Exchange Server Help - Activesync Error 0x85010004 - General Topics

My company standard for pda's is the crackberry. However, I was able to connect to our exchange server with my ATT Tilt. I believe that our IT dept has now enabled some security feature that will not allow my phone to connect to the server anymore.
Using WM 6.1
Any ideas?

it sounds like the server cert is invalid. you can get more information on the error using activesync to set up the server source.
anyway, your it geeks must give you a copy of the server cert (.cer file). They can export it, and you can use activesync to put it onto your device

Thanks for the help. They've now established a "pilot" program for WM6, so I don't know if they'll actually give me a copy of the server cert. I was able to copy the cert that was assigned to my PC and install it on my device, but still no dice. It was installed as an Intermediate and not a root. I don't know if that makes a difference or how/if it can be changed if it does.

Im not sure either. It would take the it geeks about 30 seconds to generate the .cer file. I had the same problem as you, so I exported the certificate from my server, stuck it onto my htc cruise using activesync, then using file explorer, navigated to the .cer file, clicked on it, and it worked.
The certificate I exported was the exact on that was imported to iis.

thanks again.
For some reason the cert from the server is not working. Could you check to see if yours was installed as a root or an intermediate when you get a chance?

This is going to be a HUGE bummer if I have to get a crackberry.

to get the cert:
1) on the server where iis is running, run mmc
2) add the certificate snap-in referencing the local computer.
3) navigate to Personal or Trusted Root certificates (depending if your cert is self-signed or from a CA), find the cert that was used for the iis web service that is running OTA, right click on it, then select export (.der format will be ok).
4) have the it geeks give this file to you.
5) using activesync, move it to you device.
6) using file explorer on the device, navigate to where the .cer file is, then click on it.
7) thats it.

Step 4 is the problem. I don't think I'll get the cert from IT because I'm not part of the pilot program. This was a recent change that required certificates to crack down on renegades like me.
I guess I'll have to wait until they roll out the corporate wide program.
Oh well, Crackberry here I come.
Thanks again for the info.

Does anyone know how an exchange serve tells the difference between remote access from a desktop and remote access from a handheld?

The address is really different. webmail is at www.yourdomain.com/exchange, which over the air activesync is www.yourdomain.com/?something? (im not sure exactly). The ppc activesync program knows what to append to the end of your url to activate the correct application pool on the server.

Related

Emails from exchange (free vista for help!)

Hi
Can sombody let me know how i can get email direct from my exchange server please?
i have an exchange 2003 server at work with OWA and want to recieve emails on the go from it?
Whats the best ways to do this?
If sombody helps me quick i have a Legit unactivated Vista premium they can have the key for as im really deperate for help
Not 100% sure of the ins and outs, but exchange 2003 has to have SP2.
Also, check this http://thelazyadmin.com/index.php?/archives/409-Configuring-Direct-Push.html
Might help!
Good luck!
Hi,
forget the native MS Push, try OLX Mobile Access from www.gangl.de. Been using this since 2005 and had no probs at all. Absolutely recommended !
This really depends how you want to sync your e-mail. If you want Push, you will need to have exhange server 2003 with SP2 install and have WM5 with Push technology. If you just want to download e-mail everytime you connect your device to the internet, you can do it with any version of exchange 2003 and almost any version of windows mobile.
Also, to get e-mail directly fro your exchange server will depends on your server settings. But you will at least require the following informaton:
1) Server address
2) Username (this does not necessary be the same as your e-mail address, it is the actual username that let you log onto exchange server. Usually it will be the same username as your Outlook Web Access for Exchange 2003)
3) Password (for the above username)
4) Domain (this domain is necessary or else your pocket pc will not be able to access the proper location where your e-mail is located)
Once you have all of the above information, you can either set it up on Active Sync on your PC or on your PPC. To do it on PPC, open Active Sync, Menu, Configure Server... enter all of the above information (remember to click SSL encryted if your server is encryted {most likely it will be}). Then go back to Active Sync, Menu, Options... change all of the data that you want to get from exchange server (ie: Contacts, Calendar, etc). Now you are all set. You just need to connect your device to the internet, open Active Sync, click on the Sync button, it will automatically fetch the information from your server. For Push to work, simply leave your internet connect open, go to your Comm Manager, make sure the Push symbol is Green (or On). Your e-mail will automatically be downloaded to your PPC once it arrive to the server. I will not leave Push on if you are using GPRS or HSDPA as e-mail send to your mobile device will not have been SPAM filtered (unless your server admin has the SPAM filter turn on but it is unlikely as this will restriction user control, normally SPAM is filter by client software like Office on PC), so your internet connect charges can ge quite big!
Anyway, hope this will help. Ciao.
Pete
One more note, if you are using Vista, it is about 100 times easier... you just need to have your Microsoft Office Outlook setup to connect to your Exchange server and it will automatically know what settings needed to put onto your pocket PC :O)
And setting it up on Outlook could be quite easy as well if your Exchange Server has auto-configure utilities to download (ie: allow you to download the .prf files for your account profile and you can just import that to Outlook and everything will be automatically setup.). Hope this help and not too too complicated for you.
Pete
Hi folks,
you don't need exchange. Although i have one, i mentioned OLX Mobile Access which also supports MS Outlook without Exchange, it's called OLX Mobile Access Personal. You can download a 30 days trial.
And you should, for this one is really cool. It even supports Outlook Notes !
Setup and configuration is in english, so don't mind the german website.

