There is a simple workaround on rooted phones for the Exchange security policy without having to replace the original mail app. I also posted this in the Android 2.2 Email.apk - Bypassing Exchange security policy - APK Attached thread in the Evo forum and am making a new thread here in case people have missed this very simple workaround. I am using it on an account on a Exchange 2007 server and I believe Exchange 2003 works as well. I heard from one person who did not have good results with Exchange 2010. All exchange functions work fine without any issues. I am using the stock email app so this only applies to the stock email app that forces a password security policy.
I am using an app called Autostarts found in the market (less than a dollar - I am not the developer) that allows disabling the exchange policy on restart. The setting can be found under Device Admin Enabled. Make sure you are in USB Debugging Mode before disabling the policy.
If you already have an Exchange account set up yet:
Install Autostarts from the Android Market and run. Find and click the Device Admin Enabled entry and press Mail (Exchange security policies) and select Disable (acknowledge the warning about disabling a system component). Close Autostarts and reboot the phone. After restart, change your screen lock under security to whatever you want (None, Pattern, or PIN).
If you don't have an Exchange account set up yet:
Install Autostarts from the Android Market then set up your Exchange account and let Exchange force the password policy. After the exchange setup is completed, run Autostarts and find and click the Device Admin Enabled entry and press Mail (Exchange security policies) and select Disable (acknowledge the warning about disabling a system component). Close Autostarts and reboot the phone. After restart, change your screen lock under security to whatever you want (None, Pattern, or PIN).
Is there any freeware tools?
Hi,
Thanks for posting. Is there any freeware tools available for this purpose??
Thanks
I just installed the program and then realized you need to have your phone rooted. How would I do that and what are the effects of rooting the phone? This is the easiest option I have seen so far depending on what has to be done to the phone to make it work.
It would also be nice to shut down all those horrible programs that keep restarting that I never use.
Thanks
Works on 3.70 kernel Fresh ROM 3.5.0.1
I am running fresh 3.5.0.1 on my HTC Evo and this method worked for removing the Exchange security pin requirement. My company uses Exchange 2007.
UPDATE:
My phone started prompting me that my server requires the security profile. It won't refresh the email account unless I turn it back on.
thanks for the awesome work!!
forceOnature said:
I am running fresh 3.5.0.1 on my HTC Evo and this method worked for removing the Exchange security pin requirement. My company uses Exchange 2007.
UPDATE:
My phone started prompting me that my server requires the security profile. It won't refresh the email account unless I turn it back on.
Click to expand...
Click to collapse
I also started getting the warning after upgrading to roms based on 3.70. The workaround still works for those on the earlier roms. I'll see if there is any other graceful way around it.
Sent from my EVO using XDA App
I don't see the Device Admin Enabled entry in AutoStarts. Am I missing something? I've enabled the USB debugging and I'm running a rooted Captivate/Galaxy S.
Thanks,
Landon
I don't know if it's part of the HTC sense or android framework.
Sent from my Evo using XDA App
This isn't a good solution...although you can disable the remote admin, the corporate exchange account alerts you that "security policy needs to be updated"...thus you can't check emails...
So after posting I got off the stock ATT rom and installed the Cognition 2.3 rom. Everything was great after that and worked like a champ. I just tried upgrading to Cognition 3.0 and the fix here broke again. I'd rather stay archaic and not have that dang password than run the latest and greatest and have to deal with it. When you guys are saying your running 3.5 and 3.7 what are you referring to?
Thanks,
Landon.
I knew I should have waited before posting...
I reinstalled Cognition 3.0 on my Captivate and tried the email.apk here.
http://forum.xda-developers.com/showthread.php?t=729753
Worked great again and didn't need autostarts. Woohoo!
Landon.
Loophole closed?
It would *appear* that Google closed this loophole, perhaps in Gingerbread? I just tried the latest MIUI and WarmZ ROMs (both of which are GB based, AFAIK). While this still enables the option to change from PIN to pattern or none under security, as soon as the next sync I am re-prompted about the policy, and if I accept it re-enables the setting in autostarts. I switched back to IncROM which is 2.2 and this procedure still works. If this loophole was indeed closed I am so bummed. I'd rather forgo using Exchange entirely than put up with a freaking 8-digit PIN every 15 minutes. And I can't seem to find a Mail.apk for Sense that has been modded to bypass this stringent policy. Blackberry users on the same Exchange server don't have to unlock their phone all day long, so why does Android's default behavior require this?
