Related
Ok I have wrestled with this for 2 days straight.
I had issues with this with my CFO's windows mobile device but at least his was giving me a specific error message.
My Tilt has the latest Dutty ROM upgrade (Dual Touch), I haven't been able to get my exchange server synced OTA.
I run a Exchange 2007 Enterprise environment. Everything on the server side is fine. My OWA url is https://webmail.firethornmobile.net. All I get is waiting on network after 2-15 minutes.
I have soft reset, deleted the PC partnership, taken my connection off of auto and tried both my work connection and isp.
I'm starting to suspect it maybe the ROM upgrade but it was doing the same thing when I first started the phone.
Please help.
OMA enabled?
Do you have the OMA enabled? Do you have the server root CA installed in the tilt (I am assuming you are using secure method for OMA)?
I have flashed Dutty's dual touch v2 and I don't have problem to get emails through OMA services.
Do you ever get the other PDA sync with email before? From the error message, it seems the Activesync in the Tilt can't talk to the exchange (front end) server at all.
Yes on Exchange 2007 OMA is enabled natively. In the middle of seperating data centres from our sister company.
We just got bought by Qualcomm so we never bought a cert from Verisign. I am using a self sign cert from our exchange server ( I have to turn SSL off on the pda side.
This has never worked, I already called Cingular and they said if I can get webmail from gmail and hotmail then it isn't their problem.
I have installed the self signed cert on the handset.
OK, you don't need to install the self-signing cert in the PDA, but you need to install the root cert of the self-signing cert in the PDA.
Usually, a server cert or user cert has a root authority (CA), you need to install the CA cert in the PDA, not the server cert.
If you can install a window server (2000 or 2003), you can enable the certificate authority server and issue your exchange server a server certificate. In this case, you will have your own root certificate. I don't suggest you to use Verisign's certificate because everyone has Verisign's root certificate can try to "play" with your OMA server.
However, the error message is still showing that the Activesync in PDA can't reach to the OMA at all.
BTW, the push email doens't work if it's not on the SSL connection.
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
In that case, you can try to see if you can reach to the OWA from your PDA, if it can, you shall not have network issue.
BTW: the connon name of the server cert must be the same as your public domain name, otherwise, the Activesync will still reject the connection.
Apex i ITR said:
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
Click to expand...
Click to collapse
I agree with the poster above. I have this exact same set up at my company and it does work. The certificate has to be the external name of the exchange server. If this does not match the PDA will never sync. Check your certificate and make sure the FQDN is correct.
I just check your exchange server from the URL you posted above, your OMA and OWA are working, but the certificate's common name is not the same as the public domain name.
Try to re-issue the certificate, it may just work.
Thanks guys. I'll try that.
Webmail does work from the handset. I don't know how I got my CFo's working to be honest if its flaking on the name of the cert but I'll try that and let you know. I was about to hard reset this thing and leave the cooked ROM's alone for a while. Hopefully this resolves it.
From my experience dealing with Acticesync in the PDA, it's very picky of the name of the certificate. I think that's security reason. The Activesync doens't accept certificate that common name doesn't match the public domain name.
When I use the IP address for test, I have to get a certifiate with the IP address as its common. So I believe that's the certificate's problem, not the cooked rom.
I still suggest you to get your own CA and certificate, in that way, you have more control even debugging this problem.
I feel like a moron asking but how the hell do I change the common name.
You can't change an existing certificate, you have to re-issue a new certificate.
I guest you can't do it by the self-siging certificate, but I am not fimiliar with the self-signing certificate. Get a WIN server machine and install the CA server, after that, you can issue a certificate.
Assumeing you have a CA server ready:
1. Request the certificate from exchange server: you will have a chance to enter the common name of this certificate.
2. Generate a certificate from this certificate request from CA server
3. Import the certificate back to the exchange server.
If you can't get a WIN server as CA server, I will need to ask my colleagues about the free CA server he used from the Internet.
My DNS box is a CA server (started the service on that).
I'll try that then (I hard reset and I now I have an error stating I'm not authorized).
I'll let you know if it works. Thanks.
Ok I believe I did it right but I still get tha error (When connect via usb cable) and I still get the waiting for network message.
