WM6 and Personal Exchange certificates - 8525, TyTN, MDA Vario II, JasJam ROM Development

Anyone know if personal exchange certificates are now working in WM6? I'd rather not pay $100/yr if I don't have to...

I believe so, I use a personal exchange certificate and never had a problem with it in WM6...

Hmm, well I wasted last night trying to get ours to work. I was able to export the .cer and install it, but it kept saying "invalid security certificate".
One other item to note, our webmail address is as follows blahblah.wahwah.com/exchange.
Is that causing the problem?

pkley said:
Hmm, well I wasted last night trying to get ours to work. I was able to export the .cer and install it, but it kept saying "invalid security certificate".
One other item to note, our webmail address is as follows blahblah.wahwah.com/exchange.
Is that causing the problem?
Click to expand...
Click to collapse
I doubt it..
Are you sure the backend (exchange/isa publishing) is all correct?
Next up, you'll probably need to export the root certificate and import that on to your device as well as the cert thats been used to publish exchange. You can use owa to test all this... If you browse to https owa url you need to see all green (eg name matches, certificate valid (eg not expired), and trusted (including any root certs)). Ensure root certs are in the correct store when you import (I usually deselect the place certs automatically option).
The other thing is to check on how the cert was exported... I dont have the process to hand, but its on isaserver.org and MS....

All I've ever done is install the root certificate on the phone and everything works fine WM5/WM6.

All I've ever done is install the root certificate on the phone and everything is ok (WM5/WM6) although I'm not behind ISA

Your certificate name would have to match exactly what you have set up on exchange/server. In your example, certificate is named blahblah.wahwah.com... it has to be exactly the same name. So in your PDA the server name would be blahblah.wahwah.com. not blahblah.wahwah.com/exchange
Good luck.

Personal certificate you mean : Client certificate ?
-> work fine with YES an easy install (no need anymore complicate activesync process or Jacco dds....)
Woldcard certificate (*.toto.com also working fine!)
-> yes after a missing feature in WM5!

Ok, here's what I did.
Opened up my webmail page which is abc.defg.com\exchange
Clicked on the Lock and opened up the certificate. Under Certification Path it says abc.defg.com - no \exchange
Under Details I clicked on Thumbprint and Copy to File as a .cer
I named that file root.cer and put it in the directory on my 8525 and ran it, it installed.
I'm sure I'm missing several steps, but a lot of the threads are way over my head or not applicable to my situation. Any advice, or step by step would be greatly appreciated.

Related

Installing root certificates into 1.40

I've got an XDAIIs, which has been updated to a 1.40 ROM. We install a new root certificate onto our devices, to allow us to use Activesync over SSL, but when you try and load a .cer file on a 1.4 ROM you get the oh-so-helpful message:
"Security permission was insufficient to update your device."
This process has worked fine on every other ROM and I suspect it's something new on the 1.40 ROM. My guess is that it won't work with the XDAIIi either, which has a 1.40 ROM out of the box...
Suggestions? Google / Microsoft didn't turn up a lot.
Daern
daern said:
I've got an XDAIIs, which has been updated to a 1.40 ROM. We install a new root certificate onto our devices, to allow us to use Activesync over SSL, but when you try and load a .cer file on a 1.4 ROM you get the oh-so-helpful message:
"Security permission was insufficient to update your device."
This process has worked fine on every other ROM and I suspect it's something new on the 1.40 ROM. My guess is that it won't work with the XDAIIi either, which has a 1.40 ROM out of the box...
Suggestions? Google / Microsoft didn't turn up a lot.
Daern
Click to expand...
Click to collapse
Interesting. how did you try and import the .cer file to the device?
deleted
....
therock112 said:
Interesting. how did you try and import the .cer file to the device?
Click to expand...
Click to collapse
Just click the file
Or run certinst.exe, which is what .cer file are associated with in PPC2003+
I've actually found some rather nice, useful code from Microsoft (gasp, shock, horror!):
Download this example:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322956
...which is for PPC2002, but the sample code for inserting certificates works on 2003 and (more importantly) bypasses whatever additional locks that have been placed in this new ROM. In fact, it's even better 'cos certinst.exe threw up a non-suppressable confirmation box, whereas I can now embed all of the code into a setup.dll and wrap the cert into a self installing cab file, along with all of my CPF stuff.
I'll still try and find out why O2 have changed this though. That sucks...
Happy Daern the hax0r

