Hi,
does anbody know if the MDAII (Windows Mobile 2003) supports strong private key protection (every time a certificate is used the user will be prompted to enter a password)?
Thanks in advance for your answers.
Acro
Related
Hi,
I'm having a mare trying to get more info anywhere on the web.
I have an Intranet based web app running on latest version of IIS with .NET & SQL Server 2000 (on different boxes) using Integrated Windows Authentication (the IIS is trusted to the SQL Server box)
It runs fine on IE v6 provided the Enable Integrated Windows Authentication checkbox is ticked.
However on the XDA using Pocket IE (ROM 3.17.03 ENG) it gives Login failed for user 'NT AUTHORITY \ANONYMOUS LOGON' which usually means no Integrated Windows Authentication.
I can't find any docos on whether Integrated Windows Authentication is supported in Pocket PC 2002 - has anyone else come accross this or got any pointers they could help me with?
Thanks
As far as I know, Integrated Windows Authentication means that IIS will use the user's Windows login to authenticate the user. This is normally using your DomainName\Username for windows. When you are on your xda, you are not authenticated by Windows as the xda is not on the domain and you are logging into "Windows" using the same DomainName\Username on your xda. Try changing the IIS setting to use simple authentication so that users are prompted for a username and password to access the website.
I hope this helps
Thanks Illwil.
I can't allow simple authentication on the IIS as it will then screw the security for PC users (ie 99%)
I'm already logging onto the Domain via a dial up connection so it should all be OK
I think its something to do with Pocket IE declaring itself as IE version 4 to the Web Server rather than as Pocket IE
IE v4 doesn't support NTLM authentication (ie Windows Integrated Authentication) whereas I think Pocket IE should.
Also I've got 2002 which means that ByPass proxy server for local sites is automatic so its not that.
Still scrabbling - any help still gratefully received!
An answer after 3 months!
Bit of a dull one I know but just in case anyone was interested (!) I've used some mobile web forms instead of normal web forms - they only support ObjectList as opposed to DataGrid but seem to allow the windows integrated seciruty to work.
Thanks to anyone that gave this some thought.
John
Hi,
I want to connect my qtek 9100 on the 802.1x WLAN of my school (ETHZ). It has not been possible yet, although i spent an hour with a person from the tech support of the school.
The problem comes from the very specific configuration that I cannot set on the Qtek 9100!
I need to uncheck the "validate server certificate" option, which is by default for PEAP authentication, something easy to do on a normal windows machine. But the problem is, there is no way to disable this on the qtek 9100 in any "properties" tab, and it therefore complains that the server certificate is not valid, and then refuses to connect!
HOW could I disable "validate server certificate"?? using the registry??
With the person from the tech support we managed to find somehow the registry keys linked to this option in Windows. But of course these keys dont exist on the qtek 9100 in Windows Mobile 5...
Please, is there some expert with some better idea?
Thanks
Fabrice
I havent found a way to do it so far. No various configurations nor random 3rd party software worked on WM5 properly.
This issue is more interesting when consider that htc universal offers LEAP ( which would do work as well ) and wizard dont!
http://forum.xda-developers.com/viewtopic.php?t=42664
From what I can gather you will need a root certificiate. Still trying to get to the bottom of this though.
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
i found some useful info on the net, but have not yet tested them on my MDA Vario:
there seem to be 3 possibilities:
1: you retrieve the root certificate from your techie friend at your university and place it in the designated folder on your ppc.
Click to expand...
Click to collapse
2: you add a DWORD 0 at HKLM\Comm\EAP\Extension\25\ValidateServerCert (http://www.modaco.com/How_to_set_a_wifi_network_to_use_a_certificatel-t237261.html)
Click to expand...