WM5 - Direct Push - SSL & certificate

Hello,
I would like to have your experience feedbacks about Direct Push and SSL under WM5.
I have my own authority of certification (Windows 2003 Server) and I generated the root certificate and installed this one in the terminal.
But activesync does not function (error 8001014). Lot of articles covers the subject, how to add certificates root, the activesync errors, but nothing goes. I spent already much time on the subject.
Then I decided to contact Microsoft. The answer is surprising: Microsoft use direct push with HTTP and not with https (strange isn't it ?)
Here their answer: "Indeed, we have in-house HTC but we pass in HTTP and not in https… If not, WM5 in SSL functions and all the incidents which I saw relate to WM5 and not WM6 and the resolution were to pass in HTTP "
I have create this post to know if somebody made a success of this exploit or if it is really impossible...
Thanks in advance
PS: Does WM6 works with SSL/Direct Push/Own certificate ?
Anyone Please ?
I am using SSL over WM6 right now. What I did was I renamed my *.crt file to *.cer and then put it into the mobile phone and clicked on it to install the certificate. After that I can use SSL over Exchange.
-TKN
Do you have FormBased Authentication enabled? If so; read this: http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm
And perform option 3. I'm running Exchange 2003 with SLL and Form Based Authentication enabled, and having pushmail.
I am not exactly using Exchange Server but something similar. It is a software by Kerio called Kerio Mail Server. It has push mail features and many other features that exchange lack. Setup is very simpler for me on Kerio than on Exchange but the procedure for setting up Push Mail is very simple: go into your pocket pc, setup the server information and ssl if using it. Then download the certificate from the kerio mail server and rename the file from *.crt to*.cer for windows mobile to be able to install it. Then once it is installed, you can sync and receive mail on pocket pc using push mail. I am not familiar with Form Based Authentication and I think it has no relationship with Push Mail unless you are using it without SSL. I don't think you can use Form Based Authentication since there is only SSL option in the pocket pc. Hope this helps!
-TKN
I don't know what Georgeot uses for mail. I assumed he used Exchange. And with exchange there is a problem with the ActiveSync, FormBased Authentication and SSL on one computer.