HELP...synchronize issue with microsoft exchange

I flashed LVSW WM6.0 ROM ( 3.30.0.9 version ) last night on my Hermes. After the flashing was done, the device was able to synchronize with the exchange server through my PC at the first, but it wasn't later. And the synchronizing is always failed with the exchange server through the GPRS later on. I checked the report and it reads
" Result: The server certificate on the server is not valid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server."
and provides a " Support code : 0x80072F06".
This never happened on the platform of WM5.
Can anybody help on this issue?
Thanks a lot!
I had a same issue at past week.
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
YUKI- said:
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
Click to expand...
Click to collapse
I'm also having a similar problem. When I connect via usb I can sync with server. When I connect wirelessly, cannot sync. Get server name error. Do you have this file?
YUKI- said:
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
Click to expand...
Click to collapse
Hi YUKI-
Thanks for your input. Actually I'm using the good wince.nls said as without the good wince.nls Chinese is not readable. But the problem is still the problem.....Thank you all the same
Taking it back to first principals (assuming you have access to the server):
- what certificate is the server using? (one from your own CA or a third party one like verisign)
- has that certificate expired?
- if using a certificate from your own CA have you installed the root certificate on your phone?
- do the address on the certificate and the one you have entered on the phone match exactly?
- what happens if you turn off the SSL requirement on the server - do you get a different error or does it work ok?
- Do you have another phone you can test with? Failing that what about using Outlook Web Access on a PC over SSL, does that work okay without certificate errors?
randomelements said:
Taking it back to first principals (assuming you have access to the server):
- what certificate is the server using? (one from your own CA or a third party one like verisign)
- has that certificate expired?
- if using a certificate from your own CA have you installed the root certificate on your phone?
- do the address on the certificate and the one you have entered on the phone match exactly?
- what happens if you turn off the SSL requirement on the server - do you get a different error or does it work ok?
- Do you have another phone you can test with? Failing that what about using Outlook Web Access on a PC over SSL, does that work okay without certificate errors?
Click to expand...
Click to collapse
Hi randomelements,
1. There is not a certificate the server is using. And there is never a certificate required when I used the WM5 on my Hermes. Also my colleagues in US is using the WM6 and there is not any certificate required.
2. Turned off the SSL requirement, there is another error report reading " Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Sever administrator." and a new support code " 0x85010004" was given.
3.a couple of days ago I used WM5 on my Hermes and there was not any problem. Before using the Hermes, I used the Magician and there was not any problem either.
It works well that using Outlook Web Access on a PC over SSL.
Well...it looks to be a big problem^_^ thank you all the same randomelements!
What version of exchange?
If 2007, the integration with WM6 is tighter than 2003 with WM5 or 6. When I set mine up I had to alter permissions on the Exch 2007 web site. There are pointers on the MS website of you search on that error code and exchange 2007. I dont have the info to hand, but can look on my system tonight.
greatg said:
I'm also having a similar problem. When I connect via usb I can sync with server. When I connect wirelessly, cannot sync. Get server name error. Do you have this file?
Click to expand...
Click to collapse
My situation is NEVER completed any ActiveSync via USB+PC and X01HT's Wireless connection. I think thats problem does not same.
And I am currently using japanese version crossbow. if you have another language with wince.nls, does not solved your issue with my attached a file.
Check the clock on your phone. A couple of times when I flashed I forgot to change the year and had my date set in 2006, which gave me invalid or expired certificate error.
I think I've got what the problem is. I flashed the black 3.01 ROM tonight. After the flash was done, I tried the syn immediately and it succeeded via the wireless connection. But when I replaced the original wincel.nls file with the one with Chinese supported, the syn was failed and I got the same error report.
The problem is I can't use the wincel.nls file without Chiese supported. What should I do?

Intercepting OUTGOING sms's, how? -> sms_providers.dll wrapping?