When you connect to the USB cable, you have to "allow" the Internet access pass through from the Activesync in the PC, otherwise, it won't reach out to the Internet at all.
Try to connect to other web site to see if you have a good internet connection or not.
Some updates. I made sure the cert is the right common name. I noticed that after I install it on the handset it doesn't put the cert in the root tab...only intermediate. I installed the ca server's cert as well (That went into the root tab).
Im leaving ssl checked and now I get 0X80072F17.
incorrect common name
Your common name is still not correct, it shall be "webmail.firethornmobile.net" only, but you put "http://" at the begining and "/owa" at the end, it not correct.
You have to issue the server certificate one more time with "webmail.firethornmobile.net" (without quotes) as the common name.
Also, when I check the Certification path of your certificate, I don't see this certificate is under any root certificate. Properly you need to check your CA (DNS) to see if it's setup properly.
Hey,
Use this site to figure out the errors you are getting on your phone. http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php
Also are you the Exchange Admin? If so enable verbose logging so that you can see what is going on with exchange as the connection comes in.
Also if you want to make sure it is not the cert you can "Enable" SSL on the phone and then reg hack it so that it doesn't check for the cert. this will allow you to see if it is a cert problem.
Let me know if you need any help with that. I"m an Exchange Admin and i work with Active Sync day in and day out.
Tried Fix Suggested on Pocket PC FAQ Site
I think this is ON TOPIC. If not, please advise and I will repost elsewhere.
I flashed my phone with the Dutty Beta 2 Touchflow ROM for Tilt. I am getting the following error and have tried the matched solution from Pocket PC FAQ:
0x80830003 N/A Synchronization failed. If the problem continues, contact your network administrator.
1. The Exchange server is configured to require client certificates.
1. On the Exchange server, launch Internet Services Manager. Right click on the Microsoft-Server-ActiveSync virtual directory and choose Properties. Select the Directory Security tab. Click the Edit button in the Secure Communications section and select the option to “Ignore client certificates.”
I continue to get the same error even after dumping the device through the exchange server.
My System Admin thinks that there is something wrong with the version of ACTIVE SYNC provided in the ROM used to flash the device.
Any thoughts/direction you could point me in or is there any other info you need?? Is th
Very new here and have run into what seems to be a ROM stopper issue.
My company uses Exchange Activesync but in order to connect has to be allowed to push certain security settings to my Inspire. The normal rooted phone, I am able to use the HTC Email app with no issues and am forced to use the security.
However, after flashing a ROM (I have tried MIMU and REV 4,) I am no longer able to add my Activesync account. It gets down to do the install and fails with a general error (Try again later or some such) and won't create the account.
I did do some searching and found there was an email app that apparently bypasses that setup, but I'm not interested in bi-passing, just in getting the security to work.
Now, finally to the question: Are there any INSPIRE ROMs here that people have got to work with activesync? More specifically, with activesync that is trying to force security settings on the device?
(I had made a backup of my ROM before hand and was able to restore back to working copy without any issues [yeah] and I am sure that I wiped everything on installing both ove the above mentioned ROM.)
Sorry for the long post, but I thought background was important to understand the issue.
jeff_chaney said:
Very new here and have run into what seems to be a ROM stopper issue.
My company uses Exchange Activesync but in order to connect has to be allowed to push certain security settings to my Inspire. The normal rooted phone, I am able to use the HTC Email app with no issues and am forced to use the security.
However, after flashing a ROM (I have tried MIMU and REV 4,) I am no longer able to add my Activesync account. It gets down to do the install and fails with a general error (Try again later or some such) and won't create the account.
I did do some searching and found there was an email app that apparently bypasses that setup, but I'm not interested in bi-passing, just in getting the security to work.
Now, finally to the question: Are there any INSPIRE ROMs here that people have got to work with activesync? More specifically, with activesync that is trying to force security settings on the device?
(I had made a backup of my ROM before hand and was able to restore back to working copy without any issues [yeah] and I am sure that I wiped everything on installing both ove the above mentioned ROM.)
Sorry for the long post, but I thought background was important to understand the issue.
Click to expand...
Click to collapse
CM7 will work fine. Now keep in mind, the actual server address can be different on AOSP email clients compared to HTC.