(I'm on an HTC Incredible)
+1. Agree with Stretch2m.
Really annoying have to enter pin code every 5 minutes or so. Especially when I'm in a hurry to access e-mail or other stuff...
Anyone out there who can assist with GB 2.3.3
Please help!
I am on an Epic with Syndicate frozen 1.1.0.... i enabled corporate exchange sync and it made me install the pin lock - which i want to disable...
Please can you post - NOOB version of the directions and also if anyone knows if this works on Epic with this custom ROM.
THANKS!
Related
Firstly I take no responsibility for issues caused by this "fix". A nandroid backup is always recommended. It has been tested with MCR r4 WIP and Exchange 2010, no other roms have been tested.
Since FRF91 2.2 has been released a number of people have had difficulty connecting HTC Mail/Stock Email to Exchange Active-Sync. Like a number of organisations using Exchange we have the security options set to "accept client certificates". It seems since FRF91 has been released this setting stops phones without certificates from connecting with a username & password.
The fix is a new libnativehelper.so installed in /system/lib I personally have no idea what the file does or doesn't do, it appears that its been built from source in order to fix this problem!
All credits to grennis. If you wish to read further into the fixes technical details, see here.
How to install attached zip (this is not an update zip):
1. Extract the zip someplace handy
2. Boot your phone into your preferred recovery
3. Run 'adb shell' (this gives you a shell on the phone)
4. Run 'mount /system' (allows writes to the system volume)
5. Run 'cd /system/lib' (enter the system lib directory)
6. Run 'cp libnativehelper.so libnativehelper.so.orig' (make a backup of the original file)
7. Close the ADB shell
8. On your PC, run 'adb push libnativehelper.so /system/lib' (copies the patched file to the phone). This should return a message similar to '1138 KB/s (202976 bytes in 0.174s)'.
9. Reboot the phone
Finally if someone wishes to provide an update zip I will be more than happy to add it to the original post. I however don't have the tools here right now.
Great job! Does this fix also sorts the "This server requires security features your phone does not have" issue? (that enables the pin code for exchange policy)
masi0 said:
Great job! Does this fix also sorts the "This server requires security features your phone does not have" issue? (that enables the pin code for exchange policy)
Click to expand...
Click to collapse
I would like to know this as well.
I only get it to work with HTC Sence ROMs, but they are not stable enough. DJ Droid has performance hickups. I want to go with OpenDesire1.6b and test this fix.
When I do, I'll let you know.
xf0rz said:
I would like to know this as well.
I only get it to work with HTC Sence ROMs, but they are not stable enough. DJ Droid has performance hickups. I want to go with OpenDesire1.6b and test this fix.
When I do, I'll let you know.
Click to expand...
Click to collapse
Thanks mate!
Well I hope this helps in some way, it was just research on my part not the actual fix. I was specifically looking for a fix for my above issue.
xf0rz said:
I would like to know this as well.
I only get it to work with HTC Sence ROMs, but they are not stable enough. DJ Droid has performance hickups. I want to go with OpenDesire1.6b and test this fix.
When I do, I'll let you know.
Click to expand...
Click to collapse
Tested it with OpenDesire 2.0, didn't change it.
Too bad....have to go HTC Sence ROM.
This fix only disables part of the SSL code so it can connect to servers with optional client certificates. It won't effect any of the policy options.
ritdaw said:
This fix only disables part of the SSL code so it can connect to servers with optional client certificates. It won't effect any of the policy options.
Click to expand...
Click to collapse
So this does not enable the pin?
I hate the interface of touchdown (and having to pay for exchange functionality )
tested this fix with a few roms and none of them works.. been not able to connect to my company exchange since hero and legend with htc stock mail..
im using moxier mail now .. and thats the only app i can use to connect to my company exchange mail..
So I was messing around with settings.db - hoping i could enable PIN Lock from Exchange - yes I want a PIN and no none of the 3rd party tools work correctly.
Anyway - I caused the phone to come up and ask for a password, I put in the wrong thing 3 times and it erased my data - all my 3rd party apps gone, but stuff installed via update.zip (Frameworkres, Root, and Voodoo stayed - although Voodoo scared me when it started talking and re-applying itself).
Anyway, all is back and running, but i have a default wall paper that is not in the gallery of built in wallpapers. Does any know where this came from? I have not themeing apps installed prior to the wipe..... Running JH7 that was installed from Stock JH6.
