Related
Ok I have wrestled with this for 2 days straight.
I had issues with this with my CFO's windows mobile device but at least his was giving me a specific error message.
My Tilt has the latest Dutty ROM upgrade (Dual Touch), I haven't been able to get my exchange server synced OTA.
I run a Exchange 2007 Enterprise environment. Everything on the server side is fine. My OWA url is https://webmail.firethornmobile.net. All I get is waiting on network after 2-15 minutes.
I have soft reset, deleted the PC partnership, taken my connection off of auto and tried both my work connection and isp.
I'm starting to suspect it maybe the ROM upgrade but it was doing the same thing when I first started the phone.
Please help.
OMA enabled?
Do you have the OMA enabled? Do you have the server root CA installed in the tilt (I am assuming you are using secure method for OMA)?
I have flashed Dutty's dual touch v2 and I don't have problem to get emails through OMA services.
Do you ever get the other PDA sync with email before? From the error message, it seems the Activesync in the Tilt can't talk to the exchange (front end) server at all.
Yes on Exchange 2007 OMA is enabled natively. In the middle of seperating data centres from our sister company.
We just got bought by Qualcomm so we never bought a cert from Verisign. I am using a self sign cert from our exchange server ( I have to turn SSL off on the pda side.
This has never worked, I already called Cingular and they said if I can get webmail from gmail and hotmail then it isn't their problem.
I have installed the self signed cert on the handset.
OK, you don't need to install the self-signing cert in the PDA, but you need to install the root cert of the self-signing cert in the PDA.
Usually, a server cert or user cert has a root authority (CA), you need to install the CA cert in the PDA, not the server cert.
If you can install a window server (2000 or 2003), you can enable the certificate authority server and issue your exchange server a server certificate. In this case, you will have your own root certificate. I don't suggest you to use Verisign's certificate because everyone has Verisign's root certificate can try to "play" with your OMA server.
However, the error message is still showing that the Activesync in PDA can't reach to the OMA at all.
BTW, the push email doens't work if it's not on the SSL connection.
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
In that case, you can try to see if you can reach to the OWA from your PDA, if it can, you shall not have network issue.
BTW: the connon name of the server cert must be the same as your public domain name, otherwise, the Activesync will still reject the connection.
Apex i ITR said:
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
Click to expand...
Click to collapse
I agree with the poster above. I have this exact same set up at my company and it does work. The certificate has to be the external name of the exchange server. If this does not match the PDA will never sync. Check your certificate and make sure the FQDN is correct.
I just check your exchange server from the URL you posted above, your OMA and OWA are working, but the certificate's common name is not the same as the public domain name.
Try to re-issue the certificate, it may just work.
Thanks guys. I'll try that.
Webmail does work from the handset. I don't know how I got my CFo's working to be honest if its flaking on the name of the cert but I'll try that and let you know. I was about to hard reset this thing and leave the cooked ROM's alone for a while. Hopefully this resolves it.
From my experience dealing with Acticesync in the PDA, it's very picky of the name of the certificate. I think that's security reason. The Activesync doens't accept certificate that common name doesn't match the public domain name.
When I use the IP address for test, I have to get a certifiate with the IP address as its common. So I believe that's the certificate's problem, not the cooked rom.
I still suggest you to get your own CA and certificate, in that way, you have more control even debugging this problem.
I feel like a moron asking but how the hell do I change the common name.
You can't change an existing certificate, you have to re-issue a new certificate.
I guest you can't do it by the self-siging certificate, but I am not fimiliar with the self-signing certificate. Get a WIN server machine and install the CA server, after that, you can issue a certificate.
Assumeing you have a CA server ready:
1. Request the certificate from exchange server: you will have a chance to enter the common name of this certificate.
2. Generate a certificate from this certificate request from CA server
3. Import the certificate back to the exchange server.
If you can't get a WIN server as CA server, I will need to ask my colleagues about the free CA server he used from the Internet.
My DNS box is a CA server (started the service on that).