Issues with OTA sync; AT&T Kaiser just recently purchased and rom upgraded

Ok I have wrestled with this for 2 days straight.
I had issues with this with my CFO's windows mobile device but at least his was giving me a specific error message.
My Tilt has the latest Dutty ROM upgrade (Dual Touch), I haven't been able to get my exchange server synced OTA.
I run a Exchange 2007 Enterprise environment. Everything on the server side is fine. My OWA url is https://webmail.firethornmobile.net. All I get is waiting on network after 2-15 minutes.
I have soft reset, deleted the PC partnership, taken my connection off of auto and tried both my work connection and isp.
I'm starting to suspect it maybe the ROM upgrade but it was doing the same thing when I first started the phone.
Please help.
OMA enabled?
Do you have the OMA enabled? Do you have the server root CA installed in the tilt (I am assuming you are using secure method for OMA)?
I have flashed Dutty's dual touch v2 and I don't have problem to get emails through OMA services.
Do you ever get the other PDA sync with email before? From the error message, it seems the Activesync in the Tilt can't talk to the exchange (front end) server at all.
Yes on Exchange 2007 OMA is enabled natively. In the middle of seperating data centres from our sister company.
We just got bought by Qualcomm so we never bought a cert from Verisign. I am using a self sign cert from our exchange server ( I have to turn SSL off on the pda side.
This has never worked, I already called Cingular and they said if I can get webmail from gmail and hotmail then it isn't their problem.
I have installed the self signed cert on the handset.
OK, you don't need to install the self-signing cert in the PDA, but you need to install the root cert of the self-signing cert in the PDA.
Usually, a server cert or user cert has a root authority (CA), you need to install the CA cert in the PDA, not the server cert.
If you can install a window server (2000 or 2003), you can enable the certificate authority server and issue your exchange server a server certificate. In this case, you will have your own root certificate. I don't suggest you to use Verisign's certificate because everyone has Verisign's root certificate can try to "play" with your OMA server.
However, the error message is still showing that the Activesync in PDA can't reach to the OMA at all.
BTW, the push email doens't work if it's not on the SSL connection.
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
In that case, you can try to see if you can reach to the OWA from your PDA, if it can, you shall not have network issue.
BTW: the connon name of the server cert must be the same as your public domain name, otherwise, the Activesync will still reject the connection.
Apex i ITR said:
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
Click to expand...
Click to collapse
I agree with the poster above. I have this exact same set up at my company and it does work. The certificate has to be the external name of the exchange server. If this does not match the PDA will never sync. Check your certificate and make sure the FQDN is correct.
I just check your exchange server from the URL you posted above, your OMA and OWA are working, but the certificate's common name is not the same as the public domain name.
Try to re-issue the certificate, it may just work.
Thanks guys. I'll try that.
Webmail does work from the handset. I don't know how I got my CFo's working to be honest if its flaking on the name of the cert but I'll try that and let you know. I was about to hard reset this thing and leave the cooked ROM's alone for a while. Hopefully this resolves it.
From my experience dealing with Acticesync in the PDA, it's very picky of the name of the certificate. I think that's security reason. The Activesync doens't accept certificate that common name doesn't match the public domain name.
When I use the IP address for test, I have to get a certifiate with the IP address as its common. So I believe that's the certificate's problem, not the cooked rom.
I still suggest you to get your own CA and certificate, in that way, you have more control even debugging this problem.
I feel like a moron asking but how the hell do I change the common name.
You can't change an existing certificate, you have to re-issue a new certificate.
I guest you can't do it by the self-siging certificate, but I am not fimiliar with the self-signing certificate. Get a WIN server machine and install the CA server, after that, you can issue a certificate.
Assumeing you have a CA server ready:
1. Request the certificate from exchange server: you will have a chance to enter the common name of this certificate.
2. Generate a certificate from this certificate request from CA server
3. Import the certificate back to the exchange server.
If you can't get a WIN server as CA server, I will need to ask my colleagues about the free CA server he used from the Internet.
My DNS box is a CA server (started the service on that).
I'll try that then (I hard reset and I now I have an error stating I'm not authorized).
I'll let you know if it works. Thanks.
Ok I believe I did it right but I still get tha error (When connect via usb cable) and I still get the waiting for network message.
When you connect to the USB cable, you have to "allow" the Internet access pass through from the Activesync in the PC, otherwise, it won't reach out to the Internet at all.
Try to connect to other web site to see if you have a good internet connection or not.
Some updates. I made sure the cert is the right common name. I noticed that after I install it on the handset it doesn't put the cert in the root tab...only intermediate. I installed the ca server's cert as well (That went into the root tab).
Im leaving ssl checked and now I get 0X80072F17.
incorrect common name
Your common name is still not correct, it shall be "webmail.firethornmobile.net" only, but you put "http://" at the begining and "/owa" at the end, it not correct.
You have to issue the server certificate one more time with "webmail.firethornmobile.net" (without quotes) as the common name.
Also, when I check the Certification path of your certificate, I don't see this certificate is under any root certificate. Properly you need to check your CA (DNS) to see if it's setup properly.
Hey,
Use this site to figure out the errors you are getting on your phone. http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php
Also are you the Exchange Admin? If so enable verbose logging so that you can see what is going on with exchange as the connection comes in.
Also if you want to make sure it is not the cert you can "Enable" SSL on the phone and then reg hack it so that it doesn't check for the cert. this will allow you to see if it is a cert problem.
Let me know if you need any help with that. I"m an Exchange Admin and i work with Active Sync day in and day out.
Tried Fix Suggested on Pocket PC FAQ Site
I think this is ON TOPIC. If not, please advise and I will repost elsewhere.
I flashed my phone with the Dutty Beta 2 Touchflow ROM for Tilt. I am getting the following error and have tried the matched solution from Pocket PC FAQ:
0x80830003 N/A Synchronization failed. If the problem continues, contact your network administrator.
1. The Exchange server is configured to require client certificates.
1. On the Exchange server, launch Internet Services Manager. Right click on the Microsoft-Server-ActiveSync virtual directory and choose Properties. Select the Directory Security tab. Click the Edit button in the Secure Communications section and select the option to “Ignore client certificates.”
I continue to get the same error even after dumping the device through the exchange server.
My System Admin thinks that there is something wrong with the version of ACTIVE SYNC provided in the ROM used to flash the device.
Any thoughts/direction you could point me in or is there any other info you need?? Is th