For example, my setup that I administer:
HTC Server address: owa.organization.com
Domain: organizationdomain
AOSP(CM7) Server address: owa.organization.com/owa
Domain:blank
Check with your exchange admin to see what your proper settings would be. If others in your organization have, for instance a Samsung or Nexus, get what they would use for settings.
My Inspire is a work phone I have never had an issue getting it to connect to our activesync. It also has that extra security thing but it always prompts me to allow it right before it syncs up. It has worked for me on the following ROMs.
Ultimate Droid (Current ROM)
CM7
MIUI
Cognition
RC Mix HD
You could always try a 3rd party email app like touchdown or K9 from the market.
I tried it for sure on MIUI and it didn't work. I have tried using K-9 and it won't even work with activesync account on stock. I am getting this error when I am trying to add the account both in email as well as in just the Settings - Account. Any other thoughts? I will try CM7 or Ultimate Droid tonight.
Thanks,
Jeff
jeff_chaney said:
I tried it for sure on MIUI and it didn't work. I have tried using K-9 and it won't even work with activesync account on stock. I am getting this error when I am trying to add the account both in email as well as in just the Settings - Account. Any other thoughts? I will try CM7 or Ultimate Droid tonight.
Thanks,
Jeff
Click to expand...
Click to collapse
MIUI makes changes to the AOSP email program, so it actually may not be compatible. What version of Exchange are you running?
I believe we are on Exchange 2007. Here is the info on the exchange web service:
Connected to Microsoft Exchange
Secured by Microsoft Internet Security and Acceleration Server
© 2006 Microsoft Corporation. All rights reserved.
jeff_chaney said:
I believe we are on Exchange 2007. Here is the info on the exchange web service:
Connected to Microsoft Exchange
Secured by Microsoft Internet Security and Acceleration Server
© 2006 Microsoft Corporation. All rights reserved.
Click to expand...
Click to collapse
That is what I administer. When adding to MIUI are you using the same server name/domain info that you had in HTC based ROMs?
We have a Exchange 2003 and I cannot get it to connect to that server. Maildroid and Touchdown both worked without any problems. I wish the default email client was a little more robust.
Yes, I am using the exact same information that I did when I installed it on the "stock" ROM when trying in MIUI. I have tried both on just the "add account" method as well as from the stock email client + K-9 Email.
In stock, I cannot get the K-9 email to work at all. the HTC sense email client works fine.
in MIUI (and REV 4.0) neither email client works and I cannot add the activesync server under accounts either.
jeff_chaney said:
Yes, I am using the exact same information that I did when I installed it on the "stock" ROM when trying in MIUI. I have tried both on just the "add account" method as well as from the stock email client + K-9 Email.
In stock, I cannot get the K-9 email to work at all. the HTC sense email client works fine.
in MIUI (and REV 4.0) neither email client works and I cannot add the activesync server under accounts either.
Click to expand...
Click to collapse
You may want to try using no domain and the full owa path for server name.
Sent from my Desire HD using XDA Premium App
I'll give that a shot. Thanks for the advice.
BTW...I did finally get the K-9 mail to work on the "stock" ROM. I had to put in my full email addy on the mailbox alias along with the /owa/auth/ in the Authorization path.
Update to the saga. Just tried CM 7 and when I try to add the ActiveSync Account, here is the actual error I get:
Setup could not finish
This server requires security features your phone does not support.
jeff_chaney said:
Update to the saga. Just tried CM 7 and when I try to add the ActiveSync Account, here is the actual error I get:
Setup could not finish
This server requires security features your phone does not support.
Click to expand...
Click to collapse
Do you already have a PIN code set to unlock the device?
It sounds like your corporate IT server is locked down a little more than normal. I've used the CM7 stock client on 3 exchange systems (my employer's server, my consulting gig's server and gmail exchange settings for push) and it connects fine to all of them.
Also, try RCMix 5.9.3. See if it gives the same results as Rev 4.
OK. Update with CM7.
I tried setting up the pin before adding account, no go. The other security option that they are trying to enforce is being able to wipe the phone (I work for a State Gov't...neat, huh) I'm guessing it is this setting that is causing the issue.