I'll try that then (I hard reset and I now I have an error stating I'm not authorized).
I'll let you know if it works. Thanks.
Ok I believe I did it right but I still get tha error (When connect via usb cable) and I still get the waiting for network message.
When you connect to the USB cable, you have to "allow" the Internet access pass through from the Activesync in the PC, otherwise, it won't reach out to the Internet at all.
Try to connect to other web site to see if you have a good internet connection or not.
Some updates. I made sure the cert is the right common name. I noticed that after I install it on the handset it doesn't put the cert in the root tab...only intermediate. I installed the ca server's cert as well (That went into the root tab).
Im leaving ssl checked and now I get 0X80072F17.
incorrect common name
Your common name is still not correct, it shall be "webmail.firethornmobile.net" only, but you put "http://" at the begining and "/owa" at the end, it not correct.
You have to issue the server certificate one more time with "webmail.firethornmobile.net" (without quotes) as the common name.
Also, when I check the Certification path of your certificate, I don't see this certificate is under any root certificate. Properly you need to check your CA (DNS) to see if it's setup properly.
Hey,
Use this site to figure out the errors you are getting on your phone. http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php
Also are you the Exchange Admin? If so enable verbose logging so that you can see what is going on with exchange as the connection comes in.
Also if you want to make sure it is not the cert you can "Enable" SSL on the phone and then reg hack it so that it doesn't check for the cert. this will allow you to see if it is a cert problem.
Let me know if you need any help with that. I"m an Exchange Admin and i work with Active Sync day in and day out.
Tried Fix Suggested on Pocket PC FAQ Site
I think this is ON TOPIC. If not, please advise and I will repost elsewhere.
I flashed my phone with the Dutty Beta 2 Touchflow ROM for Tilt. I am getting the following error and have tried the matched solution from Pocket PC FAQ:
0x80830003 N/A Synchronization failed. If the problem continues, contact your network administrator.
1. The Exchange server is configured to require client certificates.
1. On the Exchange server, launch Internet Services Manager. Right click on the Microsoft-Server-ActiveSync virtual directory and choose Properties. Select the Directory Security tab. Click the Edit button in the Secure Communications section and select the option to “Ignore client certificates.”
I continue to get the same error even after dumping the device through the exchange server.
My System Admin thinks that there is something wrong with the version of ACTIVE SYNC provided in the ROM used to flash the device.
Any thoughts/direction you could point me in or is there any other info you need?? Is th
Greetings all, first time post.
I have a customer that has the new ATT Captivate. I have tried to get his exchange account working to no avail.
For those who have set this up, what setting have you used? It seems like every smart phone is just a little different.
I have used
domainname\username
domainname.local\username
domainname\mailboxalias
for exchange server I have used the DNS names, IP address, with and without /exchange
With and without SSL
I keep getting authentication errors.
I have tried 2 different servers, 3 different accounts to no avail.
The user was using a blackberry before so I know it can connect.
What am I missing? The password is 4 digits.
i use the following
user: domain\username
server: owa address
flextechs said:
Greetings all, first time post.
I have a customer that has the new ATT Captivate. I have tried to get his exchange account working to no avail.
For those who have set this up, what setting have you used? It seems like every smart phone is just a little different.
I have used
domainname\username
domainname.local\username
domainname\mailboxalias
for exchange server I have used the DNS names, IP address, with and without /exchange
With and without SSL
I keep getting authentication errors.
I have tried 2 different servers, 3 different accounts to no avail.
The user was using a blackberry before so I know it can connect.
What am I missing? The password is 4 digits.
Click to expand...
Click to collapse
Just because it was working with a Blackberry doesn't mean he can Exchange SYnc.
The BB has 2 ways to connect: 1 BES (BB Enterprise Server) - only BB can connect and does all the encryption. The BES talks to Exchange. The BB phone talks to BES.
