xxxDAV.

OMA VD is pointing to xxx.com by default. Users with xxx.com address can access OMA. Users with yyy.com address cannot access OMA.

Thanks again
Not applicable
Hi Ross,


Do you have a virus scanner enabled on your system? If so, you may need to ensure that it is not scanning through the OMA binaries directory. The issue may be that every time a virus scanner accesses a file in OMA directory, it modifies its time accessed stamp

- if this happens to web.config, ASP.NET will restart and your session will become invalidated. This is mentioned and explained in a bit more detail in Exchange Server 2003 release notes which can be found on your install CD or at

http://www.microsoft.com/downloads/details.aspx?FamilyID=be0ad0c7-0291-4176-8279-449033f1957e&displaylang=en

Not applicable
I have tried to setup OMA a million times now. And it seems like a lottery to make it work.

I have followed the deployment guide to the letter at least 100 times now.

I always use a clean install, new domain new org etc.

I got it working on the 5 or 6th atempt.

But the problem I get/got all the other times was this:

I'd goto my http://server1/oma directory and use my login details to login. I would get rejected 3 times and then given an unauthorised access page. I tried giving accounts every permission under the sun. But to no avail.

But I redone it again and again (the exact same way I did when it worked) many many times and it only works sometimes.

Out of a realistic 50 clean installs I had OMA working about 6 times. These are not good odds, no matter how you look at it.

This was on a MS Server 2003/Exchange 2003 box, reformated and setup clean each time.

Is there a definitive, it works first time if you do this..... article/guide?

Any help would probably stop others from freaking out for weeks.

Cheers

G
Not applicable
Hi Everyone

Is there any howto out there on howto :) setup OMA and SSL in an environment using single server (=not using FE/BE servers).

/Johan@husera.se
Not applicable
Hi there!

Speaking of WAP from a phone, Does anyone know how to install Certificates onto a SonyEricsson T616 phone?

I've somehow lost all the Trusted Certs in there,
but now, I have them as .crt files on my PC.

How do I get them installed on my phone as Trusted Cert again?

Thx MUCH!!
-Kor
Not applicable
I love OMA but I don't use it at all because of one problem that I can't seem to get past (at least with my phone - a supported Nokia 6200) - I -always- have to log in. Is there any way to somehow store the credentials so I dn't have to numpad it in -every- time? It doesn't appear that I can do it in the URL (I've tried many times and just can't seem to get it to work).

Am I doing something really, really wrong here? Appreciation in advance for any and all suggestions!

Cheers, Jeff
Version history
Last update:
‎Jul 01 2019 02:54 PM
Updated by: