Monday 10 January 2011

Deepnet ActiveSync solution doesn't work on some Android devices.

You may have some problems to add Deepnet ActiveSync protection onto Android phone device. Here is the effective remedy.



1, go to the folder "C:\Program Files\Deepnet Security\IIS" on your Exchange server where Deepnet IIS agent is installed;

2, open the file "config.xml" with your favourite editor;

3, locate <serv desc="Microsoft Server ActiveSync" code="sas">, which is around line 64;



  <serv desc="Microsoft Server ActiveSync" code="sas">
   <requests>

4, insert the following after <requests>;



       <req match="Microsoft-Server-ActiveSync/Android" source="${_url}">
        <params> 
      <par name="UserName" value="User={.*?}&" source="${_url}"/>
      <par name="DeviceID" value="/{android.+}/*.*$" source="${_url}"/>
        </params>
        <variables>
         <var name="x-deviceID" value="$$encrypt(<uuid>${DeviceID}</uuid>)"/>
        </variables>
        <actions>
         <condition property="${_Authenticator}" value="devicePass" op="iquals">
          
          <condition property="${UserName}" value="" op="equals">
           <act type="assign" var="UserName" value="${_authuser}"/>
          </condition>
             
          
          <condition property="${UserName}" value="" op="notequals">
           
             <act type="xmlrpc">
        <methodCall>
           <methodName>das.login</methodName>
           <params>
              <param>
         <value><string>${_appId}</string></value>
              </param>
              <param>
         <value><string>${UserName}</string></value>
              </param>
              <param>
             <value><string><![CDATA[<?xml version="1.0"?>
             <credential>
           <method>${_Authenticator}</method>
           <token>
            <deviceID>${DeviceID}</deviceID>
           </token>
           <credentialData>
            <devicePrint>            
             ${x-deviceID}
            </devicePrint>
           </credentialData>
          </credential>]]></string></value>
              </param>
              <param>
         <value><string>${_clientip}</string></value>
              </param>
              <param>
         <value><string></string></value>
              </param>
              <param>
         <value><boolean>0</boolean></value>
              </param>
           </params>
        </methodCall>
             </act>
             </condition>
            </condition>
        </actions>   
           <errors page="/dasweb/sas/error.aspx?errcode=$$urlencode(${_return})&username=$$urlencode(${UserName})&appid=$$urlencode(${_appId})&method=$$urlencode(${_Authenticator})">
               <err code="E-METHOD-NOT-FOUND" page="/dasweb/sas/method_not_found.aspx?errcode=$$urlencode(${_return})&username=$$urlencode(${UserName})&appid=$$urlencode(${_appId})&method=$$urlencode(${_Authenticator})"/>
               <err code="E-TOKEN-INACTIVE" page="/dasweb/sas/token_inactive.aspx?errcode=$$urlencode(${_return})&username=$$urlencode(${UserName})&appid=$$urlencode(${_appId})&method=$$urlencode(${_Authenticator})&deviceid=$$urlencode(${DeviceID})"/>
               <err code="E-CONNECT-DAS" page="/dasweb/sas/connect_das_error.aspx?errcode=$$urlencode(${_return})&das=$$urlencode(${_das})"/>
           </errors>
        </req>

For your convenience, the working configuration file can be downloaded from here. Simply replace the original one, then restart IIS service.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)