EX SSL-VPN: Active Sync fails to load on Android and iPhone's if EPC quarantine zone is configured
03/26/2020 4 12288
DESCRIPTION: EX SSL-VPN: Active Sync fails to load on Android and iPhone's if EPC quarantine zone is configured as fallback zone.
Activesync works fine until the user’s password changes/expires.
The password is changed on the backend and when the user tries to login with the new password the user is placed in the wrong zone.
The equipment id is not detected and the user will be placed in fallback zone.
This will be shown in the log.
Resolution or Workaround:
Step 1: Login to AMC console Step 2: Navigate to EPC Device profiles Setp 3: Edit the Active sync profile Step 4: InDevice identifier add 'validate' without the quotes and click Add to current variables Step 5: Apply pending changes and test it, the user will be placed in the right zone and active sync will be accessible.
How to Test:
1. Configure Active Sync, EPC and configure fall back as quarantine zone. 2. Access Active sync. 3. Change password in the backend and try to access Active sync using new password. 4. The user will be placed in the fallback zone and Active sync will not be provided.
The equipment ID is missing and the user is placed in no-Device-ID zone. [12/Dec/2011:17:07:59.863314 +0000] workplace 001698 ew 10000085 Info Audit VirtualHost='sync.internet-appliances.co.uk' StartTime='12/Dec/2011 17:07:59+0000' Src='3x.1xx.9x.1x' User='(username)@(Active-SYNC) (CN=FirstName LastName,CN=Users,DC=Clearview,DC=local)' Method='OPTIONS' HTTPVersion='0x3e9' Request='OPTIONShttps://IP/Microsoft-Server-ActiveSync?Cmd=OPTIONS&User=clearview%5Cadamt&DeviceId=validate&DeviceType=AndroidHTTP/1.1' Status='1' Bytes='538' PlatformPrefix='' EquipmentId='-'