I did, however, get the K-9 email program to work in CM7. Now the only downside is I don't get contacts or calendar. I'll keep looking...
jeff_chaney said:
OK. Update with CM7.
I tried setting up the pin before adding account, no go. The other security option that they are trying to enforce is being able to wipe the phone (I work for a State Gov't...neat, huh) I'm guessing it is this setting that is causing the issue.
I did, however, get the K-9 email program to work in CM7. Now the only downside is I don't get contacts or calendar. I'll keep looking...
Click to expand...
Click to collapse
Hah, local Gov't here. The default AOSP mail client does support remote wipe, as I have tested our organization's functionality on Android on CM7, RCMix, and of course stock. (as well as a few times on the Captivate).
Try setting the password in Location & Security and checking that Use Secure Credentials is checked; and make sure Email is set as a device administrator.
How would I go about doing the "make sure Email is set as a device administrator." step you mentioned? When I click on device administrator there is nothing there to select.
I did try setting up the password in Loc & Sec and the checked the Use Secure as well. Still wouldn't allow me to add the activesync account. This is all still on CM7. Still a no go on getting my contacts and calendars to sync. What am I missing? (I'm sure it is me.)
You may want to try to contact your organization administrators and ask them if you can have an exception for the security policy. There is a particular setting that I have seen brought problems with several android phone this setting is "Allow Non-provisionable Device" and it should be set to true (many organizations set it to false which cause connectivity failures).
There is no way that I will get them to change settings for me. It has to either be something I am missing or a change that needs to be made in the ROM
Sent from my Desire HD using XDA App
Hello all,
I bought my Transformer last week. I've already installed 3.1 on my tablet. I tried to add my exchange account to the stock e-mail client, using a manual setup (in both versions). For some reason however I don't seem to be able to connect to our Exchange server. The error message that I'm getting is: The exchange ActiveSync server requires security features your phone does not support.
I know this was a problem with older versions of Android. But starting with 2.2 these issues should have been solved. Also, some colleagues of mine own 2.2 and 2.3 devices. And they can connect to our Exchange Server without any problems. Unfortunately I can't with my brandnew Transformer .
I've installed Touchdown for Tablets. This app has no problems whatsoever. But I'd much rather use the stock e-mail client, because it lets me read my mail from all my e-mail accounts in one tool.
The security policies Touchdown lists as being requested from our Exchange server are the following:
allow simple password: No
Password/PIN required
Failed Attempts 8
Min Length 4
Timeout 600 sec.
Password recovery
Oh - and an odd thing is that in Touchdown I have to put in my pincode. Could they're be a problem with exchange not recognizing the "pincode" setting in Honeycomb?
Perhaps someone out there can help me out with this problem, because it's freaking me out.
Regards, Perenor.
I haven't had a problem with my Transformer connecting and syncing with my Exchange server...actually have been surprised how quick it does connect...
..how far into the setup/connection process do you get before it gives you the error?
I get the error when I press "Next" on the page where you enter the "user/domain", "password" en "mail server" entries. It then tries to get the settings for incoming mail, which takes a couple of seconds. After that I get the aforementioned message.
I have sent in a bug report at code.google.com. Its Defect Id is 17987. Perhaps others out there with a honeycomb tablet who are having this problem as well, could leave a message there: http://code.google.com/p/android/issues/detail?id=17987.
It s been like it since Android 1.0...
Android does not support Exchange security. PERIOD.
It is sad. The only ROM supporting it are SENSE ROM... as far as i know...
But for HC, so far nothing...
Updating to 3.2 resolves this issue
Update didn't help
Updated to 3.2.1 (WW) but I still get the same message that my device does not support the security features required.
Running stock and un-rooted TF101 (no G) B70 series.
Any ideas/pointers?
And no, I don't want to install touchdown regardless of how good it is.
(Funnily enough, my dirt cheap HTC chacha has replaced my blackberry and works flawlessly with our Exchange server).
For the record, we're on Exchange 2010 but not sure which exact requirements activesync comes with (happy to report them if someone points me to how to gather them).
Hello,
I recently got a Lumia 800 - had i iPhone 3GS before.
