This post was modified on 04/26/19 to include clarification on the credential expiration issue with the local SEGadmin account.

While support for Secure Email Gateway (SEG) Classic is going away by early May 2019, it’s still worth documenting for those who may not be ready to set up or migrate to SEG V2 just yet.

Steps should be relatively the same whether it be Exchange 2010, 2013 or 2016. The same goes for either console version 9.x or 18.xx and above. My screenshots were based on console version 9.4 and SEG version 9.5.

My sequence with this setup is a little different from what AirWatch recommends per their online documentation. I also confirmed with VMware support on this.

1. Pre-requisites for Implementation of SEG (Classic Platform)
2. Enable Basic Authentication – Moved up from step 3
3. Configure the Classic Platform  – Moved down from step 2
4. Install the SEG (Classic Platform)
5. Configure the Classic Platform with the SEG Setup Wizard

Pre-requisites for Implementation of SEG (Classic Platform)

Follow the relevant sections (i.e. hardware, software, network, certificate, etc.) within the link. For instance, below we enabled SOAP API.

You may also enable REST API ahead of SEG V2 migration.

I suggest creating both the “SOAP API General” role and the SEG Admin Account required during SEG configuration now before proceeding further.

In here, you must grant Edit permission (confirmed with VMware support.)

Create an SEG Admin Account. It does not need access to the console other than making an API call. Like any basic account, the credential expires after 30 days starting with console version 9.4 which applies to the SEG Admin account as well. Per the link below, however, this would be OK until you are ready to upgrade your SEG at which point a new credential might need to be set.

API calls blocked if Basic Admin account authentication is past the password expiration period

“In environments in which basic authentication was used during the initial installation of the SEG (V2 or Classic) updated credentials will only need to be used when upgrading or reinstalling the SEG. After the setup procedure, SEG uses Certificate/CMS for authentication and, therefore, basic credentials are only required to establish initial communication.”

You may also work with VMware support to extend the expiration date for ALL basic accounts from the default 30 days to 9999 days.

Enable Basic Authentication

This step is optional on the SEG server. Otherwise, anonymous authentication will be used.

Configure the Classic Platform

For Secure Email Gateway URL, enter https://external-SEG-URL and it will append /segconsole/management.ashx as well.

Install the SEG (Classic Platform)

Download the SEG installer via the link shown below.

Version 9.5 is the highest version of SEG classic as it’s being replaced with SEG V2.

Configure the Classic Platform with the SEG Setup Wizard

API Hostname: https://asXXX.awmdm.com or your internal API URL.

Validation

To validate connectivity to Microsoft Exchange ActiveSync (EAS) from the SEG server, open a web browser and go to https://your-SEG-URL.com/microsoft-server-activesync. If the connection is successful, you should be prompted for your username and password.

As always, stay mobile!