Hello
I've seen similar requests for VPN/Email.
But haven't found a way to do this in my case.
I'm using a 802.1X Wi-Fi, which needs a trusted CA certificate. After installing it I was forced to used graphic unblock, PIN or password.
Is there a way to remove this restriction and use normal slide unblock?
Also I'm using Exchange email on my phone. But I configured it after I installed Certificate, so I didn't even know that it may cause me use graphic unblock too.
So I guess I need to disable this restriction for both - certificate and exchange email.
Is there a way to do so?
Related
Hi,
My touch is used for work.
Everytime I do an upgrade that requires a hard reset, I have to wait until our IT person comes to the office once a week to get my emails setup again.
They will not give me the password as it's the exchange server password I guess.
Anyway to do a backup that will keep the setup/password for after I do the update so I don't have to wait until the guy is in the office?
Thanks.
LIP
Hmm. I have an exchange server at my home (I'm an MCSE/MCT). I don't have this problem.
I don't understand why he won't give you the password. That password should be unique to you. Personally, I don't know any of my client's passwords and I don't want to. Any administrator who knows their client's passwords has set themselves up for a legal mess.
Anyways. Are you connecting through a VPN?
Hi,
I don't understand this either to be honest but I'm not an expert with exchange (I know nothing about it to be honest).
He needed my password as well so I'm not sure what other password he is on about.
We use VPN but I don't know how this works with windows mobile devices.
Thanks.
LIP
There is not a server specific password with exchange, unless for some reason he has isolated exchange on it's own AD Structure and manually creates usersnames in that domain for your email. I've seen IT guys do weird things, so I never put anything to chance.
Here is something you can do before an upgrade.
Go into activesync, then menu->configure server.
Write down all the options and configured settings.
And pay close attention to the username\domain field in the second screen. If that is the same as what you sign in with at work, then there is not another password.
The only problem I see you running into if it is the same password you normally use, is maybe he did not use a trusted CA for the server's certificate.
If that is the case, you will get the yellow exclamation error saying there is a problem with the server's certificate.
Easy fix for that, go to the server's address on your laptop/desktop, and save the certificate to a file. Then import it on your phone and you should be good to go.
Now in regards to the VPN... You normally do not see a vpn in use unless they allow you to access the resources on the domain from your phone. (Sharepoint, and exch2007 shared folder access for example)
If they are, you would have some additional vpn software installed or are using the built in vpn configuration.
That would be under Start->Settings->Connections. Under "My Work Network" tap "Manage existing connections". At the bottom, tap VPN.
If you see something in here you are using a vpn. If you don't, you probably are not, unless you see some vpn client installed in your programs.
Hope this gives you enough info to give it a try yourself after the next upgrade.
Good luck, and best wishes.
So.. with Nexus One's Activsync integration, there was an option "accept all ssl"
With my incredible, it does not have that option (that I can see).. Therefore with a custom certificate from my company's security team, I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Thoughts? Solutions?
Please move this to appropriate forum if I'm in wrong place. Thanks in advance.
I allowed me to chose SSL. From in your Exchange Active sync do the following:
Menu -> More -> Settings -> Account Settings
Scroll down to below the password or you can close the virtual keyboard and you should see it.
Thanks for your reply..
However, that option just says "This Server requires an encrypted SSL connection"
The old version had an option to accept all SSL Certificates.
This means, a custom signature coming from a very large technology company's, very extensive IT security team, will be accepted in any way shape or form.
Alternatively, if the certificate is "not from a trusted authority", then you get the warning over and over and over and over.. whether you accept it or not.
my company is using a godaddy cert, it works fine. i tried setting it up for a client who has 07 exchange and a cert, but its not a well signed one, it wouldnt work at all. so not that it is the best solution but u could get a godaddy cert for yourself.
iamodogg said:
I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Click to expand...
Click to collapse
What is the warning? Do you know if they have their cert setup correctly?
I'm currently using the Touchdown app and using SSL. I haven't seen any warnings.
Touchdown will work fine. The certificate is obviously custom-built. We are a 60k employee company. They are not going to change the very for the limited android users.
Again, the 2.0 OS had a feature built in that allowed you to choose to accept all certificates.
Thanks for the work around/alternatives. Still hoping for a fix.
-------------------------------------
Sent via the XDA Tapatalk App
i had a clients incredible and it just wouldn't work, they were using a self sign certificate and exchange 07. i tried every setting i could, even after the software update1. yesterday i was determined to get it to work so i searched and searched. It just keep saying it couldnt authenticate. From what I found a couple things could work.
What I did:
I opened the browser and went to the company owa site. https://mail.company.org/owa, then onces there I could log in. I logged in as the user and it asked me to accept the certificate so I did. Then I was able to get into the users box. Then I added the exchange activesync account next and it work with one minor change in the domain field ( i just erased it). Form what I understand the autodiscover service on IIS needs to be running and working. Not 100% sure, but I got it to work so its worth a try.
