Exchange policy problem. - Windows Phone 7 General

Hi all,
A strange thing it's happening to me. I just switch few day ago from android to wp7 and i cannot connect to my corporate exchange server.
With android i stay connected with no problem, but wp7 give me a lot of problems.
In a first moment, inserting all the right data in account and sync, an error advise me that the certificate is not valid... strange couse android neverask me a certificate. Anyway the IT office give me an autosign certificate that iend to my personal account on wp7 and install it. Now the error is change and i cannot sync to exchange with error code 80072F06 "Not updated... certificate problem.."
That's sound strange... in android the only message i had the first time i created the account that alert me that the remote server request to menage some information of the device.... continue or cancel. Obviously i continue, and all works great. Now in wp7 nothings works!!!
Creating the account in android i noticed i fields i selected to accept all SSL certificate. In wp7 i cannot find nothing similar.
Read on various blog i see that a problem is in exchange server configuration, not in wp7.... but however in android i had no problem.
So i ask you if exist some tweak registry key on wp7 i can manage to let accept automatically SSL certificate.
Sorry for my english.
Thank you.
Inviato dal mio EPAD usando Tapatalk

i have a similar problem too... i'm just migrating from galaxy s to focus
never had a problem with my office exchange using android

most likely a self signed certificate that has not been configured correctly, also try to get your admin to export the root cert for you not the one issued through OWA, but the one on the server.

I had the same problem. You have to install ALL certificates, including root and intermediate certificates. A good way is to mail to your windows live address and double click on the certificates.
Then everything will work without a flaw.
I dont know, why this works in Android and Iphone without installing those root certificates.
Frank

Just as a sidenote: you will have to restart your device before the certificates actually work.

ok. I'll try to install all kind of certificate the IT office can give me.
i don't now if the problem can be that the certificate has the address exchange.mybusiness.com while the external server i must set on WP7 is mail.mybusiness.com...
However on Monday i can do other try, first to launch the phone in the wall...
EDIT:
6 months have passed ...
Nothing more?
A few tweaks that will allow windows phone to accept all connections?

Related

Push Exchange Email

Hello,
Been using Black v1.2 for a few days, was holding out for version 2 before asking for help but this doesn't help me - excellent rom btw.
Our Exchange server is using self signed certificates, which have expired. I have been working on our Tech support to have this renewed but not holding my breath for this to be done anytime soon.
In WM5 there was a registry hack (added a DWORD of value 0 called secure to the partnership key) which forced activesync to ignore the above problem, however this doesnt work in WM6, does anyone have a solution to this?
I did try searching first but could see a solution.
Cheers,
James
Your tech support guys must be useless. Self signed certs, well so do I. But it only takes a couple of mins to re-issue and install.
Try running without SSL. This would work better, anyway.
If all of the certs have expired, they should be getting many problems with people failing to connect on their phones and any Outlook client using HTTP over RPC (now called Outlook Anywhere).
I don't agree
Self signed certs should be ok. Get a CER version and load it to the handheld. Previous versions of WM would take a program called CERTCHK.EXE and bypass the trusted root authority check. You can also install the root cert of your local CA, if you can have your admins deliver that.
Running without SSL transmits your password in the clear. NOT A GOOD IDEA, last I checked.
jeffreycentex said:
Try running without SSL. This would work better, anyway.
If all of the certs have expired, they should be getting many problems with people failing to connect on their phones and any Outlook client using HTTP over RPC (now called Outlook Anywhere).
Click to expand...
Click to collapse
Cheers for the Replies,
I had a go at extracting the root/intermediate certificate using sslchainsaver, and then installing them onto the device but I still get the same problem...
http://blogs.msdn.com/windowsmobile/archive/2006/08/11/sslchainsaver.aspx
Plus our server won’t allow none ssl traffic (a bit cheeky of them having no valid cert ), just looks like am stuck waiting for them to update the certificate...
btw for your information, this was the hack to force WM5 not to check the certificate.
http://winzenz.blogspot.com/2006/03/hacking-your-windows-mobile-50.html
Thanks again
James
I fixed mine the old fashioned way
James,
You may want to try this. Once I loaded Black 2.0, the cert said "expired". I went into WMDC, deleted the previous partnership, logged into Outlook. Connected the device, set up partnership, then let it sync.
It must have installed the cert, because ASync is working perfectly again.
Give that a go and see if it works.
Regards,
Steve
brownjl said:
Cheers for the Replies,
I had a go at extracting the root/intermediate certificate using sslchainsaver, and then installing them onto the device but I still get the same problem...
http://blogs.msdn.com/windowsmobile/archive/2006/08/11/sslchainsaver.aspx
Plus our server won’t allow none ssl traffic (a bit cheeky of them having no valid cert ), just looks like am stuck waiting for them to update the certificate...
btw for your information, this was the hack to force WM5 not to check the certificate.
http://winzenz.blogspot.com/2006/03/hacking-your-windows-mobile-50.html
Thanks again
James
Click to expand...
Click to collapse
silverfox0214 said:
James,
You may want to try this. Once I loaded Black 2.0, the cert said "expired". I went into WMDC, deleted the previous partnership, logged into Outlook. Connected the device, set up partnership, then let it sync.
It must have installed the cert, because ASync is working perfectly again.
Give that a go and see if it works.
Regards,
Steve
Click to expand...
Click to collapse
You Got my hopes up then
I gave that a go, deleted the partnership on the device. This time I used WMDC to set up the partnership, which did state that the Certificate could not be verified but gave me an option to use it anyway. But still the same result - I get erorr 0x80072F17 when trying to sync wirelessly.
Cheers,
James
Problem with Push Outlook eMail on Cingular
I have the same issue on this thread. I deleted all the partnerships and restarted several times but keep getting an error code0x85030027
MS Exchange Server requires a personal certificate to log on ....
Anyone has a fix to this issue ?
Thanks
Zimriman
Cingy Black 2.5

