Problem with setting up OWA on Wp7 - Windows Phone 7 Q&A, Help & Troubleshooting

Hi Guys,
I have a problem and was hoping someone has a work around for, I want to set up my work email on Wp7 using owa. I go though all the setting no problem but the get the following error
Update The data and time on your phone and try connecting again
Error Code 80072F05
After some investigation I discovered this was down to the security cert being used on the Exchange server being out of date, however after speaking to the IT support team they've informed me they have no current plans to update this cert anytime soon
My question is on the iphone and Android they have the options to ignore the cert which I notice MS have decided not to allow (presume to get more cash no doubt) but is there some way of hacking the registry to disable this in anyway.
Or is there another way to connect to an exchange server which not aware of
really hope someone can help

wish sb. can solve it。。

first... your IT staff is super fail! It is cheap to get SSL certs. more fail is that if they don't want to update the cert they should shut off phone and web access.
but the fix for sending you username and passed that anyone could steal would be uncheck:
"serer requires encrypted (SLL) connection."
owa is outlook WEB access - while phone access uses iis.. it isn't the same thing

Related

Issues with OTA sync; AT&T Kaiser just recently purchased and rom upgraded

Ok I have wrestled with this for 2 days straight.
I had issues with this with my CFO's windows mobile device but at least his was giving me a specific error message.
My Tilt has the latest Dutty ROM upgrade (Dual Touch), I haven't been able to get my exchange server synced OTA.
I run a Exchange 2007 Enterprise environment. Everything on the server side is fine. My OWA url is https://webmail.firethornmobile.net. All I get is waiting on network after 2-15 minutes.
I have soft reset, deleted the PC partnership, taken my connection off of auto and tried both my work connection and isp.
I'm starting to suspect it maybe the ROM upgrade but it was doing the same thing when I first started the phone.
Please help.
OMA enabled?
Do you have the OMA enabled? Do you have the server root CA installed in the tilt (I am assuming you are using secure method for OMA)?
I have flashed Dutty's dual touch v2 and I don't have problem to get emails through OMA services.
Do you ever get the other PDA sync with email before? From the error message, it seems the Activesync in the Tilt can't talk to the exchange (front end) server at all.
Yes on Exchange 2007 OMA is enabled natively. In the middle of seperating data centres from our sister company.
We just got bought by Qualcomm so we never bought a cert from Verisign. I am using a self sign cert from our exchange server ( I have to turn SSL off on the pda side.
This has never worked, I already called Cingular and they said if I can get webmail from gmail and hotmail then it isn't their problem.
I have installed the self signed cert on the handset.
OK, you don't need to install the self-signing cert in the PDA, but you need to install the root cert of the self-signing cert in the PDA.
Usually, a server cert or user cert has a root authority (CA), you need to install the CA cert in the PDA, not the server cert.
If you can install a window server (2000 or 2003), you can enable the certificate authority server and issue your exchange server a server certificate. In this case, you will have your own root certificate. I don't suggest you to use Verisign's certificate because everyone has Verisign's root certificate can try to "play" with your OMA server.
However, the error message is still showing that the Activesync in PDA can't reach to the OMA at all.
BTW, the push email doens't work if it's not on the SSL connection.
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
In that case, you can try to see if you can reach to the OWA from your PDA, if it can, you shall not have network issue.
BTW: the connon name of the server cert must be the same as your public domain name, otherwise, the Activesync will still reject the connection.
Apex i ITR said:
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
Click to expand...
Click to collapse
I agree with the poster above. I have this exact same set up at my company and it does work. The certificate has to be the external name of the exchange server. If this does not match the PDA will never sync. Check your certificate and make sure the FQDN is correct.
I just check your exchange server from the URL you posted above, your OMA and OWA are working, but the certificate's common name is not the same as the public domain name.
