[Q] T-Mobile D801 4.4.2 KK - Exchange Server email - T-Mobile LG G2

Stock Non-rooted
Has anyone had an issue with the stock email app and exchange server?
I had no problems with 4.2.2. I upgraded to 4.4.2 and it still worked.
However, I did a factory reset in 4.4.2 and I am now unable to connect to the exchange mail server. The exchange server also requires a client certificate for authentication.
I get the error, "Cannot connect to server. Try again after checking network connection and entered information." No network problems, just doesn't want to connect and get to the next step.
A few observations. in v4.2.2, the email apps showed up as an app available for backup via the LG Backup tool. In v4.4.2 it is no longer available. Also I was able to do the same thing on a stock N7 4.4.2 and no problems.
Did LG muck with the email app for 4.4.2 and break it?
EDIT (additional details from logcat):
Code:
!/chromium(23671): [INFO:aw_content_browser_client.cc(349)] Client certificate request from <server>:443 rejected. (Client certificates not supported in WebView)
E/chromium(23671): [ERROR:ssl_client_socket_openssl.cc(870)] handshake failed; returned 0, SSL error code 1, net_error -107
I/chromium(23671): [INFO:CONSOLE(12)] "Not allowed to load local resource: file:///android_asset/webkit/android-weberror.png", source: data:text/html,chromewebdata (12)
Looks like the LG implementation is doing something wrong or using an older version of exchange services?
Thanks!

Code:
I/chromium(23671): [INFO:aw_content_browser_client.cc(349)] Client certificate request from <server>:443 rejected. (Client certificates not supported in WebView)
E/chromium(23671): [ERROR:ssl_client_socket_openssl.cc(870)] handshake failed; returned 0, SSL error code 1, net_error -107
I/chromium(23671): [INFO:CONSOLE(12)] "Not allowed to load local resource: file:///android_asset/webkit/android-weberror.png", source: data:text/html,chromewebdata (12)
from logcat