Don't know, but I want it!!!
I believe it came with Cognition.
alphadog00 said:
So I was messing around with settings.db - hoping i could enable PIN Lock from Exchange - yes I want a PIN and no none of the 3rd party tools work correctly.
Click to expand...
Click to collapse
PIN policy comes from Exchange server. If your exchange server doesn't require it, there is no way to enable it because it is not part of Android system. Even if you do get a PIN, there is no way to change it anywhere later on. It's a bad implementation in Samsung's exchange email client. Actually, the leaked document from Verizon list this as a critical bug. Imagine your Windows desktop ask you to setup a password but won't ever let you change it.
Stock firmware is JF6, not JH6.
That wallpaper is the stock Cognition wallpaper.
You can find it here
http://www.zedge.net/wallpapers/6080248/rain-designs-hd-wallpaper/?pos=5&search=rain
I never installed cognition but i did install the battery mod framework-res that is packaged in it. The wallpaper must be in there; but the wallpaper chooser doesn't see it.
As for pin lock, i have it on moto android phones so i was hopimg a simple props change would expose it. I guess i have to wait on froyo. Why it is not stock 2.1 i will never know.
Can someone with the technical know-how post a link to some of the gingerbread apps.
In particular, I am interested in the email app.
thanks,
bob
At least the 2.3 email.apk is (ALSO) missing the > Next and < Previous buttons!
like many other email.apk 's.
If you install the Android SDK you can install Gingerbread (2.3) yourself very easy and start an Android Virtual Device, a full graphical emulation of an Android device running the latest software. Very nice to see and test, and functionality is excellent.
Bump
Sent from my PC36100 using XDA App
I also would like the new email.apk but for a more specific reason... it includes EAS (exchange activesync) functionalities that allow 2.3 gingerbread to connect to an exchange 2010 server that has applied the SP1 service pack.
as of yet, the email.apk included up to 2.2 has not worked with the new EAS features. I loaded up an emulator and have verified that gingerbread email.apk DOES in fact work with our exchange server, but I don't know how to pull this specific email.apk
I used to use ES file explorer to pull apks but on gingerbread ES file explorer FC's.
someone link it and you'll be my hee-row
infotechsailor said:
I also would like the new email.apk but for a more specific reason... it includes EAS (exchange activesync) functionalities that allow 2.3 gingerbread to connect to an exchange 2010 server that has applied the SP1 service pack.
as of yet, the email.apk included up to 2.2 has not worked with the new EAS features. I loaded up an emulator and have verified that gingerbread email.apk DOES in fact work with our exchange server, but I don't know how to pull this specific email.apk
I used to use ES file explorer to pull apks but on gingerbread ES file explorer FC's.
someone link it and you'll be my hee-row
Click to expand...
Click to collapse
I haven't had a chance to test this in any other Exchange environments, but I did manage to get my Droid on 2.2 (no, not 2.2.1, so the Exchange fixes had not yet gone into place) our Exchange 2010 (SP1) without having to modify or replace my email.apk. I simply had to go to Settings > Location & Security > Set up screen lock > PIN and enforce a 7-digit pin to unlock my Droid. I was then able to setup my mail profile. Once it was setup, I disabled the PIN requirement, and everything still worked fine.
I work in IT, and I know our sysadmins pretty well. They were actively working on getting Android devices on Exchange 2010 at the time, so they may have put in a fix that made my own fix a pure coincidence. Still, the problem with older email.apk apps not working seems to be directly related to policy requirements on Exchange 2010 that didn't exist in previous versions of Exchange. My theory is that the new policy checks for certain security settings and that enforcing a PIN to unlock the phone somehow satisfies this policy requirement.
As I said, this may not work for you, and it may be a coincidence on my part. I'm quite curious if this fix works for you so I can advertise this to our end users when we migrate the rest of our faculty and staff (I work at a university) to Exchange 2010.
pekka91166 said:
At least the 2.3 email.apk is (ALSO) missing the > Next and < Previous buttons!
like many other email.apk 's.
If you install the Android SDK you can install Gingerbread (2.3) yourself very easy and start an Android Virtual Device, a full graphical emulation of an Android device running the latest software. Very nice to see and test, and functionality is excellent.
Click to expand...
Click to collapse
I have also noticed that Email 2.3 also breaks my ability to use the camera as a video recorder... can anyone else confirm this?