Try to re-issue the certificate, it may just work.
Thanks guys. I'll try that.
Webmail does work from the handset. I don't know how I got my CFo's working to be honest if its flaking on the name of the cert but I'll try that and let you know. I was about to hard reset this thing and leave the cooked ROM's alone for a while. Hopefully this resolves it.
From my experience dealing with Acticesync in the PDA, it's very picky of the name of the certificate. I think that's security reason. The Activesync doens't accept certificate that common name doesn't match the public domain name.
When I use the IP address for test, I have to get a certifiate with the IP address as its common. So I believe that's the certificate's problem, not the cooked rom.
I still suggest you to get your own CA and certificate, in that way, you have more control even debugging this problem.
I feel like a moron asking but how the hell do I change the common name.
You can't change an existing certificate, you have to re-issue a new certificate.
I guest you can't do it by the self-siging certificate, but I am not fimiliar with the self-signing certificate. Get a WIN server machine and install the CA server, after that, you can issue a certificate.
Assumeing you have a CA server ready:
1. Request the certificate from exchange server: you will have a chance to enter the common name of this certificate.
2. Generate a certificate from this certificate request from CA server
3. Import the certificate back to the exchange server.
If you can't get a WIN server as CA server, I will need to ask my colleagues about the free CA server he used from the Internet.
My DNS box is a CA server (started the service on that).
I'll try that then (I hard reset and I now I have an error stating I'm not authorized).
I'll let you know if it works. Thanks.
Ok I believe I did it right but I still get tha error (When connect via usb cable) and I still get the waiting for network message.
When you connect to the USB cable, you have to "allow" the Internet access pass through from the Activesync in the PC, otherwise, it won't reach out to the Internet at all.
Try to connect to other web site to see if you have a good internet connection or not.
Some updates. I made sure the cert is the right common name. I noticed that after I install it on the handset it doesn't put the cert in the root tab...only intermediate. I installed the ca server's cert as well (That went into the root tab).
Im leaving ssl checked and now I get 0X80072F17.
incorrect common name
Your common name is still not correct, it shall be "webmail.firethornmobile.net" only, but you put "http://" at the begining and "/owa" at the end, it not correct.
You have to issue the server certificate one more time with "webmail.firethornmobile.net" (without quotes) as the common name.
Also, when I check the Certification path of your certificate, I don't see this certificate is under any root certificate. Properly you need to check your CA (DNS) to see if it's setup properly.
Hey,
Use this site to figure out the errors you are getting on your phone. http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php
Also are you the Exchange Admin? If so enable verbose logging so that you can see what is going on with exchange as the connection comes in.
Also if you want to make sure it is not the cert you can "Enable" SSL on the phone and then reg hack it so that it doesn't check for the cert. this will allow you to see if it is a cert problem.
Let me know if you need any help with that. I"m an Exchange Admin and i work with Active Sync day in and day out.
Tried Fix Suggested on Pocket PC FAQ Site
I think this is ON TOPIC. If not, please advise and I will repost elsewhere.
I flashed my phone with the Dutty Beta 2 Touchflow ROM for Tilt. I am getting the following error and have tried the matched solution from Pocket PC FAQ:
0x80830003 N/A Synchronization failed. If the problem continues, contact your network administrator.
1. The Exchange server is configured to require client certificates.
1. On the Exchange server, launch Internet Services Manager. Right click on the Microsoft-Server-ActiveSync virtual directory and choose Properties. Select the Directory Security tab. Click the Edit button in the Secure Communications section and select the option to “Ignore client certificates.”
I continue to get the same error even after dumping the device through the exchange server.
My System Admin thinks that there is something wrong with the version of ACTIVE SYNC provided in the ROM used to flash the device.
Any thoughts/direction you could point me in or is there any other info you need?? Is th

