If you replaced the Gateway computer certificate or certification authority and imported the new certificate to the Gateway Web site, then you must uninstall and reinstall the Gateway Server component.

No. MDM requires two network adapters: one for communicating with external client devices, and one for communicating with internal servers. MDM does not support binding internal and external IP addresses to a single network adapter.

Yes. If you want tighter security than Secure Sockets Layer (SSL) access, you can use the MDM Mobile VPN connection for double-envelope security on mobile messaging. MDM supports DirectPush in this VPN-to-EAS scenario.

Yes. To disable the Mobile VPN connection, on the device, select Settings, select Connections, select Mobile VPN, and then select Disable. You can also enable or disable the Mobile VPN connection by using the MDM VPN Diagnostics Tool. For information about this tool, see MDM Resource Kit Tools at this Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=108953 .

The device is not protected because without the Mobile VPN connection, it connects to a public Internet connection. Therefore, it is exposed to all of the threats on the Internet.

Device wipes will not function because MDM sends the wipe notification through the alerting mechanism provided by MDM Gateway Server. If you disable the Mobile VPN connection, MDM Gateway Server cannot address the device.

If your company only has MDM–enrolled devices, then Microsoft Exchange Server ActiveSync is not exposed to the Internet. Therefore, if you disable the Mobile VPN connection, the device cannot connect to it.

No. MDM client devices and device emulators cannot establish Mobile VPN connections using Windows Mobile Device Center/ActiveSync Desktop Pass-Through connections.

The following table summarizes how network traffic is routed when you connect the device to a desktop computer.