What I tried, but didnt work:
Several sites said as long as you are connected to the network, but don't have internet then so the setup and it will continue. Then once it is setup then plug the internet back in and it will ask you to accept the cert and u just say yes. the option which you are talking about no longer looks available. Again its worth a try
Hope this helps
Yeah not sure what the OP means by "Custom Cert" as it's either a valid cert from a trusted CA or it's self signed. Nothing in between. I don't know why a company with 60K employees though would not have a valid SSL cert though...
Look at the cert properties and make sure the server name you are using on the phone matches the name on the cert exactly (if you haven't checked that already). This is the "Issued to:" field...
As soon as one uses certificates, it is not possible to use "face recognition, the standard login screen or no security at all". It's forbidden by "admin, security policy or login data".
As I have to use a certificate for my university's wifi, I'm asking whether there is a workaround to change this behaviour?
thanks
Has anyone discovered any tweaks to HTC Sense 4.0 that enable you to set a trusted credential password independent from a phone PIN or password?
In order for me to access the WLAN and email at work, we use software certificate based EAP-TLS. While there are several ROMs that feature modified Exchange support to remove the need for admin rights elevation for the mail profile, I haven't found a way to store my software certificate in the trusted credential cache without setting a phone PIN or password. In older versions of Sense, I was able to set a strong password for the encrypted credential store and use a different security policy for phone unlock. But with Sense 4.0 I am forced to select either PIN or password, neither are ideal for me.
Using the same PIN for the phone and credential storage isn't what I would like as a 4 digit PIN isn't strong enough for the trusted credentials. But there is no way that I want to type in a 12 character mixed case strong password that I would use for the credential storage every time I want to unlock my phone.
Can anyone recommend a ROM that might have the ability to set the security on the trusted credentials and certificates separately? If not, are there any security mods that might let me change the "Lock Phone after" duration to something higher than 15 minutes?
Help!
I'm having issues connecting my work emails to my phone. Our IT department says that android phones don't support the necessary policies to gain access. iPhones can connect no problem. And oddly Samsung Galaxy S3 is an enterprise ready phone it also works. Seeing how the Galaxy S3 works. I assume that the Galaxy Nexus also has the capability to work if I port the email.apk from the S3?
I ask because I want native support. (i.e. calendar sync, contacts, etc...) I'm using k-9 for now just for the emails. Let me know if anyone has any ideas. Thank!!!
Can you explain more? Are you unable to reach the server? Are you sure you have the correct server address? Do you have Active Sync enabled for your account on Exchange? I sync with Exchange 2007 with no problems.
The problem is I keep getting incorrect username password errors. And when I consulted with our IT department they explained to me it wasn't because I inputted anything in wrong. It was because there are certain Microsoft Exchange security policies that android doesn't support natively.
Sent from my Galaxy Nexus using Tapatalk 2
I don't think that's correct. What's the policy they are enforcing that Android doesn't support?
What ver. of Exchange are you on?
Exact Issue I am facing too . My pl can connect via his Iphone 4 but not me... Never it gets connected.
deepayanneogi said:
Exact Issue I am facing too . My pl can connect via his Iphone 4 but not me... Never it gets connected.
Click to expand...
Click to collapse
What version of Exchange? What policy isn't supported?
2010 exchange , Cannot connect simply on giving credentials.
I've never had a problem. Enter my domain\username and password and the server URL which is different from what it defaults to and I'm good.
Edit: Looks like it might be non-provisional devices?
Issue 2.1 - Failures to provision and synchronize with Android OS
Exchange ActiveSync policies can cause provisioning and synchronization to fail when the devices are customized. Devices are not provisioned if a policy that exceeds these limitations is applied to the users of these devices. This issue is discussed in comment 9 from the following post on the Google Android forum:
http://code.google.com/p/android/issues/detail?id=9426
Edit: Maybe get them to create a new policy for you. Should only take them a second.
Another alternative would be to use an app like TouchDown, it would also provide the added bonus of seperating your e-mail from your phone. If a pin is enforced, it's enforced in touchdown, not the whole phone. a remote wipe only kills touchdown, not the whole phone.. etc.
It's a bit pricey, but very worth it.
deepayanneogi said:
2010 exchange , Cannot connect simply on giving credentials.
Click to expand...
Click to collapse
I use exchange 2010 no problem, and I just migrated a customer to exchange 2010 with a mixed iPhone/Android environment. If it's an authentication issue there are a couple of things to try:
-In the username make sure the format is DOMAIN\Username. So if your domain is ABC and your username is jsmith - it would be "ABC\jsmith" without the quotes.
-Make sure the servername is correct (i.e.: is the fqdn that can be resolved from 3G or from Wifi internally/externally - a lot of folks don't setup the correct DNS internally and mail.company.com may resolve to their website or something).
-Try checking/unchecking Use SSL, and Accept all SSL certificates. Using SSL is always best and Exchange 2010 requires it by default if I'm not mistaken, but unless you've got a trusted SSL certificate installed on the server you may have a problem...but nothing that can't be overcome by this.
-I'm assuming your user is allowed to use a mobile device since your IT person is troubleshooting.