Enterprise Activation On Andriod

Let me first apologize if this is a question which has been discussed at length in another area.
My company currently uses blackberrys with an enterprise exchange e-mail system (i suppose that is called BES with blackberrys, no?). Anyway, on my old blackberry, all I had to do was put in my corporate e-mail and an enterprise activation password. From there the setup would do the rest. Is there any way to get my new MyTouch phone to get hooked into the system the same way my blackberry was? Cost is irrelevant, I just want to find a solution.
I have looked at software options (i.e. touchdown, and the work email program) with no luck.
Thanks for any help the community could offer!
-Ryan
Sorry I got no answer, but this is ment to be posted in the general discussion:
http://forum.xda-developers.com/forumdisplay.php?f=492
Reported
BES servers users BES accounts and they link are like this:
Blackberry <-> BES <-> Exchange
In Android, iPhone or Windows Mobile, you need your NT IAccount credentials as you communicate directly throw your phone to the Exchange server, like this:
Device <-> Exchange
So, probably what you need is:
-Name of the server (sometimes is the OWA(Outlook Web Access) address)
-Credentials (Sometimes is needed to have in your NT Account credentials for that, in the company I'm, we call it Active Sync Access).
-Username, Network login (NT ID)
-Domain
-Password
And... yeahhh this is general!!!
ral34c said:
Let me first apologize if this is a question which has been discussed at length in another area.
My company currently uses blackberrys with an enterprise exchange e-mail system (i suppose that is called BES with blackberrys, no?). Anyway, on my old blackberry, all I had to do was put in my corporate e-mail and an enterprise activation password. From there the setup would do the rest. Is there any way to get my new MyTouch phone to get hooked into the system the same way my blackberry was? Cost is irrelevant, I just want to find a solution.
I have looked at software options (i.e. touchdown, and the work email program) with no luck.
Thanks for any help the community could offer!
-Ryan
Click to expand...
Click to collapse
Interesting.. so I believe I have everything outside the credentials part. If I have my old blackberry and my work laptop, can I obtain all the information to set up the MyTouch? If so, do you know how?
Thanks a bunch!
-Ryan
Ryan, what I tried to explain to you is that the BES (Blackberry Enterprise Server) account, you can only use to your Blackberry. Any of the information there, except the e-mail address you'll use to configure your exchange account in an Android phone.
There's also other issue, not all exchange accounts will be working with the normal exchange e-mail feature on the Android, the to the security policies of some companies.
I can help you configure that, no prob man.. This is the list of things that you need to ask your IT department on your company:
- Username
- Password (will be the same as your e-mail)
- Domain
- Server address (in some cases are the same as the webmail address (OWA - Outlook Web Access).
P.S.: Ask them if this access force security features on your phone. If it does, Android phones haven't passwords to unlock and won't match the requirements for having this feature on your phone. You'll need to download a program for that (I don't remember what was that, but in the general section, you'll find as other person indicated me).
And you'll be set...
My best regards,
R
you need to also make sure that on your exchange account, they have Microsoft Activesync enabled on your account in order to allow mobile devices other than blackberry's can access corporate emails. you need to ask your admin on this part.
djchiena said:
you need to also make sure that on your exchange account, they have Microsoft Activesync enabled on your account in order to allow mobile devices other than blackberry's can access corporate emails. you need to ask your admin on this part.
Click to expand...
Click to collapse
It was already mentioned before

[Q] Exchange Account

Hello,
first time Android user here. I know people in my company that use Android phones and I was told that anything over 2.1 would work for our exchange. When I try to set up the account, it tells me that the server requires security features the phone doesn't have. No one at my IT department, TMO support, Samsung Support, or anyone else could get it working. I know it has something to do with the password protection and remote wipe security that my companies exchange server requires. Can someone help me or will i have to go back to the blackberry ? I don't want to go back to that berry.
Try installing K9 and see if it works with your company's exchange system.
bsage said:
Hello,
first time Android user here. I know people in my company that use Android phones and I was told that anything over 2.1 would work for our exchange. When I try to set up the account, it tells me that the server requires security features the phone doesn't have. No one at my IT department, TMO support, Samsung Support, or anyone else could get it working. I know it has something to do with the password protection and remote wipe security that my companies exchange server requires. Can someone help me or will i have to go back to the blackberry ? I don't want to go back to that berry.
Click to expand...
Click to collapse
Touchdown works well with exchange as well (although it's not free). There is a free trial.
I was using touchdown untill android 2.2 came out then it started supporting remote wipe.
http://developer.android.com/sdk/android-2.2-highlights.html
Once you setup your phone it should force you to password lock it from the home screen. Don't know what else they would require other than remote wipe in the event you left the company. I need to make sure I use ssl as well.
Could be a problem with the SSL cert
I use exchange with no problems on all my android projects.
I still have not gotten this to work. N1kkI6, that is exactly what i need on this. I would assume that 2.3 would have this if 2.2 has it right?
from the link you provided:
Exchange support
Improved security with the addition of numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devices.
Remote wipe: Exchange administrators can remotely reset the device to factory defaults to secure data in case device is lost or stolen.
Exchange Calendars are now supported in the Calendar application.
Auto-discovery: you just need to know your user-name and password to easily set up and sync an Exchange account (available for Exchange 2007 and higher).
Global Address Lists look-up is now available in the Email application, enabling users to auto-complete recipient names from the directory.
bsage said:
I still have not gotten this to work. N1kkI6, that is exactly what i need on this. I would assume that 2.3 would have this if 2.2 has it right?
from the link you provided:
Exchange support
Improved security with the addition of numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devices.
Remote wipe: Exchange administrators can remotely reset the device to factory defaults to secure data in case device is lost or stolen.
Exchange Calendars are now supported in the Calendar application.
Auto-discovery: you just need to know your user-name and password to easily set up and sync an Exchange account (available for Exchange 2007 and higher).
Global Address Lists look-up is now available in the Email application, enabling users to auto-complete recipient names from the directory.
Click to expand...
Click to collapse
It should work fine. It could possibly be ssl certificate related, or maybe they don't have ActiveSync enabled on your account.. who knows. What sort of error do you get if any? I use Android on Exchange. Is it Exchange 2003/2007/2010?
PLEASE - HELP TESTING on exchange account - birthday
i know, that the nexus have some small problems on using excahnge account
(bday, aniversary, etc..)
i would like to fix it, but therefore i need YOUR HELP !
i would need to see, how the nexus send the birthday to exchange server.
if someone wants to test an exchange account - please send me a PM, and i will create an exchange account on my server, so that i can see how nexus send it.
(maybe you have skype or icq, please add it on the PM)
thanks cu camel