How to keep Outlook Exchange setup after upgrade

Hi,
My touch is used for work.
Everytime I do an upgrade that requires a hard reset, I have to wait until our IT person comes to the office once a week to get my emails setup again.
They will not give me the password as it's the exchange server password I guess.
Anyway to do a backup that will keep the setup/password for after I do the update so I don't have to wait until the guy is in the office?
Thanks.
LIP
Hmm. I have an exchange server at my home (I'm an MCSE/MCT). I don't have this problem.
I don't understand why he won't give you the password. That password should be unique to you. Personally, I don't know any of my client's passwords and I don't want to. Any administrator who knows their client's passwords has set themselves up for a legal mess.
Anyways. Are you connecting through a VPN?
Hi,
I don't understand this either to be honest but I'm not an expert with exchange (I know nothing about it to be honest).
He needed my password as well so I'm not sure what other password he is on about.
We use VPN but I don't know how this works with windows mobile devices.
Thanks.
LIP
There is not a server specific password with exchange, unless for some reason he has isolated exchange on it's own AD Structure and manually creates usersnames in that domain for your email. I've seen IT guys do weird things, so I never put anything to chance.
Here is something you can do before an upgrade.
Go into activesync, then menu->configure server.
Write down all the options and configured settings.
And pay close attention to the username\domain field in the second screen. If that is the same as what you sign in with at work, then there is not another password.
The only problem I see you running into if it is the same password you normally use, is maybe he did not use a trusted CA for the server's certificate.
If that is the case, you will get the yellow exclamation error saying there is a problem with the server's certificate.
Easy fix for that, go to the server's address on your laptop/desktop, and save the certificate to a file. Then import it on your phone and you should be good to go.
Now in regards to the VPN... You normally do not see a vpn in use unless they allow you to access the resources on the domain from your phone. (Sharepoint, and exch2007 shared folder access for example)
If they are, you would have some additional vpn software installed or are using the built in vpn configuration.
That would be under Start->Settings->Connections. Under "My Work Network" tap "Manage existing connections". At the bottom, tap VPN.
If you see something in here you are using a vpn. If you don't, you probably are not, unless you see some vpn client installed in your programs.
Hope this gives you enough info to give it a try yourself after the next upgrade.
Good luck, and best wishes.

2.1 Exchange Support Question

So.. with Nexus One's Activsync integration, there was an option "accept all ssl"
With my incredible, it does not have that option (that I can see).. Therefore with a custom certificate from my company's security team, I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Thoughts? Solutions?
Please move this to appropriate forum if I'm in wrong place. Thanks in advance.
I allowed me to chose SSL. From in your Exchange Active sync do the following:
Menu -> More -> Settings -> Account Settings
Scroll down to below the password or you can close the virtual keyboard and you should see it.
Thanks for your reply..
However, that option just says "This Server requires an encrypted SSL connection"
The old version had an option to accept all SSL Certificates.
This means, a custom signature coming from a very large technology company's, very extensive IT security team, will be accepted in any way shape or form.
Alternatively, if the certificate is "not from a trusted authority", then you get the warning over and over and over and over.. whether you accept it or not.
my company is using a godaddy cert, it works fine. i tried setting it up for a client who has 07 exchange and a cert, but its not a well signed one, it wouldnt work at all. so not that it is the best solution but u could get a godaddy cert for yourself.
iamodogg said:
I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Click to expand...
Click to collapse
What is the warning? Do you know if they have their cert setup correctly?
I'm currently using the Touchdown app and using SSL. I haven't seen any warnings.
Touchdown will work fine. The certificate is obviously custom-built. We are a 60k employee company. They are not going to change the very for the limited android users.
Again, the 2.0 OS had a feature built in that allowed you to choose to accept all certificates.
Thanks for the work around/alternatives. Still hoping for a fix.
-------------------------------------
Sent via the XDA Tapatalk App
i had a clients incredible and it just wouldn't work, they were using a self sign certificate and exchange 07. i tried every setting i could, even after the software update1. yesterday i was determined to get it to work so i searched and searched. It just keep saying it couldnt authenticate. From what I found a couple things could work.
What I did:
I opened the browser and went to the company owa site. https://mail.company.org/owa, then onces there I could log in. I logged in as the user and it asked me to accept the certificate so I did. Then I was able to get into the users box. Then I added the exchange activesync account next and it work with one minor change in the domain field ( i just erased it). Form what I understand the autodiscover service on IIS needs to be running and working. Not 100% sure, but I got it to work so its worth a try.
What I tried, but didnt work:
Several sites said as long as you are connected to the network, but don't have internet then so the setup and it will continue. Then once it is setup then plug the internet back in and it will ask you to accept the cert and u just say yes. the option which you are talking about no longer looks available. Again its worth a try
Hope this helps
Yeah not sure what the OP means by "Custom Cert" as it's either a valid cert from a trusted CA or it's self signed. Nothing in between. I don't know why a company with 60K employees though would not have a valid SSL cert though...
Look at the cert properties and make sure the server name you are using on the phone matches the name on the cert exactly (if you haven't checked that already). This is the "Issued to:" field...

