OVERVIEW

This article explains how you can configure MailEnable (Version 10 and later) to enable resource sharing via Microsoft Exchange ActiveSync. It explains potential workarounds that allow access to shared resources.

ACTIVESYNC RESOURCE SHARING PROTOCOL CAPABILITIES

Unfortunately, Microsoft's Exchange ActiveSync protocol has no support for sharing/collaboration capabilities. Specifically, the ActiveSync Protocol (and therefore clients implementing it) has no defined mechanism for implementing resource sharing/access. ie: You cannot share a resource within an ActiveSync client and you cannot attach to another user's shared resource.

For example, a common usage is for an assistant to access and send e-mail on behalf of their boss without having configured an account with their boss's username and password. This is not currently achievable via the Exchange ActiveSync Protocol.

Fortunately, there is some good news.

MailEnable has two workarounds that attempt to extend the functionality of ActiveSync. These are outlined below.

IMPERSONATION SOLUTION

MailEnable provides a workaround by allowing a proxy authentication scheme when accessing EAS mailboxes.
It does this using a special syntax when specifying the username, whereby the impersonator is prefixed to the login.

Example: [Impersonator]|[ResourceMailbox]@[Postoffice/Domain]

Note: In order for this to be permitted, the ResourceMailbox must be shared with full access to the impersonator.

Example: The following example shows the format of the username when authenticating as mailbox "self" to access "anotheruser"'s mailbox for the "example.com" postoffice: self|anotheruser@example.com

The setting is experimental and unsupported and can be enabled at this location:

Root: HKEY_LOCAL_MACHINE[\SOFTWARE[\Wow6432Node]\Mail Enable\Mail Enable\Services\HTTPMAIL
Value Name: Allow Mailbox Impersonation
Value: DWORD: defaults to off, zero
Description: Allows Authenticating with a pipe character to denote the endpoint mailbox (in a similar form to ftp auth with IIS)
Status: Experimental, but stable. Requires activation via registry and restart of IIS/HTTPMail Service

SHARED CALENDAR REPORTING SOLUTION

A second workaround is to allow shared calendars to be reported to ActiveSync devices.
If the device has full access to the calendar resource, the user can manipulate the folder/collection as though it were their own resource.

If the calendar resource is read-only, any modifications to the items would either be ignored by the server and result in undefined behaviour within the client.

Specifically, the client is not aware that the calendar is read-only (because ActiveSync lacks this capability), and the client will appear to be able to create appointments (that will later fail).

Once this feature is enabled, the user should connect to another user's share using webmail. The user will then see the other user's calendar appear in their ActiveSync client.

The setting can be enabled at this location (by editing the registry):

Root: HKEY_LOCAL_MACHINE\SOFTWARE[\Wow6432Node]\Mail Enable\Mail Enable
Value Name: ActiveSync Report Shares
Value: DWORD: defaults to off, zero
Description: Allows share calendar resources to be listed as additional collections in EAS. At this point it only will list calendars.
Status: Experimental/Unsupported

MORE INFORMATION

More information on Microsoft's Exchange ActiveSync is available here: https://msdn.microsoft.com/en-us/library/ee177929(v=exchg.80).aspx

Please see also: https://blogs.msdn.microsoft.com/webdav_101/2015/06/01/about-exchange-server-activesync-eas/