I am in need for some despirate help! Let me start first with the problem. I am running CM6.1.1 and am unable to connect to my exchange email. When I fill the appropriate boxes with the correct information, I get an error saying:
"Setup could not finish
This server requires security features your phone does not support"
So my question is what security features is the evo missing? I was able to set up my exchange email without any problems on sense roms.
So now here is what I have done to trouble shoot and alleviate this problem. I have checked both boxes on the setup page "use secure connection" and "accept all SSL certificates" still no go. I have installed numerous different versions including a 2.1 version, 2.2 version, and then 3-4 versions with the security bypass. Still nothin. I have also tried improved email from the market, and you guessed it. Still nothin. lol I just want the stock email app to work for me. I don't mind the security features that come along with exchange either as long as it works.
I was using the trial version of touchdown for a while.. It worked. But I didn't really like the app and I don't want to pay 20 bucks for an email app.
So now Im going for the hail mary... One last try to find someone that may have the answer I'm looking for! Do any of you fellow friends out there know of a possible fix?
By the way I am on exchange 2007.
Thanks for reading!!
this is a known error with googles AOSP mail app which CM, MIUI and any other AOSP based ROM uses. currently only sense ROM's (I recommend MYN's,Calks,Fresh) mail app works with additional security features. My suggestion is to either download an app like touchdown (paid) or NAND your CM setup and flash any of those SENSE roms and wait for 2.3 to come out which i believe will work better with secure exchange environments
wrapkgb said:
I am in need for some despirate help! Let me start first with the problem. I am running CM6.1.1 and am unable to connect to my exchange email. When I fill the appropriate boxes with the correct information, I get an error saying:
"Setup could not finish
This server requires security features your phone does not support"
So my question is what security features is the evo missing? I was able to set up my exchange email without any problems on sense roms.
So now here is what I have done to trouble shoot and alleviate this problem. I have checked both boxes on the setup page "use secure connection" and "accept all SSL certificates" still no go. I have installed numerous different versions including a 2.1 version, 2.2 version, and then 3-4 versions with the security bypass. Still nothin. I have also tried improved email from the market, and you guessed it. Still nothin. lol I just want the stock email app to work for me. I don't mind the security features that come along with exchange either as long as it works.
I was using the trial version of touchdown for a while.. It worked. But I didn't really like the app and I don't want to pay 20 bucks for an email app.
So now Im going for the hail mary... One last try to find someone that may have the answer I'm looking for! Do any of you fellow friends out there know of a possible fix?
By the way I am on exchange 2007.
Thanks for reading!!
Click to expand...
Click to collapse
That's what I was afraid of... I don't think I could bear going back to a sense based rom lol... I've been running cm since before 6.1. Im just getting tired of logging online to check my mail! well it looks like ill have to live with it for a little while longer. Thanks for the reply!
no problem, you can't go wrong with Myn, calk or any of the well supported sense roms and you might actually like it the horrors
wrapkgb said:
That's what I was afraid of... I don't think I could bear going back to a sense based rom lol... I've been running cm since before 6.1. Im just getting tired of logging online to check my mail! well it looks like ill have to live with it for a little while longer. Thanks for the reply!
Click to expand...
Click to collapse
did you try typing outlook. whatever your site is named plus add you domain. it works for me, but the yahoo won't work
Out of the blue my bro calls me asking my why I am peddling viagra. He tells me that I have a virus which i vehemently deny. I logged into my email which I havent had the chance to for over a week and discovered a sent items entry for the email in question.
Befuddled by the event and the fact that I hardly ever send email from this account I retraced every remembrance of providing the username/password for the account. It occured to me that the only time in the last month that I have used that username/password was when messing with my phone.
In particular, i spent the day trying out a few roms to see how the latest updates compared aesthetically. I started with CoreDroid then moved to CM7, MIUI, Android Revolution, RCMixHD then back to CoreDroid. In every instance I setup the market, downloaded Antivirus and Advanced Task Killer but left the rest of the installation as-is.
Any of the ROMs may be suspect (or some hacker/system waited until today to use stolen credentials to send SPAM? Unlikely).
Back to the reason I started this post... has anyone else experience this type of account breach while using any of the above ROMs or any ROM in general? This might have been part of some apk that was packaged into a ROM. Or could it be that while providing credentials to the Android OS during initial setup someone was able to intercept them on the way to google? I would hope the latter is not possible but I have not setup a sniffer to see what is sent over the network during initial setup.
This whole situation is enough to put me off custom ROMs.