2. BIS (BB Internet Server) - this is a hack - it screen scrapes the Outlook Webmail.
Neither of these methods guarantees that the exchange admin allows EAS (Exchange Active Sync). Can the user login to the Webmail component? If so, have you tried the server webmail address?
Has the person even asked their Exchange admin if they support EAS?
99% of the time, authentication deny is because they are blocking EAS as many phones that support it, are not very secure. If they are a BB shop, this is not unusual.
alphadog00 said:
Just because it was working with a Blackberry doesn't mean he can Exchange SYnc.
The BB has 2 ways to connect: 1 BES (BB Enterprise Server) - only BB can connect and does all the encryption. The BES talks to Exchange. The BB phone talks to BES.
2. BIS (BB Internet Server) - this is a hack - it screen scrapes the Outlook Webmail.
Neither of these methods guarantees that the exchange admin allows EAS (Exchange Active Sync). Can the user login to the Webmail component? If so, have you tried the server webmail address?
Has the person even asked their Exchange admin if they support EAS?
99% of the time, authentication deny is because they are blocking EAS as many phones that support it, are not very secure. If they are a BB shop, this is not unusual.
Click to expand...
Click to collapse
I am the admin. He was using the att BB setup through the webpage that had where you put in the OWA information. This server is setup like all of my customers. I have other customers using windows mobile just fine. Deafult SBS 2003 Install. He is part of the Mobile User Group and all exchange features for this user are enabled. Reading MS Article ID: 817379
You can use Exchange only if you have owa available to the internet. It sounds like you do.
Do you have a direct url to your owa site? Do you have an ssl certificate? You should be able to use \[email protected] and just put your direct url as the server. If using ssl then select "accept all certificates."
Sent from my SAMSUNG-SGH-I897 using XDA App
domain\login
password
use mailserver.domain.com/exchange
NOT https: // mailserver.domain . com/exchange
use ssl
accept all certs
hope this helps (sorry, i'm not allowed to post links)
JimmyStale said:
domain\login
password
use mailserver.domain.com/exchange
NOT https: // mailserver.domain . com/exchange
use ssl
accept all certs
Click to expand...
Click to collapse
Just another confirmation that what JimmyStale (and others) wrote works fine:
DOMAIN\Username
Password
Server: OWAserver.domain.com (whatever your Outlook Web Access URL is)
- rp
For Exchange activesync you do not have to put the /exchange or /owa after the server name. It actually uses the OMA part of the default website on the server. I have a dns registration pointing to my external ip for Exchange and it works just by putting the domain\username and the dns name that points to your server.
I also have a hosted exchange account for my personal email on my personal phone (Captivate). It works without the /exchange as well.
It may just be an issue with the password being too short or something along those lines.
Also, if you plan to support Android 2.2 you will need a signed SSL certificate. I verified this with my work phone (Moto Droid) and it would not authenticate until I installed a signed certificate. Outlook 2007 also has this requirement.
naplesbill said:
For Exchange activesync you do not have to put the /exchange or /owa after the server name. It actually uses the OMA part of the default website on the server. I have a dns registration pointing to my external ip for Exchange and it works just by putting the domain\username and the dns name that points to your server.
I also have a hosted exchange account for my personal email on my personal phone (Captivate). It works without the /exchange as well.
It may just be an issue with the password being too short or something along those lines.
Also, if you plan to support Android 2.2 you will need a signed SSL certificate. I verified this with my work phone (Moto Droid) and it would not authenticate until I installed a signed certificate. Outlook 2007 also has this requirement.
Click to expand...
Click to collapse
The phone is a brand new ATT Captivate. From what I understand from the ATT Rep, this phone is brand new. It is running Android 2.1 according to ATT website. The user PW is 4 charaters, so I guess I can try that.
flextechs said:
The phone is a brand new ATT Captivate. From what I understand from the ATT Rep, this phone is brand new. It is running Android 2.1 according to ATT website. The user PW is 4 charaters, so I guess I can try that.
Click to expand...
Click to collapse
I just pointed out the info about 2.2 because the Captivate will be upgraded to 2.2 soon enough.
I would try a longer password and see if that works.
flextechs said:
I am the admin. He was using the att BB setup through the webpage that had where you put in the OWA information. This server is setup like all of my customers. I have other customers using windows mobile just fine. Deafult SBS 2003 Install. He is part of the Mobile User Group and all exchange features for this user are enabled. Reading MS Article ID: 817379
Click to expand...
Click to collapse
Are there other mobile users at this site using winmo? Check server logs for clues. It could a virtual directory permissions issue.
Sent from my SAMSUNG-SGH-I897 using XDA App
A fool I am
Ok. For those of you who know SBS 2003, I had to run the Internet Connection Wizard and turn on the Windows Mobile function. Friggin' duh. I thought it was on.
he used
domain\username
webmail.domain.com
with ssl and auto accept certificates.
Thanks all for who contributed to me finding myself at fault.
I can't beleive all the time wasted. Between the customer, the rep at ATT, and myself about 6 hours. Not including your reading and replies. DOH!
I am trying to setup a WP7 Outlook, but it won`t connect to a company Exchange Server.
Always getting error- Error code: 80072EE7.
I have read on web that certificates needs to be installed on wp7. I did it, but no luck.
I used to synch this exchange account on my HTC Evo 4G.
Any ideas how to fix issue?
I wish WP7 had a better way to load self-signed certificates.
Best way to install a cert is to e-mail it to yourself using a Gmail account, set up the Gmail account on WP7, open the e-mail and the resulting certificate attachment, and then install the certificate.
Thanks for response,
But,
Everywhere on web people talking about certificates and no one says which particular cert needs to be installed.
I tried with verisign, Microsoft root authorication and other kind public certificates. But issue still persist.
Who knows where can I get the exact certificate from?
Also make sure you are putting in the local domain
(whateveryourdomain.local)
It is required for WP7 unless your username has the domain in it.
For cert... here is what one user said...
1. went to google chrome on my desktop, spanner, options, under the hood, manage certificates.
2. go trusted root certificate authorities.
3. found the certificate from our server.
4. exported it as a DER encoded binary X.509 (.cer) file to the desktop
5. emailed it to my godaddy account on my WP7 phone.
6. clicked on the link installed it AND THEN created the outlook account on my WP7 phone.
IT IS IMPORTANT TO NOT HAVE ANY OUTLOOK ACCOUNTS ACTIVE WHEN INSTALLING THE CERTIFICATE.
thanks for all your help guys!
yes, sure I have local domain:
\whatever - this is what i used on android outlook settings.
how to know which one is our server certificate?
in WP 7 though you don't need a slash. just the domain name when it asks for it.
For the cert... can you get to your mail server via web mail?
For ours in IE9, i just click the lock by the address bar and hit view certificate. Also if you know your Exchange admin, ask him to send it to you via the hotmail account. they you can just click on it and install it.
I believe we do not use any certificate. probably we use public certificates. i do not see lock next to address bar.
Does you host require on device encryption?
Does your company provide instructions for other phones? I may be able to tell you or translate them to how it works in windows phone.
No lock? go to advanced in account and uncheck ssl. I think its on by default.
If that doesn't work pm me the the web outlook address an i can tell u if there is one on there at least.
still cannot synch my outlook account. is there any new ideas?
The only thing left i can say is talk to your exchange admin / tech support. All the settings seem correct for a normal setup. Maybe they are using on device encryption... the only thing that windows phone really doesn't support for exchange, or maybe there is a setting we don't know that they will tell you.
The questions to ask are -
Does it require on device encryption?
Is the certificate required the same one outlook webmail uses as that is the one i walked you through installing?
Is the mail server address the same as outlook webmail minus the owa?
What is the local domain of the mail server? (that is different then the mail server address in most cases)
Does the username have to be whole email address? domain\username? or just username
Does the exchange admin have to add my phone?
Hope that helps get your questions answered.
I need some help also. I had my exchange account on my phone until my comp did server upgrades. This knocked me off as they say this will only support Blackberry and iPhone, don't ask me why. So I was able to setup my exchange account on my Android Epic 4g after trying for a week, as I figured if an iPhone can access it my Android should also. But I have tried the same settings from my Android phone on my WP7 and no luck.
After reading this it looks like I need to follow the above mentioned steps to manually add a sec cert to get it working just right?
I really want my exchange account on my WP7, sucks trying to be on the phone and not be able to download attachments cause you are talking on the phone that gets the email.
Any help would be great!
Did you mean to include a URL or two in there? Anyhow, setting up WP7 to work with Exchange should be pretty easy, although I'm not sure it will do EAP with anything older than 2007 (though IMAP on older servers will work fine). Both of my phone's synced Exchange accounts were set up easily and automatically by just telling it to add the email address; it found the servers and automatically configured the accounts.
black06c230 said:
I need some help also. I had my exchange account on my phone until my comp did server upgrades. This knocked me off as they say this will only support Blackberry and iPhone, don't ask me why. So I was able to setup my exchange account on my Android Epic 4g after trying for a week, as I figured if an iPhone can access it my Android should also. But I have tried the same settings from my Android phone on my WP7 and no luck.
After reading this it looks like I need to follow the above mentioned steps to manually add a sec cert to get it working just right?
I really want my exchange account on my WP7, sucks trying to be on the phone and not be able to download attachments cause you are talking on the phone that gets the email.
Any help would be great!
Click to expand...
Click to collapse
Did they post instructions on what was needed to get an iphone on it? Should be similar with windows phone. For the cert, once you get it, email it to your hotmail and open it. THat will install it.
ROCOAFZ said:
in WP 7 though you don't need a slash. just the domain name when it asks for it.
For the cert... can you get to your mail server via web mail?
For ours in IE9, i just click the lock by the address bar and hit view certificate. Also if you know your Exchange admin, ask him to send it to you via the hotmail account. they you can just click on it and install it.
Click to expand...
Click to collapse
once i click the lock and see the cert. how do i get it to send it in an email?
---------- Post added at 11:22 PM ---------- Previous post was at 11:16 PM ----------
ROCOAFZ said:
Did they post instructions on what was needed to get an iphone on it? Should be similar with windows phone. For the cert, once you get it, email it to your hotmail and open it. THat will install it.
Click to expand...
Click to collapse
other co-workers have their iphone's working just fine. I will get a hold of one and see if any settings in there make it work.
but again i got it setup on my android phone without much issue and those same settings won't work on my WP7. it errors about the cert.
as stated I can click the lock and view the cert from web access but how do I email it to myself? i don't see a export option.
lastly, they block any IP but intranet IPs to access the mail.companydomain.com so the cert from there may not even help?!?!?
to access mail from home/laptop i have outlook setup so no need to access via the web.
any help you can give to get this working would be great!! and yes IT won't give my squat.
Have you tried manual setup. That's what mine requires. I put in my email address and password but it never gets it. I then click on manual and add
Login name: whatdoyaknow
Domain: ad.xxx.com (actually mine is more complex than that, but start with ad.)
Server: exchange.xxx.com (again more complex)
I need certificates for most things, but this seems to work ok.
Actually I still have problems getting WM6.5 to connect, but WP7 goes ok with the above.
Hoping someone can help with this..
I'm using:
Server: webmail.company.com
Login: domain\user (not same as email)
Email: [email protected]
SSL (checked)
Accept all SSL (checked)
This has always worked in the past but recently stopped. When setting this up now I get an error: "You typed an incorrect server address or the server requires a protocol version that Email doesn't support".
Using all these settings in K9 mail I get a similar error. With K9 mail however I have the option to add a "Mailbox Alias". When I add [email protected] into the Mailbox Alias field it works.
Ideally I'd like to continue using the default Email app and Calendar but since there doesn't appear to be anyplace to add a Mailbox Alias in the default client I cannot. I am using that mailbox alias as the email address I enter when setting up the Email client.
