You May Be Able to Send Messages to Any User Device by Means of the Simple Object Access Protocol Interface (297975)
The information in this article applies to:
- Microsoft Mobile Information 2001 Server
This article was previously published under Q297975 SYMPTOMS
When you submit a message by means of the Simple Object Access Protocol (SOAP) interface to Mobile Information Server, you may be able to send a message to anyone who has a device that is configured in the Active Directory, regardless of whatever user identification (ID) you have used to send the message.
CAUSE
This problem can occur because you cannot disable Anonymous access to the MMISNotify virtual root in the Internet Services Manager. If you did disable this Anonymous access, the push notification may be unsuccessful and generate a 401 error as the message processor uses the Anonymous access to post Hypertext Transfer Protocol (HTTP) messages to itself in this directory.
WORKAROUND
To work around this problem, place a restriction on the users that have access to the MMISNotify virtual root on the Mobile Information Server by limiting the Internet Protocol (IP) addresses that can access that particular virtual root.
To restrict access by IP address:
- In Mobile Information Server, click Start, point to Programs, click Administrative Tools, and then click Internet Services Manager.
- Expand the server, and then expand Default Web Site.
- Right-click the MMISNotify virtual root, and then click Properties.
- Click the Directory Security tab, and then click Edit under IP address and domain name restrictions. You can restrict the computers that are able to send push notifications by IP address.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
| Modification Type: | Minor | Last Reviewed: | 4/25/2005 |
|---|
| Keywords: | kbbug KB297975 |
|---|
|