ActiveSync problem 0x80072F17 Certificates - Touch Pro2, Tilt 2 Windows Mobile General

I just updated my TP2 with the rom from the official htc website: ROM-versie:2.07.404.1 and now i'm getting the 0x80072F17 error when trying to sync with my companies exchange server.
Before it did work on rom version 1.88.404.3, which came with the TP2.
I know the problem is the certificate, but I do not care about the certificate, i just want to sync my calendar, contacts, and outlook email.
I cannot contact my system administrator (because I am one of them), and my company is not buying in the near future a valid certificate.
Can someone please help me making my HTC understand that I want to sync with outlook, but do not care about a valid certificat!!!

Most likely you are using a certificate from your own certificate server.
That's not a validated source.
Normally in a website you'll get a pop up on which you can choose to go on.
Your TP2 can't ask that question.
You'll have to export the root certificate from your internal certificate server to a .cer file.
Copy it to your device, and double click it in explorer. It will install automatically.
To be sure, reset your device, and you shouldn't get the error anymore.

Same Problem
I recently upgraded to latest ROM and the problem you describe emerged.
Please excuse my ignorance but the latest reply does not help me very much as I do not know how to do what you suggest. I seem to remember that for the last ROM version I was asked if I wanted to permanently trust the non valid certificate.
If anyone has a solution please inform us???

because of this problem i got back to an older rom (downloaded from htc site), and yes you are right, this older version just asks one time if you want to continue with an invalid certificate. choose yes, and i can connect with exchange with no problem.
why is the new version not asking this question?
i exported the certificate, uploaded the .cer to my phone, opened it, but nothing happened. now i only do not know if i tried to open the file with explorer or with resco explorer. can anyone confirm if this option will work?

You need to add it as a root certificate.
Follow these instructions:
blogs.msdn.com/windowsmobile/archive/2006/01/28/making-a-root-cert-cab-file.aspx
Worked for me.

damden said:
I just updated my TP2 with the rom from the official htc website: ROM-versie:2.07.404.1 and now i'm getting the 0x80072F17 error when trying to sync with my companies exchange server.
Before it did work on rom version 1.88.404.3, which came with the TP2.
I know the problem is the certificate, but I do not care about the certificate, i just want to sync my calendar, contacts, and outlook email.
I cannot contact my system administrator (because I am one of them), and my company is not buying in the near future a valid certificate.
Can someone please help me making my HTC understand that I want to sync with outlook, but do not care about a valid certificat!!!
Click to expand...
Click to collapse
I still have the same problem! Can someone help???

How I fix my certificate error 0x80072f17
visit: h**p://forum.xda-developers.com/showthread.php?p=6755285#post6755285

zefogo said:
visit: h**p://forum.xda-developers.com/showthread.php?p=6755285#post6755285
Click to expand...
Click to collapse
Your URL was messed up:
http://forum.xda-developers.com/showthread.php?p=6755285

Same problem here and that post doesn't help me. anyone have a solution without buy a trusted certificate?
thanx

Related

Installing root certificates into 1.40

I've got an XDAIIs, which has been updated to a 1.40 ROM. We install a new root certificate onto our devices, to allow us to use Activesync over SSL, but when you try and load a .cer file on a 1.4 ROM you get the oh-so-helpful message:
"Security permission was insufficient to update your device."
This process has worked fine on every other ROM and I suspect it's something new on the 1.40 ROM. My guess is that it won't work with the XDAIIi either, which has a 1.40 ROM out of the box...
Suggestions? Google / Microsoft didn't turn up a lot.
Daern
daern said:
I've got an XDAIIs, which has been updated to a 1.40 ROM. We install a new root certificate onto our devices, to allow us to use Activesync over SSL, but when you try and load a .cer file on a 1.4 ROM you get the oh-so-helpful message:
"Security permission was insufficient to update your device."
This process has worked fine on every other ROM and I suspect it's something new on the 1.40 ROM. My guess is that it won't work with the XDAIIi either, which has a 1.40 ROM out of the box...
Suggestions? Google / Microsoft didn't turn up a lot.
Daern
Click to expand...
Click to collapse
Interesting. how did you try and import the .cer file to the device?
deleted
....
therock112 said:
Interesting. how did you try and import the .cer file to the device?
Click to expand...
Click to collapse
Just click the file
Or run certinst.exe, which is what .cer file are associated with in PPC2003+
I've actually found some rather nice, useful code from Microsoft (gasp, shock, horror!):
Download this example:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322956
...which is for PPC2002, but the sample code for inserting certificates works on 2003 and (more importantly) bypasses whatever additional locks that have been placed in this new ROM. In fact, it's even better 'cos certinst.exe threw up a non-suppressable confirmation box, whereas I can now embed all of the code into a setup.dll and wrap the cert into a self installing cab file, along with all of my CPF stuff.
I'll still try and find out why O2 have changed this though. That sucks...
Happy Daern the hax0r

