Related
I connect to 4 or 5 different wireless lans in the various places I work and also to GPRS.
For each one the connection to the internet will be with a different provider and therefore the SMTP server I need to use for sending mail will be different, or may even be a POP service running on a local Exchange server.
This is a pain. I have written a utility that solves this problem by allowing you to switch smtp server for all your mail acccounts in any mail client quickly on the fly.
Basically you configure any mail clients to use an smtp server called virtualsmtp and then you set up all the different smtp servers you use by IP address in the utility.
The utility sets a host record in the registry for virtualsmtp pointing to whichever smtp server you want to run.
It's called SMTPSwitcher (very imaginatively) and runs from a notification icon in the system tray.
It's a bit flaky at the moment (mainly windowing problems and issues with the NotifyIcon) and I also can't delete the server entries because RegDeleteKey always returns error 5 : Access Denied.
If anyone wants to test it or has any ideas or comments please post here.
I'd be happy to test it for you
nice software. I was wishing for it last thursday when I had to send mails from the wifi access point of a friend.
I would be glad to test it (qtek 2020, windows mobile 2003), once my phone decide to work (it did a quick 3 seconds journey in my wc today. oops)
OK. I can post the app here.
1) There is no install program at the moment, just an exe file.
The best way to install is to just copy to your PPC.
You can run by clicking on exe or create a shortcut in your startup folder.
2) It is written in c# for the .NET compact framework so you must have the .net CF installed which you probably have anyway.
3) The biggest problem at the moment is that the Remove button does not work properly.
If you need to delete entries from the list you will need to use a registry editor. The entries are stored in HKEY_LOCAL_MACHINE\Software\SMTPSwitcher.
4) Sometimes the app stops responding and wont display its form when you click on the icon. If this happens you can try to terminate it using the Settings->System->Memory->RunningPrograms option or do a soft reset.
I will be trying to fix the Remove button and unless I can find a fix for some of the problems that cause the app to stop responding I will probably remove the feature that lets you run it as an icon.
I had this problem ages ago where i would go to a friends house or a wifi hot spot but of corse could not send email.
To get round this i purchased a domain name and email account with easyspace. this works well for me, as it done not matter how i am connected either GPRS, or WiFi i can still send emails from just the one account.
The only problem just noticed the other day is if i use orange UK it works fine on GPRS connection but not if its a 3g connection, Orange are looking into this.
Please dont take this as critisisum your program is a excellent idea, I just like the idea of not having to take any notice of how i am connected and email working
John
Subscribing to a roaming smtp service is another way round the problem as is using webmail.
My problem is that I have 5 or 6 mail accounts in different domains and a lot of roaming smtp services will not relay for any domains other than the ones you have with them.
I have uploaded a new version which has a DNS resolver built in.
Instead of typing in the IP address of any smtp server you want tp use you can enter the name and it will look up the ip address assuming you are connected to a network.
My IT guys have been trying to get this push email thing working and it seems to be one difficulty after another and is not as simple as pressing "push email" in the connection icon....
Our latest error appears on my device with the above error code stating
"the security certificate on teh server is invalid. contact your exchange server administrator or ISP to install a valid certificate to the server".
I have read that I need to buy a public certificate from a public authority (CA) or similar such as Verizon or Thawte. Is this the case, or is there a simpler way to get this push email working using the existing configuration and setup of the server?
We use exchange SP2, with outlook 2003 all around. Internet based webmail works correctly with full access, and activesync via PC works perfectly, but push email encounters the above error.
Any suggestions.
are you sure it's 80072fd or 80072efd ?
I don't have a solution, but the problem is described in M$ knowledgebase article: 915438 - see attached Acrobat .PDF.
I had already tried the suggestion in KB915840 to import the certificate from my sbs2k3-domain, but this had failed with "cannot access the certificate" - even with them on the device. However, certificates from my clients' servers, both sbs2k and sbs2k3, import without problems. This happened both before and after o2's AKU2 ROM update - so AKU2 is not the problem. In addition, I spent Easter *totally* reinstalling sbs2k3 and tested it immediately afterwards. All the sbs2k3/Exch2k3-Sp2 boxes are fully patched. The certificate itself is correct/working, since it works for Outlook Web Access via the web with laptops and even the Exec (Universal).
Whilst sync'ing from the workstation via ActiveStink/USB, if you turn off the SSL requirement the sync suceeeds, but that's obviously not a working solution via the 'Net.