ActiveSync 4.5 does not support database synchronization

I need to synchronize my Touch Cruise with Microsoft Access on my PC desktop but who develops database (SprintDB, f.e.) writes me:
"there is no way to synchronize database files on Windows Mobile 6 because Microsoft ActiveSync 4.5 does not support database sync"
It is unbelievable, my old pda with Palm OS (no Windows!) was more compatible with Microsoft that this one with Windows Mobile create by microsoft ????
There is some experienced that can help me to resolve this problem?
There's no Pocket Access, so what's the point in syncing it?
Unfortunately with the version 6 of Windows Mobile and 4,5 of Active Sync have disappeared Pocket Access what it converted the files .mdb in to .cdb
ActiveSync 4.1 (or maybe it was 4.0) supports database sync with WM2003. However, WM6 does not have the proper conduits, in fact no version has since WM2003. WM5 can be been hacked to support database syncing. So I assume WM6 can be too. I don't know this alone will do it, you may then have to hack ActiveSync 4.5 to include (if they are indeed excluded) whatever database conduits ActiveSync 4.1 and before have.
These instructions may apply to WM6 also. (Original thread can be found here: http://www.tierramapper.com/forum/viewtopic.php?t=10)
The following steps will enable Windows Mobile 5 devices using Active Sync 4.x to create Pocket Access (.cdb) databases by copying and pasting a PC Access database to an Active Sync connected Pocket PC device.
Microsoft, by default dropped this functionality when upgrading from PPC 2003 to Windows Mobile 5.0. The following will re-enable this feature.
*This procedure is only required for Windows Mobile 5.0 users.
1. Copy the 4 files in the http://www.TierraMapper.com/Downloads/WindowsMobile5PocketAccess.zip file to your Pocket PC in the \Windows directory.
2. Register the adosync.dll. From your Pocket PC, open File Explorer and navigate the \Windows\Regsvrce.exe file. Click on this file and type the full path to the adosync.dll, \Windows\adosync.dll, and click OK.
3. On the desktop, remove the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\~MicrosoftTable
4. Disconnect and reconnect the PPC device before "Pocket Access" sync enabled.
You are now ready to copy an Access database to your Pocket PC and Active Sync will prompt you with the Pocket Access (.cdb) conversion dialog as in PPC 2003.
Click to expand...
Click to collapse
it's problematic when there are so many stronger database applications than Pocket Access such as Borland...
Possibility
Could this be a similar issue for me?
http://forum.xda-developers.com/showthread.php?t=396536&goto=newpost
Thank you.
Thank's Sonus but you write:
"3. On the desktop, remove the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synch ronization\Objects\~MicrosoftTable "
but regretfully the key ~MicrosoftTable doesn't exist in my registries. I only find:
~Appointment
~Contact
~Merlin Mail
~Task
Media
Do I perhaps have to add it instead of removing it?
I have read the forum to the link tierramapper and TierraMa talk only about WM 5. I have WM6 instead.
gianluigicz3 said:
Thank's Sonus but you write:
"3. On the desktop, remove the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synch ronization\Objects\~MicrosoftTable "
but regretfully the key ~MicrosoftTable doesn't exist in my registries. I only find:
~Appointment
~Contact
~Merlin Mail
~Task
Media
Do I perhaps have to add it instead of removing it?
I have read the forum to the link tierramapper and TierraMa talk only about WM 5. I have WM6 instead.
Click to expand...
Click to collapse