WM6 and Personal Exchange certificates

Anyone know if personal exchange certificates are now working in WM6? I'd rather not pay $100/yr if I don't have to...
I believe so, I use a personal exchange certificate and never had a problem with it in WM6...
Hmm, well I wasted last night trying to get ours to work. I was able to export the .cer and install it, but it kept saying "invalid security certificate".
One other item to note, our webmail address is as follows blahblah.wahwah.com/exchange.
Is that causing the problem?
pkley said:
Hmm, well I wasted last night trying to get ours to work. I was able to export the .cer and install it, but it kept saying "invalid security certificate".
One other item to note, our webmail address is as follows blahblah.wahwah.com/exchange.
Is that causing the problem?
Click to expand...
Click to collapse
I doubt it..
Are you sure the backend (exchange/isa publishing) is all correct?
Next up, you'll probably need to export the root certificate and import that on to your device as well as the cert thats been used to publish exchange. You can use owa to test all this... If you browse to https owa url you need to see all green (eg name matches, certificate valid (eg not expired), and trusted (including any root certs)). Ensure root certs are in the correct store when you import (I usually deselect the place certs automatically option).
The other thing is to check on how the cert was exported... I dont have the process to hand, but its on isaserver.org and MS....
All I've ever done is install the root certificate on the phone and everything works fine WM5/WM6.
All I've ever done is install the root certificate on the phone and everything is ok (WM5/WM6) although I'm not behind ISA
Your certificate name would have to match exactly what you have set up on exchange/server. In your example, certificate is named blahblah.wahwah.com... it has to be exactly the same name. So in your PDA the server name would be blahblah.wahwah.com. not blahblah.wahwah.com/exchange
Good luck.
Personal certificate you mean : Client certificate ?
-> work fine with YES an easy install (no need anymore complicate activesync process or Jacco dds....)
Woldcard certificate (*.toto.com also working fine!)
-> yes after a missing feature in WM5!
Ok, here's what I did.
Opened up my webmail page which is abc.defg.com\exchange
Clicked on the Lock and opened up the certificate. Under Certification Path it says abc.defg.com - no \exchange
Under Details I clicked on Thumbprint and Copy to File as a .cer
I named that file root.cer and put it in the directory on my 8525 and ran it, it installed.
I'm sure I'm missing several steps, but a lot of the threads are way over my head or not applicable to my situation. Any advice, or step by step would be greatly appreciated.

Problem with Pocket Outlook unable to open URL's

I've just noticed that if I receive an Email with a URL embedded in the body , then pocket outlook refuses to open it.
I get an error - The file'http://some.location.on.the/internet/' cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file.
I originally thought it was a bad URL, but I sent myself an email with a valid link in and P-Outlook refused to open it.
The fix is to copy the URL into Pocket Explorer/Opera and open from there.
Update opera to the latest version which i think is 8.65 beta and this solves the problem