[Q] Import SBS2008 Exchange Certificate

Got an Omnia 7 today, but I cannot setup my exchange account as I need to import the certificate for my server (small business server 2008).
Previously, I have done this by connecting my phone to a PC using Mobile Device Centre and running the Install Certificate program on the server - quite painless.
However the Omnia doesn't connect to Windows Mobile Device Centre, therefore I cannot connect to run the cert installation - and therefore cannot access my email.
Anyone know how I would go about getting the certificate onto the handset?
Do you have another mail account other than the exchange account already set up on the device?
If so, I think the solution is to mail the certificate and add it that way. See this link too as someone was having issues with the cert and synchronisation. http://social.answers.microsoft.com...7/thread/bf9240a9-a388-4cb7-bf6d-8966ddae7707
I have yet to go down this route. My hardware at home is having issues with SBS so I'm going down a hosted option route till I can sort it

Microsoft Exchange

Help!
I'm having issues connecting my work emails to my phone. Our IT department says that android phones don't support the necessary policies to gain access. iPhones can connect no problem. And oddly Samsung Galaxy S3 is an enterprise ready phone it also works. Seeing how the Galaxy S3 works. I assume that the Galaxy Nexus also has the capability to work if I port the email.apk from the S3?
I ask because I want native support. (i.e. calendar sync, contacts, etc...) I'm using k-9 for now just for the emails. Let me know if anyone has any ideas. Thank!!!
Can you explain more? Are you unable to reach the server? Are you sure you have the correct server address? Do you have Active Sync enabled for your account on Exchange? I sync with Exchange 2007 with no problems.
The problem is I keep getting incorrect username password errors. And when I consulted with our IT department they explained to me it wasn't because I inputted anything in wrong. It was because there are certain Microsoft Exchange security policies that android doesn't support natively.
Sent from my Galaxy Nexus using Tapatalk 2
I don't think that's correct. What's the policy they are enforcing that Android doesn't support?
What ver. of Exchange are you on?
Exact Issue I am facing too . My pl can connect via his Iphone 4 but not me... Never it gets connected.
deepayanneogi said:
Exact Issue I am facing too . My pl can connect via his Iphone 4 but not me... Never it gets connected.
Click to expand...
Click to collapse
What version of Exchange? What policy isn't supported?
2010 exchange , Cannot connect simply on giving credentials.
I've never had a problem. Enter my domain\username and password and the server URL which is different from what it defaults to and I'm good.
Edit: Looks like it might be non-provisional devices?
Issue 2.1 - Failures to provision and synchronize with Android OS
Exchange ActiveSync policies can cause provisioning and synchronization to fail when the devices are customized. Devices are not provisioned if a policy that exceeds these limitations is applied to the users of these devices. This issue is discussed in comment 9 from the following post on the Google Android forum:
http://code.google.com/p/android/issues/detail?id=9426
Edit: Maybe get them to create a new policy for you. Should only take them a second.
Another alternative would be to use an app like TouchDown, it would also provide the added bonus of seperating your e-mail from your phone. If a pin is enforced, it's enforced in touchdown, not the whole phone. a remote wipe only kills touchdown, not the whole phone.. etc.
It's a bit pricey, but very worth it.
deepayanneogi said:
2010 exchange , Cannot connect simply on giving credentials.
Click to expand...
Click to collapse
I use exchange 2010 no problem, and I just migrated a customer to exchange 2010 with a mixed iPhone/Android environment. If it's an authentication issue there are a couple of things to try:
-In the username make sure the format is DOMAIN\Username. So if your domain is ABC and your username is jsmith - it would be "ABC\jsmith" without the quotes.
-Make sure the servername is correct (i.e.: is the fqdn that can be resolved from 3G or from Wifi internally/externally - a lot of folks don't setup the correct DNS internally and mail.company.com may resolve to their website or something).
-Try checking/unchecking Use SSL, and Accept all SSL certificates. Using SSL is always best and Exchange 2010 requires it by default if I'm not mistaken, but unless you've got a trusted SSL certificate installed on the server you may have a problem...but nothing that can't be overcome by this.
-I'm assuming your user is allowed to use a mobile device since your IT person is troubleshooting.

Categories

Resources