It's not a company issued phone so there isn't much I can do as far as having changes made on the server. I believe they must have done an update or changed some setting, as there was an email that the OWA server was being restarted which preceded these problems.
I tried setting this up on an iPhone this evening. It didn't give the same error but rather just wouldn't connect to the same server. This previously worked as well as I had tried an iPhone briefly a few months ago.
It seems that no one else at work that collects email with their stock Android Email.apk is having any issues. I would assume at this point it is some kind of account problem, but I am using the same info as listed above in my work laptops Outlook client for collecting mail via https when not connected to VPN. I'm also using those settings on a Macbook in Entourage to connect to exchange, though I believe that uses webdav. Both of those clients continue to work, and as mentioned above, k9 works when adding my email address to the Mailbox Alias. I was also able to get TouchDown working though I'm not that interested in buying it.
If anyone has anything I'd love to hear it.
thanks!
This appears to be the issue that I'm having.
http://code.google.com/p/android/issues/detail?id=25648
It seems to be an account/permissions related problem though I don't really understand why adding a mailbox alias with K9 resolves the problem, though the above OP mentions his worked with Touchdown when it wasn't working with default email.apk.
I have a personal Honor 8 device I use to access my company email. They use Duo Mobile software to authenticate before allowing this.
After upgrading to Nougat 7.0, I am unable to access email (using the Outlook app). I get a message saying that I need full disk encryption turned on. I don't see this as an option anywhere in my Settings. I do have a strong password set to be used.
Do I need to enable File Based encryption at this stage? I am trying to do this and do not see the option to convert to File Based encryption even after turning on Developer Options by the way.
Has anybody else run into this issue? Any guidance - I am dead in the water without being able to access my email.
Thx
AK
I remember I had a problem with my e-mail but I'm not 100% certain that it was the same issue. But try to remove all your screen locks including finger print and try again.
Ihaveatattoo said:
I remember I had a problem with my e-mail but I'm not 100% certain that it was the same issue. But try to remove all your screen locks including finger print and try again.
Click to expand...
Click to collapse
Thanks for the response. However in order to enable Corporate Email, Outlook asks for a password to be in place. Therefore I cannot remove all screen locks.
The problem seems to be that the authenticating software (Duo Mobile) is looking for two things on the device. One is that full disk encryption is explicitly enabled. The other is that the setting to "Require password at Startup" is enabled. Neither of these options are availalble on the Honor 8. Their support says that encryption is on by default and therefore there is no setting for it.
akatti said:
Thanks for the response. However in order to enable Corporate Email, Outlook asks for a password to be in place. Therefore I cannot remove all screen locks.
The problem seems to be that the authenticating software (Duo Mobile) is looking for two things on the device. One is that full disk encryption is explicitly enabled. The other is that the setting to "Require password at Startup" is enabled. Neither of these options are availalble on the Honor 8. Their support says that encryption is on by default and therefore there is no setting for it.
Click to expand...
Click to collapse
Further, I looked at turning on the new File Based Encryption that is part of Nougat. There are how-to's that discuss this, where you have to turn on Developer Options to do so. However, on the Honor 8, even after turnin on Developer Options, there is no option to "Convert to File Based encryption" available. If you search in Settings, it shows this option, but upon clicking on that option from the Settings Search results, it just takes you into Developer Options and there is no setting to enable File Based encryption.
Nvm this, poor reading comprehension on my part
I have no issues using Gmail's Exchange client to connect to my corporate email. It sounds like it's not a Nougat or Android problem, it's a Duo Mobile problem
I had the same problem.
Switched to the app Nine. It is a one-time purchase and its security model is app-wide instead of device-wide.
Have you tried it yet?
Telperion said:
I have no issues using Gmail's Exchange client to connect to my corporate email. It sounds like it's not a Nougat or Android problem, it's a Duo Mobile problem
Click to expand...