Click to collapse
3: Hkey_Current_User\Software\Microsoft\ActiveSync\Partners
Here you should notice 2 sub-keys, both with a unique UID. One is set up for the ActiveSync Partnership with your PC, the other is set up for the partnership with your Exchange server. Fortunately, it is fairly easy to distinguish between the two. Simply highlight one of them, and look at the different values. You'll see pretty quickly which one is for your Exchange server. While the partner key for your Exchange server is highlighted, create a new value with the following parameters
Type: DWORD
Name: secure
Value: 0 (http://winzenz.blogspot.com/2006/03/hacking-your-windows-mobile-50.html)
Click to expand...
Click to collapse
authors of points 2 and 3 differ from opinion, but I cannot say which is best, perhaps someone else has an opinion?
predo said:
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
Click to expand...
Click to collapse
Hi Predo,
Have you been able to get LEAP to work using AKU2??
Lot of inquiries present on the net, but no clear answers.....
Thx,
Mak
This is what I would do.
This can be easily done from a PC, because you can get a temporary trust from the authentication server which gives you the option to install the root on your PC. Export the root cert from your laptop/PC and copy it over to your mobile device. Once the root.cer is on the wizard just open up file explorer and double tap it the cert will auto install.
Problem solved
I wouldn't use LEAP or even PEAP without validating the server cert. Especially in a hostel environment like a university, which is full of hacks. Associating to an AP without validating certs sets you up for man in the middle.
The only advantage LEAP or Fast EAP (if it were supported) is for roaming. The wizard would also have to support CCX v3. You can get this CCX v3 support by purchasing Funk (now Juniper) Odyssey client, which is $50. When using LEAP or Fast EAP it allows the use of CCKM (fast roaming).
Oh yeah, the odyssey client supports PEAP with the option to not validate the server cert.
hi, i dont know why is that but after upgrading software to new aku2.0 rom ( imate afair ) i started to be able to connect to my university wlan with no problems. Only thing is there i have nothing added in leap tab in network properties.
Anyway, it works so i'm not playing with settings anymore ;-)
folks, due to the security settings of my company's exchange server while using OMA I need to enter a lock code after some time when re-activating the device.
I cannot disable the lock by myself so does anybody have a clou how to hack this?
thank you all for any comment
(using Treo 750 and HTC Touch)
Hello,
I am using the Blackberry connect software in my HTC Touch.
My company has enabled the Password policy on our BES, so every 15 minutes my HTC locks. In order to unlock it I have to type a 4 number password. As the HTC has no keyboard this is a mess as I have to use the stylus to input the 4 digit (the keypad is really small). I need a Windows Mobile application which enables a large keypad. I can not find such application.
Any help is much appreciated.
Best regards
Hello everyone,
Taking advantage of the USA trip of a friend, I asked him to buy me a Nexus 4.
Now I'm trying to configure the email of the company where I work, which uses a Microsoft Exchange server. When I try put the server, domain name and credentials it says that "the Exchange server requires security policies not supported by this phone!"
Please consider that in the past I've configured an iPhone 3GS and an iPhone 4, an HTC Buzz (both with the original firmware and with the Cyanogen 7.1) and a Galaxy S plus and a Lumia 610, with the same settings without having any problem!
Is it possible that Nexus 4 (or Android 4.2) support less security policies than older and less powerful phones?
Do you have any solution or trick?
Thank you in advance. Bye,
Vito.
choutioe 1602
I want to add that when I configured the other phones in the past, I was asked automatically to configure a PIN to lock the phone. Now it does not happen.
I've tried to use a software called touchdown and it works correctly. These are the policies requested:
Checking Certificate...Checking to see if server is self-signed : link hidden for privacy
Server cert IS trusted, disabling accept all certsChecking ActiveSync with SSL...
Server is Microsoft-IIS/6.0
ActiveSync was found
ActiveSync Version :Versions:Microsoft-IIS/6.0,1.0,2.0,2.1,2.5,12.0,12.1
Trying activesync protocol 121...
ActiveSync provisioning returns HTTP:200
ActiveSync provisioning success
The following policies have been requested :
- Password/PIN required
- Failed Attempts 10
- Min Length 4
- Timeout 300 sec.
- Password recovery
Refreshing AS folders
Enabling PUSH