HELP...synchronize issue with microsoft exchange

I flashed LVSW WM6.0 ROM ( 3.30.0.9 version ) last night on my Hermes. After the flashing was done, the device was able to synchronize with the exchange server through my PC at the first, but it wasn't later. And the synchronizing is always failed with the exchange server through the GPRS later on. I checked the report and it reads
" Result: The server certificate on the server is not valid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server."
and provides a " Support code : 0x80072F06".
This never happened on the platform of WM5.
Can anybody help on this issue?
Thanks a lot!
I had a same issue at past week.
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
YUKI- said:
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
Click to expand...
Click to collapse
I'm also having a similar problem. When I connect via usb I can sync with server. When I connect wirelessly, cannot sync. Get server name error. Do you have this file?
YUKI- said:
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
Click to expand...
Click to collapse
Hi YUKI-
Thanks for your input. Actually I'm using the good wince.nls said as without the good wince.nls Chinese is not readable. But the problem is still the problem.....Thank you all the same
Taking it back to first principals (assuming you have access to the server):
- what certificate is the server using? (one from your own CA or a third party one like verisign)
- has that certificate expired?
- if using a certificate from your own CA have you installed the root certificate on your phone?
- do the address on the certificate and the one you have entered on the phone match exactly?
- what happens if you turn off the SSL requirement on the server - do you get a different error or does it work ok?
- Do you have another phone you can test with? Failing that what about using Outlook Web Access on a PC over SSL, does that work okay without certificate errors?
randomelements said:
Taking it back to first principals (assuming you have access to the server):
- what certificate is the server using? (one from your own CA or a third party one like verisign)
- has that certificate expired?
- if using a certificate from your own CA have you installed the root certificate on your phone?
- do the address on the certificate and the one you have entered on the phone match exactly?
- what happens if you turn off the SSL requirement on the server - do you get a different error or does it work ok?
- Do you have another phone you can test with? Failing that what about using Outlook Web Access on a PC over SSL, does that work okay without certificate errors?
Click to expand...
Click to collapse
Hi randomelements,
1. There is not a certificate the server is using. And there is never a certificate required when I used the WM5 on my Hermes. Also my colleagues in US is using the WM6 and there is not any certificate required.
2. Turned off the SSL requirement, there is another error report reading " Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Sever administrator." and a new support code " 0x85010004" was given.
3.a couple of days ago I used WM5 on my Hermes and there was not any problem. Before using the Hermes, I used the Magician and there was not any problem either.
It works well that using Outlook Web Access on a PC over SSL.
Well...it looks to be a big problem^_^ thank you all the same randomelements!
What version of exchange?
If 2007, the integration with WM6 is tighter than 2003 with WM5 or 6. When I set mine up I had to alter permissions on the Exch 2007 web site. There are pointers on the MS website of you search on that error code and exchange 2007. I dont have the info to hand, but can look on my system tonight.
greatg said:
I'm also having a similar problem. When I connect via usb I can sync with server. When I connect wirelessly, cannot sync. Get server name error. Do you have this file?
Click to expand...
Click to collapse
My situation is NEVER completed any ActiveSync via USB+PC and X01HT's Wireless connection. I think thats problem does not same.
And I am currently using japanese version crossbow. if you have another language with wince.nls, does not solved your issue with my attached a file.
Check the clock on your phone. A couple of times when I flashed I forgot to change the year and had my date set in 2006, which gave me invalid or expired certificate error.
I think I've got what the problem is. I flashed the black 3.01 ROM tonight. After the flash was done, I tried the syn immediately and it succeeded via the wireless connection. But when I replaced the original wincel.nls file with the one with Chinese supported, the syn was failed and I got the same error report.
The problem is I can't use the wincel.nls file without Chiese supported. What should I do?

Problem on using Pro Black 3.0.1

Dear all,
I need to use my PDA to sync with the exchange server of my company. After I upgrade to Pro Black 3.0.1, the synchronization is fine. But after I install the CS-Star, the synchronization encounter a problem. It said "The security certificate on the server is not valid. Contact your exchange server admin or ISP to install a valid certificate on the server. Support Code: 0x80072F06". Then I hard reset my PDA and reconfig the PDA to sync with exchange server without install the CE Star. I can't see any chinese right now. Anyone have suggestion on this issue? Thanks a lot.
Have you synced with your PC? Sometimes after a hard reset, when I plug into my PC with Exchange Server configured, that message goes away.
Sometimes I never have an issue and do it all over the air. This has happened with many versions of Crossbow, even the M$ ROMs and I've always been able to get past it by connecting via USB and performing that first PC sync.
Search the board for your language change. It's a registry setting, but I've seen many posts on this subject and you should get used to searching the boards.
fanki said:
Dear all,
I need to use my PDA to sync with the exchange server of my company. After I upgrade to Pro Black 3.0.1, the synchronization is fine. But after I install the CS-Star, the synchronization encounter a problem. It said "The security certificate on the server is not valid. Contact your exchange server admin or ISP to install a valid certificate on the server. Support Code: 0x80072F06". Then I hard reset my PDA and reconfig the PDA to sync with exchange server without install the CE Star. I can't see any chinese right now. Anyone have suggestion on this issue? Thanks a lot.
Click to expand...
Click to collapse
there's problem with CE-Star with WM6. even windows live is impacted. since i figured out i'd just want to read chinese without typing it, you can workaround with a cab named sunglobepatch
http://forum.xda-developers.com/showthread.php?t=302878

Categories

Resources