And there you can sync your calender with ActiveSync.
But for some reason it doesnt work on Windows Phone 7.5
Any of you got it working or have some idea how to get it working?
Everytime i try - it just keeps asking for user and password, like it doesnt send it correctly to the server. Even got my username changed to [email protected] cuz I had an idea that it used <username>@<domain> you type in the account info. But didnt work either.
What server are you trying to connect to? I've used ActiveSync with several versions of Exchange, plus Google's implementation, and they've all worked just fine (including calendar sync). The most trouble I had was my office's Exchange server, which required that I provide a certificate on the phone... but the error message told me that, so it wasn't hard.
Note that username, domain, and server are all different fields and my have nothing to do with each other at all. Use the same settings you used on your iPhone and it should work, though.
GoodDayToDie said:
What server are you trying to connect to? I've used ActiveSync with several versions of Exchange, plus Google's implementation, and they've all worked just fine (including calendar sync). The most trouble I had was my office's Exchange server, which required that I provide a certificate on the phone... but the error message told me that, so it wasn't hard.
Note that username, domain, and server are all different fields and my have nothing to do with each other at all. Use the same settings you used on your iPhone and it should work, though.
Click to expand...
Click to collapse
Its a FirstClass mail server - that has a ActiveSync feature. I dont know much about the server part. Mostly schools and similar that use it as mailserver
There is no SSL support - so a certificate error it can't be?
I've been using ActiveSync for years with Google on iOS/Android. But I guess its the service that provides ActiveSync on our server that is the problem.
Microsoft updated their protocol making the ones on our devices obsolete and therefore mail doesn't sync anymore (Exchange Active Sync).
This is what was said by a Microsoft Answers Forum Mod:
As with many things, Hotmail too is evolving to accommodate more recent version of EAS. Please keep in mind that in order to have complete support and additional improved feature and technology capable on the device, older protocol sometimes become outdated.
There are two components in successful EAS synch. One is server side code to communicate and synch properly from 3 different services (Hotmail, calendar, and Contacts (people)); and the other is client application.
Sometimes this are cooperation and collaboration of multiple parties (the corporation who “licensed technology” vs. actually coded the application). Some of the older application would be in need to update in order to work effectively.
When server side protocol updates, incompatible clients would suffer. Unless updates on client application were made, it would be in need to force down the protocol to be compatible with older communication protocol.
Click to expand...
Click to collapse
Basically the issue seems to be with the m.hotmail.com server, because pop3 works fine.
One of the tips which worked for me in getting back Mail to sync was:
Log into the hotmail account on a PC. Look at the web address. Find the 3 letters and add it to ur phone's incoming server setting. Should be one of the following: snt-m, dub-m or bay-m
Click to expand...
Click to collapse
So instead of the usual hotmail.com or m.hotmail.com in the server field, I tried bay-m.hotmail.com (bay is the 3 letter word appearing on the browser address bar for my account), and yes it started syncing as before!
Let me know if you have any other fixes.
Also I have the Mail app behaving abnormally, causing a lot of battery drain and not letting the phone into deep sleep.
I will see if this was an issue relating to Microsoft protocols as well.
Thanks everyone for your replies
Same issue here on HTC One X , if you install the hotmail app you will get a message that states that there is a certificate error. If I find a solution I'll post it here
Hmmm...I flashed HyperNonSense v3.1 last night, then flashed GAPPS invertedemail.apk. Now I can't get the email app to login to my Hotmail account.
I have tried using both automatic, and manual setup (selecting the ingoing/outgoing settings recommended on almost every google result page). But nothing seems to work!
Has something changed at Hotmail's end in the past month or so? (which is when I last flashed an update on my Sensation).
http://answers.microsoft.com/thread/2a6789a5-e0d2-4ba4-939f-83fce21dea2a worked for me, they changed something for my account and sync started agai.
Sorry for the late response, but I wasn't subscribed to new replies to the thread automatically, so I didn't get notified of new replies.
@vandamage, what method did you try?
For error in certificate I think you need a patched mail app with security disabled, so that it works without checking for the certificate.
Try this thread http://forum.xda-developers.com/showthread.php?t=1520431
For a possible fix, check the updated OP.
Thanks