Update:
Just had a thought, and checked the various certificates in a hex-editor. The one from my sbs2k3 box is a completely different format. :? I'll see what I can find out.....
maybe not related, but here's a list of all ActiveSync Server Error Codes: http://blogs.flaphead.dns2go.com/archive/2005/11/21/3202.aspx
80072f0d
Sorry, the correct code is 80072f0d.
I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.
But I do find it painful and frustrating that microsoft do not adequately support their own platforms and systems dont integrate as they should and as they are promoted.
M$ sks.
Re: 80072f0d
simon_darley said:
....I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.....
Click to expand...
Click to collapse
I'm not sure if it was clear from my reply - too tired - but rebuilding the server did not help at all.
Yeh, the pains of rebuilding SBS and having it all configured and running correctly when the staff arrive in the morning is not something I do willingly - hence the use of the holiday. It was done only as a last ditch attempt to solve this and another problem that had Micro$oft totally stumped - not related.
There is a difference in the certificate formats, so that's where I'm concentrating my efforts now. Will let you know what I find.
80072f0d error - the fix!
Just spent the past hour kicking and calling myself an £$%&* idiot.:x
Anyway, to cut the story short, the problem *is* indeed the damn format of the SSL certificate exported by sbs2k3. For the WM5 device to import it, it needs to be in DER X509 format.
If you have imported it into your PC/laptop for OWA/OMA/RWW, then you can easily export it from IE's Internet Options into DER format.
From Internet Options:
- go to Content-tab
- click Certificates-button
- find and highlight your certificate - I had imported mine into Trusted Root Authorities
- click Export-button
- click Next on wizard page
- enable the "DER encoded binary X.509 (.CER)" radio-button, and click Next
- enter a suitable path & filename, e.g.: "myserver.cer"
- click Next, click Finish, click Ok.
- Now copy the certificate to your PDA via ActiveSync.
- Open File Explorer on the PDA,
- Find the certificate file and launch it.
- click Yes to import it and you're done!
I think the reason why my sbs2000 certificates worked was that I had installed Certificate Services on those boxes and exported those certificate from there. I don't understand why some of my client's sbs2003 certificates were in DER-format, and others weren't, but we are talking about Microsoft software, so what else should I expect......
msfp and 80072f0d
After testing a few different certificate variations, the engineers that maintain our servers was able to send me two alternative certificates, one or bother of them appear to ahve worked effective.
So it imported, and now my active sync works for receiving these emails, now I need to look at these heartbeat pings and find out how I set the periodic checking.
Just wondering, normally if you dial a gprs/3g connection, you pay once, and stay connected all day. Does this now mean that it connects, downloads, disconnects, then 5 minutes later reconnects, downloads, and disconnects, thus paying a much larger reconnect fee everytime?
I am playing with this as a new toy, but I can see the costs are going to go ballistic....
and... perhaps for all those that are already experienced here, how does one send an email that remote wipes the device?
is there a command, or a key word or something that makes the system realise the remote wipe command....
sorry, I know this is off the topic of my original post, but thought you might know.
if not, I can start a new topic....!!!
The certificates that I was given was a server.cer and a root.cer.
If anybody needs to know, I can ask the engineers how they did what they gave me to get it to work.
The remote wipe is done from the sbs2k3 box - or rather the box running Exchange2k3Sp2. Your admin needs to install a small tool that he (Domain Administrator credentials needed) then accesses via IE.
Microsoft has published a new white paper (Feb 2006) that describes the whole procedure - just a shame they missed the need for the certificate to be in DER format. The white paper is: "Deploying Windows Mobile 5.0 with Windows Small Business Server 2003".
I'm rather surprised not to have seen third party support step up to fill in Activesync's worthless inability to sync over wifi or wlan. It would be very nice to revive this forgotten feature. Don't you people remember the uproar it caused when MS removed it?
Anyhow, I'm almost certain there's a work-around. Has anyone seen or heard anything in development?
Why revive this feature?
1. For the sheer convenience of not having to go through exchange servers or third party services especially when they may not be available to you
2. To sync user specific software that's otherwise not syncable OTA
3. Greater freedom share files over a wlan/wifi connection especially with these new and faster broadband networks (ev-do, etc)
4. Not to have to make special trips to your workstation just to sync..
I've found a workaround - sorry it's in German - here:
http://www.mypocketpc.ch/Workshops/15899.aspx
But it seems that since ActiveSync 4.5 you need to configure a DOMAIN on the pocketPC, not only login and password.