Related

Issues with OTA sync; AT&T Kaiser just recently purchased and rom upgraded

Ok I have wrestled with this for 2 days straight.
I had issues with this with my CFO's windows mobile device but at least his was giving me a specific error message.
My Tilt has the latest Dutty ROM upgrade (Dual Touch), I haven't been able to get my exchange server synced OTA.
I run a Exchange 2007 Enterprise environment. Everything on the server side is fine. My OWA url is https://webmail.firethornmobile.net. All I get is waiting on network after 2-15 minutes.
I have soft reset, deleted the PC partnership, taken my connection off of auto and tried both my work connection and isp.
I'm starting to suspect it maybe the ROM upgrade but it was doing the same thing when I first started the phone.
Please help.
OMA enabled?
Do you have the OMA enabled? Do you have the server root CA installed in the tilt (I am assuming you are using secure method for OMA)?
I have flashed Dutty's dual touch v2 and I don't have problem to get emails through OMA services.
Do you ever get the other PDA sync with email before? From the error message, it seems the Activesync in the Tilt can't talk to the exchange (front end) server at all.
Yes on Exchange 2007 OMA is enabled natively. In the middle of seperating data centres from our sister company.
We just got bought by Qualcomm so we never bought a cert from Verisign. I am using a self sign cert from our exchange server ( I have to turn SSL off on the pda side.
This has never worked, I already called Cingular and they said if I can get webmail from gmail and hotmail then it isn't their problem.
I have installed the self signed cert on the handset.
OK, you don't need to install the self-signing cert in the PDA, but you need to install the root cert of the self-signing cert in the PDA.
Usually, a server cert or user cert has a root authority (CA), you need to install the CA cert in the PDA, not the server cert.
If you can install a window server (2000 or 2003), you can enable the certificate authority server and issue your exchange server a server certificate. In this case, you will have your own root certificate. I don't suggest you to use Verisign's certificate because everyone has Verisign's root certificate can try to "play" with your OMA server.
However, the error message is still showing that the Activesync in PDA can't reach to the OMA at all.
BTW, the push email doens't work if it's not on the SSL connection.
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
In that case, you can try to see if you can reach to the OWA from your PDA, if it can, you shall not have network issue.
BTW: the connon name of the server cert must be the same as your public domain name, otherwise, the Activesync will still reject the connection.
Apex i ITR said:
I apologize that I wasn't clear. Its is the root cert from the CA (Which is our DNS server).
I realize the message means that it isn't getting to OMA. I have been on the phone with AT&T and HTC aboutthis and no one can tell me why it can't connect. I have been given tons of different network settings by AT&T and HTC and nothing changes. I get different error messages but when i put everything back to the way it should be it still gives me this generic message.
I have configured my CFO's handset to get email (Its Palm Treo with WM 6.0) and even though that was a pain in ass it still works (just as good as his Blackberry) and he has SSL unchecked as well.
Click to expand...
Click to collapse
I agree with the poster above. I have this exact same set up at my company and it does work. The certificate has to be the external name of the exchange server. If this does not match the PDA will never sync. Check your certificate and make sure the FQDN is correct.
I just check your exchange server from the URL you posted above, your OMA and OWA are working, but the certificate's common name is not the same as the public domain name.
Try to re-issue the certificate, it may just work.
Thanks guys. I'll try that.
Webmail does work from the handset. I don't know how I got my CFo's working to be honest if its flaking on the name of the cert but I'll try that and let you know. I was about to hard reset this thing and leave the cooked ROM's alone for a while. Hopefully this resolves it.
From my experience dealing with Acticesync in the PDA, it's very picky of the name of the certificate. I think that's security reason. The Activesync doens't accept certificate that common name doesn't match the public domain name.
When I use the IP address for test, I have to get a certifiate with the IP address as its common. So I believe that's the certificate's problem, not the cooked rom.
I still suggest you to get your own CA and certificate, in that way, you have more control even debugging this problem.
I feel like a moron asking but how the hell do I change the common name.
You can't change an existing certificate, you have to re-issue a new certificate.
I guest you can't do it by the self-siging certificate, but I am not fimiliar with the self-signing certificate. Get a WIN server machine and install the CA server, after that, you can issue a certificate.
Assumeing you have a CA server ready:
1. Request the certificate from exchange server: you will have a chance to enter the common name of this certificate.
2. Generate a certificate from this certificate request from CA server
3. Import the certificate back to the exchange server.
If you can't get a WIN server as CA server, I will need to ask my colleagues about the free CA server he used from the Internet.
My DNS box is a CA server (started the service on that).
I'll try that then (I hard reset and I now I have an error stating I'm not authorized).
I'll let you know if it works. Thanks.
Ok I believe I did it right but I still get tha error (When connect via usb cable) and I still get the waiting for network message.
When you connect to the USB cable, you have to "allow" the Internet access pass through from the Activesync in the PC, otherwise, it won't reach out to the Internet at all.
Try to connect to other web site to see if you have a good internet connection or not.
Some updates. I made sure the cert is the right common name. I noticed that after I install it on the handset it doesn't put the cert in the root tab...only intermediate. I installed the ca server's cert as well (That went into the root tab).
Im leaving ssl checked and now I get 0X80072F17.
incorrect common name
Your common name is still not correct, it shall be "webmail.firethornmobile.net" only, but you put "http://" at the begining and "/owa" at the end, it not correct.
You have to issue the server certificate one more time with "webmail.firethornmobile.net" (without quotes) as the common name.
Also, when I check the Certification path of your certificate, I don't see this certificate is under any root certificate. Properly you need to check your CA (DNS) to see if it's setup properly.
Hey,
Use this site to figure out the errors you are getting on your phone. http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php
Also are you the Exchange Admin? If so enable verbose logging so that you can see what is going on with exchange as the connection comes in.
Also if you want to make sure it is not the cert you can "Enable" SSL on the phone and then reg hack it so that it doesn't check for the cert. this will allow you to see if it is a cert problem.
Let me know if you need any help with that. I"m an Exchange Admin and i work with Active Sync day in and day out.
Tried Fix Suggested on Pocket PC FAQ Site
I think this is ON TOPIC. If not, please advise and I will repost elsewhere.
I flashed my phone with the Dutty Beta 2 Touchflow ROM for Tilt. I am getting the following error and have tried the matched solution from Pocket PC FAQ:
0x80830003 N/A Synchronization failed. If the problem continues, contact your network administrator.
1. The Exchange server is configured to require client certificates.
1. On the Exchange server, launch Internet Services Manager. Right click on the Microsoft-Server-ActiveSync virtual directory and choose Properties. Select the Directory Security tab. Click the Edit button in the Secure Communications section and select the option to “Ignore client certificates.”
I continue to get the same error even after dumping the device through the exchange server.
My System Admin thinks that there is something wrong with the version of ACTIVE SYNC provided in the ROM used to flash the device.
Any thoughts/direction you could point me in or is there any other info you need?? Is th

[Q] Using VPN link to access to Exchange sever?