Hello all you,
I'd like to intercept outgoing SMS's sent from the SMS messaging application.
Do any of you know a good wy to do this?
I found a possibility myself, but not entirely sure that it'll work:
wrapping sms_providers.dll, all exported functions that start with "Text_":
Test_GetMessageInfo
Text_GetSize
Text_Read
Text_RecognizeMessage
Text_Send
And then, change the registry to use my own DLL for Text messages:
[HKLM\Comm\Cellular\SMS\Protocols\Text] DLL = "MyOwn.dll"
However, for my own thought up solution, there's a few snags:
1) I can't find any documentation about the function defenitions (parameters, return types, etc.) which I really do need, in order to do good wrapping.
2) the DLL needs to be signed in order to work: how??
Does anyone know of a:
1) Different solution
2) How to get my own idea on the road?
and, just to expolain what I'm trying to do:
I want to be able to send SMS through voipbuster.com from within the messaging application, because of nice system integration. I know of some already available tools to do just this, but I find them pretty cumbersome, and theirfor, not really usable.
No idea if this will work or not.
Remove the SMS center number then just read the text from the outbox/sentbox and send on from there.
Dean123 said:
No idea if this will work or not.
Remove the SMS center number then just read the text from the outbox/sentbox and send on from there.
Click to expand...
Click to collapse
Doesn't seem to work. my sms still gets sent.
What does work: set sms sending method to GPRS, then it comes up with an error box that it can't send any message, and then I could pick up the unsent message from the drafts folder. But this is far less then ideal. I would prefer to use some kind of a hook or callback, instead of continuously checking a messaging folder for new messages.
very interested...
i had the very same idea... only problem is i don't have any programming skills besides programming my vcr ;-) ...
i'll keep a close look on this thread
Nobody any bright ideas?
Hello!
You can get the source code from WinCE Platform Builder.
Actually, you just need to write a DLL including the "TEXT_" Functions. In these functions, you can do all you need to do, and pass the parameters to the original SMS_Providers.dll after all.
Check out the latest version of Kaspersky Mobile, it uses this method.
BTW: I'm Chinese...er.... I hope you can understand my poor English...
Hello,
I've to intercept SMS incoming messages before tmail does, since I need to read the UDH part of the message.
I've written my own SMS provider, a dll witch export the TEXT_... functions as SMS_providers.dll does (I have got the declarations of this functions from the source of this dll from the Platform Builder). Then, I have put my dll into the Windows folder an I have changed the value of this registry key:
[HKLM\Comm\Cellular\SMS\Protocols\Text] DLL
writing my dl name as value.
But it doesn't work. My dll is never attached nor called. When a SMS is received, the client cannot call my provider and the message is transmited as a RAW message (because this is another entry in HKLM\Comm\Cellular\SMS\Protocols with less preference).
Do I need something else? Must my dll be registried by another way, such a COM registration? Please, help.
Hello,
Could anybody provide a header file including the "TEXT_" functions?
I am interested in intercepting outgoing SMS.
you need to sign with privileged certificates.
RAMMANN said:
you need to sign with privileged certificates.
Click to expand...
Click to collapse
Or cook it in a rom and turn off certificate checking in the kernel....
NRGZ28 said:
Or cook it in a rom and turn off certificate checking in the kernel....
Click to expand...
Click to collapse
yes.... but actually I think the guy needs to do some debug logging and trial and error in the first place. this is a bit (but only a bit) sloowwwww when flashing a new ROM each time.
whooo! This stuff is very sensitive! If you link aygshell.lib in your sms_providers.dll replacement project then CE doesn't load it anymore. The DLL is also loaded pretty early in the boot process when the UI isn't initialized yet so if you add a MessageBox for debugging purposes you need to hard reset....
I love it!
I discovered another way of not having CE load your sms_providers.dll
First I thought it's a problem related to Samsung because my DLL didn't load on Omnia i900 and O2 and it worked on a majority of HTC devices. But then I even had a HTC device not loading the DLL... and guess what: It's been the only HTC device remaining that didn't have a custom ROM running. The Samsung devices were still running on stock ROMs too. So this is most likely a certification issue and even signing with priv. certificates doesn't help....

application file cannot be opened .either it is notsigned with trusted certificate

