Smartphone Occasionally Prompted for Credentials
Another hit for Jason Jones and Jim Harrison!
“Think this is sorted now.
I needed to disable the “apply session timeout to non-browser clients” in the advanced form options for the web listener that was shared for OWA and ActiveSync. If you follow the built-in wizards, this option is disabled by default for any listener that is selected for ActiveSync use - that’ll teach me! 
Thanks to Jim Harrison for the pointers!
“You don’t want the FBA timeout applied to EAS clients.
The folks in Exch, WM6 and ISA all agreed that a wide-open 30-minute timeout was good for battery life. If you close that sooner, the client has to re-authenticate.” “
So there you go — those wizards do bear magic!
For the complete thread, go here:
http://forums.isaserver.org/m_2002045198/mpage_1/k...053976
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Jason Nash Says:
April 3rd, 2009 at 9:13 am
Same problem here, we imported our rules from ISA 2004 to 2006 and this box was left enabled. We were getting the same problem as reported. Thanks!
ActiveSync Random Password Prompts Fixed | fishbrains - Blog of Bret Fisher Says:
September 30th, 2009 at 11:59 pm
[…] Tom and the forums at isaserver.org confirmed my suspicion. The forms auth timeout was indeed affecting ActiveSync. To find it, look for the web listener of your ActiveSync rule, go to properties, Forms tab, Advanced, and make sure “apply session timeout to non-browser clients” is unchecked. […]