The exchange ActiveSync server requires security features your phone does not support

Hello all,
I bought my Transformer last week. I've already installed 3.1 on my tablet. I tried to add my exchange account to the stock e-mail client, using a manual setup (in both versions). For some reason however I don't seem to be able to connect to our Exchange server. The error message that I'm getting is: The exchange ActiveSync server requires security features your phone does not support.
I know this was a problem with older versions of Android. But starting with 2.2 these issues should have been solved. Also, some colleagues of mine own 2.2 and 2.3 devices. And they can connect to our Exchange Server without any problems. Unfortunately I can't with my brandnew Transformer .
I've installed Touchdown for Tablets. This app has no problems whatsoever. But I'd much rather use the stock e-mail client, because it lets me read my mail from all my e-mail accounts in one tool.
The security policies Touchdown lists as being requested from our Exchange server are the following:
allow simple password: No
Password/PIN required
Failed Attempts 8
Min Length 4
Timeout 600 sec.
Password recovery
Oh - and an odd thing is that in Touchdown I have to put in my pincode. Could they're be a problem with exchange not recognizing the "pincode" setting in Honeycomb?
Perhaps someone out there can help me out with this problem, because it's freaking me out.
Regards, Perenor.
I haven't had a problem with my Transformer connecting and syncing with my Exchange server...actually have been surprised how quick it does connect...
..how far into the setup/connection process do you get before it gives you the error?
I get the error when I press "Next" on the page where you enter the "user/domain", "password" en "mail server" entries. It then tries to get the settings for incoming mail, which takes a couple of seconds. After that I get the aforementioned message.
I have sent in a bug report at code.google.com. Its Defect Id is 17987. Perhaps others out there with a honeycomb tablet who are having this problem as well, could leave a message there: http://code.google.com/p/android/issues/detail?id=17987.
It s been like it since Android 1.0...
Android does not support Exchange security. PERIOD.
It is sad. The only ROM supporting it are SENSE ROM... as far as i know...
But for HC, so far nothing...
Updating to 3.2 resolves this issue
Update didn't help
Updated to 3.2.1 (WW) but I still get the same message that my device does not support the security features required.
Running stock and un-rooted TF101 (no G) B70 series.
Any ideas/pointers?
And no, I don't want to install touchdown regardless of how good it is.
(Funnily enough, my dirt cheap HTC chacha has replaced my blackberry and works flawlessly with our Exchange server).
For the record, we're on Exchange 2010 but not sure which exact requirements activesync comes with (happy to report them if someone points me to how to gather them).

How to setup Outlook for Exchange Server on WP7?

