Security – ActiveSync Audit: Who sent the Remote Wipe command to a device

The following steps resolved the issue for me:

1) The MobileAdmin query was making DNS requests for “mail.yourdomain.com” on the external IP of the firewall instead of internally resolving the server name “INTERNAL_SERVERNAME”.

This problem was resolved by adding 127.0.0.1 "mail.yourdomain.com" to the local server’s HOST file so it will not make any DNS queries outside of the local environment.

2) The IIS configuration had a Host Name set when that should be blank. The hostname was removed using the command:

C:\inetpub\admscripts> cscript adsutil.vbs delete w3svc/1/SetHostName

First, DON'T capitulate. He is not only an idiot but DANGEROUSLY wrong. In fact, releasing this information would violate the PCI standard (which is what I'm assuming the audit is for since it's a payment processor) along with every other standard out there and just plain common sense. It would also expose your company to all sorts of liabilities.

The next thing I would do is send an email to your boss saying he needs to get corporate counsel involved to determine the legal exposure the company would be facing by proceeding with this action.

This last bit is up to you, but I would contact VISA with this information and get his PCI auditor status pulled.