In order for the Secure Email Gateway (SEG) to impersonate a user when authenticating on an Exchange ActiveSync (EAS) server, the SEG server must be given the appropriate permissions in the Active Directory (AD) server. You must also enable SEG to delegate HTTP EAS traffic to the EAS server.

Configure AD to Give Permissions to SEG to Impersonate a User

  1. Select Active Directory Users and Computers on the AD server.
  2. In the left-hand pane, select the folder where the SEG server is located (e.g., Computers). The available SEG servers display in the right-hand pane as shown below.

    Certs_SEG_AD_EAS_03

  3. Right-click on the SEG server name and then select Properties.

    Certs_SEG_AD_EAS_04

  4. The Properties window for the SEG server displays. Click on the Delegation tab.

  5. Select the Trust this computer for delegation to specified services only.

  6. Select Use any authentication protocol.

  7. Click Add.

Enable SEG to delegate HTTP EAS traffic to the EAS server

  1. Click Users or Computers on the Add Services window. The Select Users or Computers window displays.

  2. Enter the name of the Exchange ActiveSync Server or ASA account (if applicable) and select OK. The Add Services window displays.

  3. Select the http service registered in step 1 under Available services and select OK. A list displaying http and your EAS server on the Delegation tab appears.

  4. Click OK.

Next, you must Enable EAS Server to Accept Kerberos Tickets.