I am trying to setup a WP7 Outlook, but it won`t connect to a company Exchange Server.
Always getting error- Error code: 80072EE7.
I have read on web that certificates needs to be installed on wp7. I did it, but no luck.
I used to synch this exchange account on my HTC Evo 4G.
Any ideas how to fix issue?
I wish WP7 had a better way to load self-signed certificates.
Best way to install a cert is to e-mail it to yourself using a Gmail account, set up the Gmail account on WP7, open the e-mail and the resulting certificate attachment, and then install the certificate.
Thanks for response,
But,
Everywhere on web people talking about certificates and no one says which particular cert needs to be installed.
I tried with verisign, Microsoft root authorication and other kind public certificates. But issue still persist.
Who knows where can I get the exact certificate from?
Also make sure you are putting in the local domain
(whateveryourdomain.local)
It is required for WP7 unless your username has the domain in it.
For cert... here is what one user said...
1. went to google chrome on my desktop, spanner, options, under the hood, manage certificates.
2. go trusted root certificate authorities.
3. found the certificate from our server.
4. exported it as a DER encoded binary X.509 (.cer) file to the desktop
5. emailed it to my godaddy account on my WP7 phone.
6. clicked on the link installed it AND THEN created the outlook account on my WP7 phone.
IT IS IMPORTANT TO NOT HAVE ANY OUTLOOK ACCOUNTS ACTIVE WHEN INSTALLING THE CERTIFICATE.
thanks for all your help guys!
yes, sure I have local domain:
\whatever - this is what i used on android outlook settings.
how to know which one is our server certificate?
in WP 7 though you don't need a slash. just the domain name when it asks for it.
For the cert... can you get to your mail server via web mail?
For ours in IE9, i just click the lock by the address bar and hit view certificate. Also if you know your Exchange admin, ask him to send it to you via the hotmail account. they you can just click on it and install it.
I believe we do not use any certificate. probably we use public certificates. i do not see lock next to address bar.
Does you host require on device encryption?
Does your company provide instructions for other phones? I may be able to tell you or translate them to how it works in windows phone.
No lock? go to advanced in account and uncheck ssl. I think its on by default.
If that doesn't work pm me the the web outlook address an i can tell u if there is one on there at least.
still cannot synch my outlook account. is there any new ideas?
The only thing left i can say is talk to your exchange admin / tech support. All the settings seem correct for a normal setup. Maybe they are using on device encryption... the only thing that windows phone really doesn't support for exchange, or maybe there is a setting we don't know that they will tell you.
The questions to ask are -
Does it require on device encryption?
Is the certificate required the same one outlook webmail uses as that is the one i walked you through installing?
Is the mail server address the same as outlook webmail minus the owa?
What is the local domain of the mail server? (that is different then the mail server address in most cases)
Does the username have to be whole email address? domain\username? or just username
Does the exchange admin have to add my phone?
Hope that helps get your questions answered.
I need some help also. I had my exchange account on my phone until my comp did server upgrades. This knocked me off as they say this will only support Blackberry and iPhone, don't ask me why. So I was able to setup my exchange account on my Android Epic 4g after trying for a week, as I figured if an iPhone can access it my Android should also. But I have tried the same settings from my Android phone on my WP7 and no luck.
After reading this it looks like I need to follow the above mentioned steps to manually add a sec cert to get it working just right?
I really want my exchange account on my WP7, sucks trying to be on the phone and not be able to download attachments cause you are talking on the phone that gets the email.
Any help would be great!
Did you mean to include a URL or two in there? Anyhow, setting up WP7 to work with Exchange should be pretty easy, although I'm not sure it will do EAP with anything older than 2007 (though IMAP on older servers will work fine). Both of my phone's synced Exchange accounts were set up easily and automatically by just telling it to add the email address; it found the servers and automatically configured the accounts.
black06c230 said:
I need some help also. I had my exchange account on my phone until my comp did server upgrades. This knocked me off as they say this will only support Blackberry and iPhone, don't ask me why. So I was able to setup my exchange account on my Android Epic 4g after trying for a week, as I figured if an iPhone can access it my Android should also. But I have tried the same settings from my Android phone on my WP7 and no luck.
After reading this it looks like I need to follow the above mentioned steps to manually add a sec cert to get it working just right?
I really want my exchange account on my WP7, sucks trying to be on the phone and not be able to download attachments cause you are talking on the phone that gets the email.
Any help would be great!
Click to expand...
Click to collapse
Did they post instructions on what was needed to get an iphone on it? Should be similar with windows phone. For the cert, once you get it, email it to your hotmail and open it. THat will install it.
ROCOAFZ said:
in WP 7 though you don't need a slash. just the domain name when it asks for it.
For the cert... can you get to your mail server via web mail?
For ours in IE9, i just click the lock by the address bar and hit view certificate. Also if you know your Exchange admin, ask him to send it to you via the hotmail account. they you can just click on it and install it.
Click to expand...
Click to collapse
once i click the lock and see the cert. how do i get it to send it in an email?
---------- Post added at 11:22 PM ---------- Previous post was at 11:16 PM ----------
ROCOAFZ said:
Did they post instructions on what was needed to get an iphone on it? Should be similar with windows phone. For the cert, once you get it, email it to your hotmail and open it. THat will install it.
Click to expand...
Click to collapse
other co-workers have their iphone's working just fine. I will get a hold of one and see if any settings in there make it work.
but again i got it setup on my android phone without much issue and those same settings won't work on my WP7. it errors about the cert.
as stated I can click the lock and view the cert from web access but how do I email it to myself? i don't see a export option.
lastly, they block any IP but intranet IPs to access the mail.companydomain.com so the cert from there may not even help?!?!?
to access mail from home/laptop i have outlook setup so no need to access via the web.
any help you can give to get this working would be great!! and yes IT won't give my squat.
Have you tried manual setup. That's what mine requires. I put in my email address and password but it never gets it. I then click on manual and add
Login name: whatdoyaknow
Domain: ad.xxx.com (actually mine is more complex than that, but start with ad.)
Server: exchange.xxx.com (again more complex)
I need certificates for most things, but this seems to work ok.
Actually I still have problems getting WM6.5 to connect, but WP7 goes ok with the above.

Categories

Resources