Hmmm, that's interesting. I have the ~MicrosoftTable entry in my PC's registry. Don't create the entry though. Instead try following steps 1 and 2, make sure that the "Convert files when synchronized, copied, or moved" box is checked in ActiveSync "Tools>Advanced Tools>Edit File Conversion Settings..." and then copy an MS Access database file (*.mdb file) to your Touch Cruise using activesync. Report back to us as to whether or not you then get prompted to setup a database sync.
sonus said:
.........try following steps 1 and 2, make sure that the "Convert files when synchronized, copied, or moved" box is checked in ActiveSync "Tools>Advanced Tools>Edit File Conversion Settings..." and then copy an MS Access database file (*.mdb file) to your Touch Cruise using activesync. Report back to us as to whether or not you then get prompted to setup a database sync.
Click to expand...
Click to collapse
In order:
1. I have performed the points 1 and 2 correctly on device;
2. i have just flagged the "convert files" in "acive sync 4.5 build 5096;
3. in tools of Active Sync, for "microsoft Office Access Application" in the setting folder "conversione from PC to device" i see: type of file of PC = .mdb, type of file of device = .mdb (i try to modify in .cdb but it is no possible!);
4. with right click in setting icon "file" in Active Sync i added a sample of .mdb file microsoft access 2000/2003;
5. i can see this file in folder "C:\Documents and Settings\battocch\My Documents\HTC_P3650 My Documents\" on my desktop PC with XP;
6. i syncronize PC and device;
7. after syncronisation i see again the file .mdb in personal folder of PC but there is not anything in the device.
I try even to reinstall Active Sync but nothung it is changed.
Step 3 is the issue. Earlier versions of ActiveSync would allow for a conversion of mdb to cdb when copying database files. This would then allow for a sync relationship. My guess would be to try an earlier version of ActiveSync (4.1 or earlier)...
I haven't used it but Handbase appears to sync with access:
http://www.ddhsoftware.com/handbase.html
gianluigicz3 said:
I need to synchronize my Touch Cruise with Microsoft Access on my PC desktop but who develops database (SprintDB, f.e.) writes me:
"there is no way to synchronize database files on Windows Mobile 6 because Microsoft ActiveSync 4.5 does not support database sync"
It is unbelievable, my old pda with Palm OS (no Windows!) was more compatible with Microsoft that this one with Windows Mobile create by microsoft ????
There is some experienced that can help me to resolve this problem?
Click to expand...
Click to collapse

ISP setup file

I remember back in the days when internet was accessed at 33kbps speeds (sorry.. old skool guy here) we used to use ini files in our installation package to set customers' email, proxy etc settings. In Windows there even used to be a file type of "ISP settings" or something similar that you could only right click and install new settings.
Now I'm facing the same situation. Doing my own client I need a way to automatically set up remote Androids to use certain IMAP email server, CardDAV, CalDAV etc. Does there exist any format of file, MMS message or set of commands to do it?
pkuronen said:
I remember back in the days when internet was accessed at 33kbps speeds (sorry.. old skool guy here) we used to use ini files in our installation package to set customers' email, proxy etc settings. In Windows there even used to be a file type of "ISP settings" or something similar that you could only right click and install new settings.
Now I'm facing the same situation. Doing my own client I need a way to automatically set up remote Androids to use certain IMAP email server, CardDAV, CalDAV etc. Does there exist any format of file, MMS message or set of commands to do it?
Click to expand...
Click to collapse
I don't think so you should look into a MDM system for android, I think that your best chance honestly. or find an app or company that allow push settings for network admins.

Categories

Resources