Click to collapse
The company whose email I need to get to has only enabled Outlook as a client - therefore using other email clients (such as the Gmail app) is not an option unfortunately.
akatti said:
The company whose email I need to get to has only enabled Outlook as a client - therefore using other email clients (such as the Gmail app) is not an option unfortunately.
Click to expand...
Click to collapse
To the best of my knowledge as long as you have the correct server credentials, you can use any client. For example, my credentials:
Server: subdomain.website.com
Domain\Username: test\Telperion
Port: 443
Security type: SSL/TLS
I can connect using Gmail's Exchange client, Outlook for Android, Nine, native Huawei email client, etc. While everyone's setup is different, if you're able to log in using the Outlook client, theoretically there's nothing to prevent you from using the same credentials in a different client.
That was my not my experience.
My company's Outlook server is configured to require device-level encryption for mobile devices with complex passwords. On my Nexus 6p, Outlook for Android did not work, with the error that it "did not support the encryption required". Also, I could not use fingerprint authentication on the device, and required a 8-digit unlock code. Not just for Outlook, mind you -- any time I wanted to unlock the phone.
OWA (Outlook Web App) for Android worked fine, but it supports neither push nor notifications, rendering it utterly useless. OWA is, as far as I can tell, just a shell containing an HTML rendering engine that reflows the web app.
The only reason CloudMagic (and potentially Nine) worked for me is that CloudMagic (and I think Nine) have device-level encryption on their server (?). The end-user provides credentials for their server to log in, download the email, and act as an intermediary.
Telperion said:
To the best of my knowledge as long as you have the correct server credentials, you can use any client. For example, my credentials:
Server: webmail.website.com
Domain\Username: test\Telperion
Port: 443
Security type: SSL/TLS
I can connect using Gmail's Exchange client, Outlook for Android, Nine, native Huawei email client, etc. While everyone's setup is different, if you're able to log in using the Outlook client, theoretically there's nothing to prevent you from using the same credentials in a different client.
Click to expand...
Click to collapse
biogon said:
That was my not my experience.
My company's Outlook server is configured to require device-level encryption for mobile devices with complex passwords. On my Nexus 6p, Outlook for Android did not work, with the error that it "did not support the encryption required". Also, I could not use fingerprint authentication on the device, and required a 8-digit unlock code. Not just for Outlook, mind you -- any time I wanted to unlock the phone.
OWA (Outlook Web App) for Android worked fine, but it supports neither push nor notifications, rendering it utterly useless. OWA is, as far as I can tell, just a shell containing an HTML rendering engine that reflows the web app.
The only reason CloudMagic (and potentially Nine) worked for me is that CloudMagic (and I think Nine) have device-level encryption on their server (?). The end-user provides credentials for their server to log in, download the email, and act as an intermediary.
Click to expand...
Click to collapse
When adding my corporate exchange email to Gmail, Gmail is activated as a device administrator with permissions to:
Erase all data
Set password rules
Monitor screen-unlock attempts
Lock the screen
Set lock-screen password expiration
Set storage encryption
Disable cameras
I'm not using webmail, I'm using Exchange ActiveSync. Device policy forces me to have a lock screen pin or password, but I can still fingerprint unlock it. It sounds as if your respective Exchange servers aren't configured properly, because all of the security that they're requiring can be mandated through ActiveSync and Gmail's device administration service.
t
Telperion said:
It sounds as if your respective Exchange servers aren't configured properly, because all of the security that they're requiring can be mandated through ActiveSync and Gmail's device administration service.
Click to expand...
Click to collapse
Is Exchange ActiveSync different from Office 365's Exchange?
When I asked IT about local ActiveSync, they said that they don't support it, just Office 365 on Shibboleth.
Then again, I couldn't get a Chromebook to connect to the WiFi network here due to some misconfiguration in their Cisco router's PEAP setup, so I wouldn't be surprised.
biogon said:
Is Exchange ActiveSync different from Office 365's Exchange?