I am attempting to access my company Exchange server.
My company has a encrypted network. Can only access from external network by using a VPN link provided by a "Check Point" software (on a PC). The encryption provider is "Verisign".
I built a "L2TP/IPsec CRT" VPN link on my cell phone (Android 2.1) and successfully imported a personal certificate from a .P12 file issued by company IT. But I don't have a CA certificate to import. I found many certificates in my PC(win XP), Named as " verisign Class #*** " or " Companyname root CA ***". I tried some of them(export .CER file, and converse it to a .P12 file, import to Android) but failed to get acess to the server. Can somebody help me on this, please?
It's best to request CA root certificate from your IT people. If they don't have it, perhaps one of these will be a match:
http://www.verisign.com/support/roots.html

[Q] LG Optimus7 (?) Outlook (?) Bug

Hi everyone!
I'm trying to configure Outlook client with my company account, running Exchange 2007 SP2.
However, due to server configuration and presumably either a wp7 bug and specifically Optimus7 bug, I can not set the correct login data.
In fact my server requires this kind of login:
Code:
DOMAIN\Surname[space]Name
while Optimus7 does not allow to type [space] in the login form!!!
I'm not the domain administrator and I have no chance to manage server-side Exchange settings.
I tried to login both with email and surname.name <- this is the real cn value), with no success: maybe ISA blocks all different login attempts not matching DOMAIN\Surname[space]Name values.
I will appreciate who can help me.

Google Apps Email for Android

Hello,
I recently purchased a domain for my computer repair business. I decided to host my email from Google apps free, as i don't have 8 employees.... Any way i came across this video to walk me through setting it up but i dont have the "SSL Always" option.
I ahve an HTC Evo 4G, running CM7.0.3 with the Tiamat 4.0.5 SBC kernel.
I can send email out from the hosted email account but i cant recieve. the email comes back and reads " This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
[email protected]
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain.
The error that the other server returned was: 550 550 #5.1.0 Address rejected [email protected] (State 14)"
Ive had no luck cross referencing this. more importantly im wondering why i have no "SSL only" option.
Also i'm using the Mail client not the Gmail client as i cant stand the Gmail Client.
http://www.youtube.com/watch?v=9nyPBq54eUM&feature=player_embedded

Samsung Stock Email App, S/MIME Certificates

I have a Comodo Personal email certificate, which I use for signing and encrypting emails using the S/MIME protocol, over MS Exchange.
The Samsung stock Email application supposedly allows the use of such certificates natively. However I am running into problems when I attempt to install my key.
I'm using a PFX file exported from Windows Certificate Manager. When I generate the file using the standard wizard, I have the option of exporting my key and user certificate either with or without the other certificates in the chain of trust.
The complete certificate chain, by the way, is as follows: Private key/Personal Cert --> Intermediate CA (Comodo RSA Client Authentication and Secure Email CA) --> Root CA (COMODO RSA Certification Authority, included in default store)
When I omit the other certificates in the signing chain when exporting, the PFX just installs my key and my user cert in credential storage. But then everytime I use it to sign or encrypt something in the Email app, I get a nag from the Email app warning me that it could not validate my credentials. That is, Samsung Email app is unable to verify my cert's trust unless the intermediate CA is provided to it.
But frustratingly, when I export the PFX file so that it includes the intermediate CA's in the chain and install, Android places the Intermediate CA in User folder in the keystore, and treats it as a root CA. That is to say, instead of inheriting trust from the COMODO RSA Certification Authority (which is in the default keystore) Android assigns trust to the intermediate CA *explicitly*. And so, despite the fact it's a valid certificate signed by a trusted root authority in the default keystore, Android gives me nearly constant nags about my phone being "monitored by a 3rd party" until I delete the intermediate CA from User Trust. Which of course, breaks the Samsung Email app's ability to verify the certificate chain and yields a nag everytime I send an email.
Anyone else encounter this issue/know of a solution?
Bump.
I've scoured the internet for months and I cannot find a single thread anywhere on exactly this issue. It's a pretty straightforward question, I think. So I'm surprised I can't find any insights anywhere.
[deleted]

Categories

Resources