Does anybody know how to set something like a "pseudo domain" or if the PC has a "default domain", if no domain is set?
I will try to translate the workaround now:
In earlier versions of ActiveSync WLAN Sync was possible (last known version 3.8), since version 4.x it was removed..
You can do a remote WLAN Sync as followed:
Start ActiveSync on the PocketPC. Go to Options > Server OR Configure Server [depends on your ActiveSync Version]
Enter the IP of the Windows PC. [if you don't know do: Start > Run > cmd > ipconfig /all ]
Enter Login and Password which are the same as on your Windows PC. [SSL I think should be deactivated]
IN v4.5 YOU HAVE A PROBLEM HERE: if you don't enter a DOMAIN, the configuration wizard doesn't continue IF YOU HAVE LOWER VERSION PLEASE TELL WHETHER YOU HAVE TO SPECIFY A DOMAIN
Click Next > Next > Finished.
Now you can MAYBE [see the DOMAIN problem] sync via WLAN again..
If anyone has an idea how to workaround the MUST-SPECIFY-A-DOMAIN problem please tell, I think I am not the only one who wants WLAN Sync back!
I think you need an exchange server for sync over wifi or gprs.
NO and YES!
YES: Microsoft WANTS that you use an Exchange Server, therefore they have removed support for syncing via WLAN since v4.x
NO: The posted workaround doesn't need an Exchange Server running!! Instead you are "simulating" that you have one. Earlier this Workaround seem to have worked, but since ActiveSync v4.5 it seems you NEED to specify a DOMAIN of your PC.. maybe just another hurd only!
So, the problem again: since you need to specify a DOMAIN of your PC now, is there a possibility to workaround this? Maybe via Registry or setting up a "Pseudo Domain" ? This MUST-HAVE-SPECIFIED-A-DOMAIN seems now to be the only problem, unfortunately you cannot leave the domain field empty.. but the Handheld tries to connect the PC via WLAN (...WOW! Just one step away from the Solution!!?...), but that fails due the DOMAIN problem.. (most PC are only in a workgroup, and not in a domain..)
Maybe we are only one step away from a working solution!
I think only the wizard is changed by MS so that when no
domain is entered you cannot go forward.
ActiveSync can be configured with Configuration Service Provider (CSP)
through XML file.
Infos here: http://msdn2.microsoft.com/en-us/library/aa456215.aspx
I will try this tomorrow with a configuration without domain and let you know
if it works.
Houser
You said it - the setup wizard seems to be the only hurd.
Hey, great idea. Where to find this config file?
I searched for it on PC and PPC, but found only binary files..
Hope you have success!
Here are the maybe suitable Registry Settings for ActiveSync setup, I will try this way:
http://msdn2.microsoft.com/En-US/library/aa457989.aspx
Here is a tool I have written to configure ActiveSync Settings
without ActiveSync wizard.
You can test it if you want.
Houser
Thx. I launched your tool and entered IP + Login + Pass, activated e.g. Tasks to synchronize, and deactivated SSL, and clicked Save.
Then I launched ActiveSync on the PPC (Trinity HTC P3600).. now there comes a screen:
Microsoft Exchange:
Result: Your account information could not be detected. Choose configure Server on the ActiveSync menu to check your Exchange Server credentials.
Support Code is: 0x85002009
Hmmm maybe because the domain entry is left empty?
What happens if you enter some characters for the domain?
Houser
If I enter a domain it tries longer to sync on the PPC - instead throwing at once the message above - the circling arrows animates for 3 seconds, then it ends ups with:
Waiting for network..
Hm, maybe the ActiveSync software on the PPC checks for the domain entry But.. maybe this check can be removed
Where is the configuration saved? To a file (which one) or to registry (which branch)?
I do not know where the config is saved. In WM2003 it was in the registry
but in WM5 that was removed and stored in some internal database
I think.
Houser
As you speak German, maybe this could be a workaround for the domain problem:
http://www.weyo.de/board/?n=320745&bn=21
I mean, maybe it's possible to enter a Pseudo Domain in the Registry on the PPC under
HKEY_LOCAL_MACHINE\\\\Comm\\\\Tcpip\\\\Hosts\\\\
And entering this Pseudo Domain as Domain in the ActiveSync Setup..
But what to enter in the Registry? The branch is currently empty, so no example exists
Hm, here's how to enter the information:
http://support.microsoft.com/kb/q199370/
ActiveSync uses the domain only for authentication.
The server name (DNS name) or IP is used for the connection.