I am having problems with applications under Windows Mobile 5.0. When i try to run them i get the following error.
The file 'foo' cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file.
1)Is there anyway of disabling the checks for trusted applications in Windows Mobile 5.0 on the Wizard?
I think this error becuz u r trying to run wm6 applications under wm5
vodovodo said:
I think this error becuz u r trying to run wm6 applications under wm5
Click to expand...
Click to collapse
I have same problem for BA wm 6.1 5.2.19199.1.0.0 PV DVH. Some people offered solution of HR. I don't agree with this. because we have to lose what we've been installing and spend more time re-installing them. so much time-wasting?
Any other solutions, please?!
Thanks in advance.
Problem may be cause of your SD card if u r using WM6. SD card PowerManagment value is set("DisablePowerManagment") to 0 in your registry. This means after a while your device will set your SD card power off for savg batttery. This cause to unread your program files etc while u start any program on your form your SD card device.
I fixed this problem like that;
By any registry editor:
Find the Path:
"Hkey_local_machine>drivers>sdcard>clientdrivers> class >SDMemory_Class"
after that find;
""DisablePowerManagement"" key and set its value to "1" than save and exit. Than soft reset your device. Problem will be fixed.
Sorry for my bad english.
Windows Mobile powered devices are shipped with default security settings.
The security model enables Mobile Operators to make post-production changes to security settings.
This can place significant restrictions on software which has not been signed and approved.
However you can change the default settings.
Take control of applications on your phone.
"All listed settings are decimal"
1. Connect the phone through ActiveSync.
2. Run your favorite remote registry editor "CeRegEditor (Download)" "Mobile Registry Editor (Download)" on your PC. http://ceregeditor.mdsoft.pl/
3. Navigate to HKEY_LOCAL_MACHINE\Security\Policies\Policies
Unsigned Prompt Policy:
This policy indicates whether the user is prompted to accept or reject unsigned .cab, theme, .dll and .exe files.
HKEY_LOCAL_MACHINE\Security\Policies\Policies
DWord = 0000101a Data = Use the following-->
0 = Indicates user will be prompted.
1 = Indicates user will not be prompted.
you will set that register decimal 1. that is solved problem
I have a HTC Tytn II and i get the same error. However, When trying to alter data using the reg editor you recommended, i found the 0000101a was already set to 1. Any other ideas?
Hi All,
Would someone be so kind to me a explain how I can move a package from the EXT directory or one Kitchen to the EXT directory on this version of kitchen.
I thought I could just simply copy the directory? So I had a go compiling a version of youtube from a different kitchen It would seem mot to work thou as I get the dreaded The file 'xx' cannot be opened. Ether it is not signed with a trusted certificate, or one of its components cannot be found. If the problem persists, try reinstalling or restoring the file.
Any ideas how to get this to work?
Or look for the tool MsSigner, it can be found in most kitchens.
You'll be able to sign it with a signature that is accepted after you aply the enablyRapi and SPCCerts policies.
You're probably missing a key dependency package like dshow (mshow?) or concurrence manager. Also, make sure the shortcut path is valid. Lord knows why, but that's the message you get for bad shortcuts.
josephwsl said:
I am having problems with applications under Windows Mobile 5.0. When i try to run them i get the following error.
The file 'foo' cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file.
1)Is there anyway of disabling the checks for trusted applications in Windows Mobile 5.0 on the Wizard?
Click to expand...
Click to collapse
maybe .NET CF is missing or not up-to-date?
RAMMANN said:
maybe .NET CF is missing or not up-to-date?
Click to expand...
Click to collapse
ahh i love you bro, u saved me an hassle i tried everything and it was the net.cf
damii said:
you will set that register decimal 1. that is solved problem
Click to expand...
Click to collapse
When I try that, I'm told I don't have the authority to access that. :-(
now what?
Yeah, me too!!!
All of a sudden too. Everything was fine then I got these certificate errors every time I try to run Haret.exe to run android. This happened last night. Did my provider change something on me?
I try to change that registry key and it won't let me.
Re:this post
I have same problem for BA wm 6.1 5.2.19199.1.0.0 PV DVH. Some people offered solution of HR. I don't agree with this. because we have to lose what we've been installing and spend more time re-installing them. so much time-wasting?
You need hard reset!
Same problem "certificate errors" and a hard reset wont work
Plz help
damii said:
Windows Mobile powered devices are shipped with default security settings.
The security model enables Mobile Operators to make post-production changes to security settings.
This can place significant restrictions on software which has not been signed and approved.
However you can change the default settings.
Take control of applications on your phone.
"All listed settings are decimal"
1. Connect the phone through ActiveSync.
2. Run your favorite remote registry editor "CeRegEditor (Download)" "Mobile Registry Editor (Download)" on your PC.
3. Navigate to HKEY_LOCAL_MACHINE\Security\Policies\Policies
Unsigned Prompt Policy:
This policy indicates whether the user is prompted to accept or reject unsigned .cab, theme, .dll and .exe files.
HKEY_LOCAL_MACHINE\Security\Policies\Policies
DWord = 0000101a Data = Use the following-->
0 = Indicates user will be prompted.
1 = Indicates user will not be prompted.
you will set that register decimal 1. that is solved problem
Click to expand...
Click to collapse
Thanks! That really helped me. You literally saved me a good night sleep. I was already desperate.
Wow, it works Thank you!!!
Awesome!!!
This worked perfectly. Thanks so much for the help. I've been racking my brain about this for over an hour now, then found this through a search.
Thanks!
OMG
I have the same problem and I tried :
1/ Hard Reset
2/ Rom Update
3/ installed NetCFv3.5
4/ editing values in the registry
what els ????!
plzz i need your help