When I asked IT about local ActiveSync, they said that they don't support it, just Office 365 on Shibboleth.
Click to expand...
Click to collapse
Different back end, same capabilities. Exchange ActiveSync is a site-hosted server, Office 365 is a cloud-hosted version. On a local Exchange server, your IT department will have set up a local domain and you will have a user account in Active Directory (domain\Telperion). In Office 365, your user account is your email address ([email protected]) and there is no domain mapped that you have to configure. Once you know this, you can piece together the way to configure it.
The biggest challenge is that IT typically won't mess around with supporting mobile device configuration ("I don't know Android"), and Microsoft tutorials don't give clear instructions ("I don't know Android"). Android tutorials say "I don't know Microsoft" so you end up having to piece things together from multiple sources online.
See attached tutorial, it's very easy once you know what to do.
Add new account from device Accounts menu
Choose 'Exchange' with the Gmail logo
Enter your corporate email address, don't hit next, hit "Manual Setup"
Choose 'Exchange' as the account type
Make sure your email is entered in "domain\username" field
Enter password
Server for Office 365 is "outlook.office365.com"
Port 443
Set security to "SSL/TLS"
From there it should handle all the rest of the configuration.
biogon said:
I had the same problem.
Switched to the app Nine. It is a one-time purchase and its security model is app-wide instead of device-wide.
Have you tried it yet?
Click to expand...
Click to collapse
Thanks. Tried Nine. Works the same way as Outlook so far. In other words, setting its policy to only apply to the app doesn't make a difference in how Duo Mobile (the two factor authentication checker) continues to insist the device be encrypted and have the setting "Require password on startup" be turned on.
Telperion said:
Different back end, same capabilities. Exchange ActiveSync is a site-hosted server, Office 365 is a cloud-hosted version. On a local Exchange server, your IT department will have set up a local domain and you will have a user account in Active Directory (domain\Telperion). In Office 365, your user account is your email address ([email protected]) and there is no domain mapped that you have to configure. Once you know this, you can piece together the way to configure it.
The biggest challenge is that IT typically won't mess around with supporting mobile device configuration ("I don't know Android"), and Microsoft tutorials don't give clear instructions ("I don't know Android"). Android tutorials say "I don't know Microsoft" so you end up having to piece things together from multiple sources online.
See attached tutorial, it's very easy once you know what to do.
Add new account from device Accounts menu
Choose 'Exchange' with the Gmail logo
Enter your corporate email address, don't hit next, hit "Manual Setup"
Choose 'Exchange' as the account type
Make sure your email is entered in "domain\username" field
Enter password
Server for Office 365 is "outlook.office365.com"
Port 443
Set security to "SSL/TLS"
From there it should handle all the rest of the configuration.
Click to expand...
Click to collapse
Thanks for the detailed message. Tried the above.
When I left the server be the default server name (derived from my email address), I got a "Certificate is not valid" error. I had "None" as the certificate.
After I changed the server name to be outlook.office365.com as mentioned in your instructions above, I now get a "Can't connect to server" message.
I did recheck my steps. Not sure why Gmail fails to connect. Any suggestions on where to look?
akatti said:
Thanks for the detailed message. Tried the above.
When I left the server be the default server name (derived from my email address), I got a "Certificate is not valid" error. I had "None" as the certificate.
After I changed the server name to be outlook.office365.com as mentioned in your instructions above, I now get a "Can't connect to server" message.
I did recheck my steps. Not sure why Gmail fails to connect. Any suggestions on where to look?
Click to expand...
Click to collapse
Those instructions are for Office 365, it sounds like yours is hosted.
Telperion said:
Those instructions are for Office 365, it sounds like yours is hosted.
Click to expand...
Click to collapse
I checked the settings for Outlook Web on my PC and it is an Office 365 account. I updated by Gmail settings to match (Server: outlook.office365.com, Port: 993 and Security: SSL/TLS although on the PC it was just TLS). Get a message saying "Couldn't open connection to server".