Activesync with client cert auth using APM

Hello

 

The users email or username is stored in the CN or SAN.

 

The APM keeps a session for each cert and connection and verifies the hash and denies the connection if no valid cert is presented.

 

If valid then the connection is passed off to exchange where other authentication within the connection is performed.

 

This all works great for normal mailbox users with only their own account. This does not work for users of shared mailboxes. Mail is delivered to incorrect mailboxes. The clients are mobile devices. Works perfectly bypassing the APM.

 

This is a difficult problem and complex environment with obvious further investigative work on my side to complete which will eventually long hand resolve the issue - but I was wondering if anyone has struck a similiar sounding problem before with shared mailboxes and client authenticated certs? I am not an exchange guru but I am second guessing exchange as well. I have configured most of it from white papers and solution guides etc.

 

Perhaps this more rightly belongs somewhere else - if so I apologise in advance.

 

Adam.