ActiveSync problem 0x80072F17 Certificates

I just updated my TP2 with the rom from the official htc website: ROM-versie:2.07.404.1 and now i'm getting the 0x80072F17 error when trying to sync with my companies exchange server.
Before it did work on rom version 1.88.404.3, which came with the TP2.
I know the problem is the certificate, but I do not care about the certificate, i just want to sync my calendar, contacts, and outlook email.
I cannot contact my system administrator (because I am one of them), and my company is not buying in the near future a valid certificate.
Can someone please help me making my HTC understand that I want to sync with outlook, but do not care about a valid certificat!!!
Most likely you are using a certificate from your own certificate server.
That's not a validated source.
Normally in a website you'll get a pop up on which you can choose to go on.
Your TP2 can't ask that question.
You'll have to export the root certificate from your internal certificate server to a .cer file.
Copy it to your device, and double click it in explorer. It will install automatically.
To be sure, reset your device, and you shouldn't get the error anymore.
Same Problem
I recently upgraded to latest ROM and the problem you describe emerged.
Please excuse my ignorance but the latest reply does not help me very much as I do not know how to do what you suggest. I seem to remember that for the last ROM version I was asked if I wanted to permanently trust the non valid certificate.
If anyone has a solution please inform us???
because of this problem i got back to an older rom (downloaded from htc site), and yes you are right, this older version just asks one time if you want to continue with an invalid certificate. choose yes, and i can connect with exchange with no problem.
why is the new version not asking this question?
i exported the certificate, uploaded the .cer to my phone, opened it, but nothing happened. now i only do not know if i tried to open the file with explorer or with resco explorer. can anyone confirm if this option will work?
You need to add it as a root certificate.
Follow these instructions:
blogs.msdn.com/windowsmobile/archive/2006/01/28/making-a-root-cert-cab-file.aspx
Worked for me.
damden said:
I just updated my TP2 with the rom from the official htc website: ROM-versie:2.07.404.1 and now i'm getting the 0x80072F17 error when trying to sync with my companies exchange server.
Before it did work on rom version 1.88.404.3, which came with the TP2.
I know the problem is the certificate, but I do not care about the certificate, i just want to sync my calendar, contacts, and outlook email.
I cannot contact my system administrator (because I am one of them), and my company is not buying in the near future a valid certificate.
Can someone please help me making my HTC understand that I want to sync with outlook, but do not care about a valid certificat!!!
Click to expand...
Click to collapse
I still have the same problem! Can someone help???
How I fix my certificate error 0x80072f17
visit: h**p://forum.xda-developers.com/showthread.php?p=6755285#post6755285
zefogo said:
visit: h**p://forum.xda-developers.com/showthread.php?p=6755285#post6755285
Click to expand...
Click to collapse
Your URL was messed up:
http://forum.xda-developers.com/showthread.php?p=6755285
Same problem here and that post doesn't help me. anyone have a solution without buy a trusted certificate?
thanx

Categories

Resources