In the registry you can enter Host names with IP adresses
that has nothing to do with domain name.
ActiveSync uses HTTP oder HTTPS (TCP/IP port 80 or 443) when
you configure a server in ActiveSync.
ActiveSync on your deskstop PC does not listen on this TCP ports
so you cannot connect.
Houser
Hm, any other idea? How crazy whatever..
Today not maybe tomorrow.
Houser
Houser said:
ActiveSync uses the domain only for authentication.
The server name (DNS name) or IP is used for the connection.
In the registry you can enter Host names with IP adresses
that has nothing to do with domain name.
ActiveSync uses HTTP oder HTTPS (TCP/IP port 80 or 443) when
you configure a server in ActiveSync.
ActiveSync on your deskstop PC does not listen on this TCP ports
so you cannot connect.
Houser
Click to expand...
Click to collapse
So what you are saying is, that there is no way to sync over wifi unless you have an exchange server?
freeyayo50 said:
So what you are saying is, that there is no way to sync over wifi unless you have an exchange server?
Click to expand...
Click to collapse
Yes this is the only way I have done it so far.
But may be there is another solution out there to do this
with Outlook on your desktop but I currently do not know
how that can work.
I will do some tests today and let you know about the results.
Houser
I did al the same and no results...
A followed all the steps for my ipaq 9610 as well and get same (no) results.
Maybe anyone a new idea?
Hi,
I have the following problem with my HTC Tornado (WM6 – CE OS 5.2.19202). I’m using push mail over SSL with an Exchange 2003 Server. It has a dynamic IP, so I use dyndns.org. After every IP-change it’s not possible anymore to sync till I restart ActiveSync on the device, or enable, disable the flight mode.
When I used WM5 on the same device this issue was possible to fix by create the dword registry key:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled=0
But on my new WM6 ROM is has no effect anymore. Has anyone experience with that configuration, may be a newer will ROM fix it?
Greetings Mirici
----
Free calculator with numeric solver for WM5/6 Smartphones: http://www.ntalk.de/graph
Hi Mirici,
I think all WM6 devices have this problem with Exchange push-mail on dyndns-servers.
I ended up programming a restart activesync script on the device. (every 120mins)
Don
Mail servers should not be run on dynamic IPs. Unless you are routing mail through another SMTP server you will have issues with reverse IP lookups and being blocked on dynamic IP blacklists.
If you can afford an SSL cert it should be easy enough to get a static IP. Or are you signing your own certs and installing root certificates on each WM device?
If you use a relay-smtp-server from your ISP as a send-connector, blacklisting should not be a problem. I have no problems running my Exchange2007 or 2010RC on a dynamic IP.
Installing the SSL-certificates on the mobile devices must be done, but what has this to do with a fixed IP? I use my toplevel DE domain and cname it to my dynamic name.
This is a exchange-server for private use. In a company I would surely have a fixed IP, but for private use a fixed IP is too expensive, at least here in Germany.
Anybody has a solution for this not involving to script-kill this ActiveSync process? The repllog.exe must be killed when the IP changes, because it does only do a DNS-query ONCE in its runtime.
I have the same problem with dyn. ip.
Im looking for a script or program that kills activesync when the serverconnection is lost an then restarts pushmail
Hello,
I've just bought my Galaxy S.
I have problems with the default Exchange Email client from the phone.(is this Samsung one, or Android?).
At the begining it was working fine, without any issues.
I made a firmware update using Odin to I9000XWJG5 and it was not working anymore. When I was trying to configure it all the time I was getting "Unable to connect to open connection to server". I checked with a USB tracing tool and I saw that the email client is crashing.
Meantime I updated to the last VDF Romania verision I9000BUJF5, but the behaviour is the same.
What it is starnge is that I installed an Market Exchange Clent, Touchdown, and it is working just fine (using Active Sync connection to Exchange Server).
What do you think? Which can be the issue?
The funy thing is that with an other I9000 with the same software, is working the default Exchange Email client! So it is something with my hardware?
Thanks,
Mircea
I have same problem. Any solution? I use 3rd party like TouchDown and RoadSync are working fine. Is this ROM problem?
One more thing: the same behaviour is hapening if I try to configure yahoo mail!!! It is a problem with the embeded email client!
Sent from my GT-I9000 using XDA App
though touchdown works, but it doesn't integrate with the phone and other Widget.
Still prefer the Exchange client comes with SGS.
and looks mirceal has a more serious problem than i do, I only can't sync the calendar, unlike mirceal, can't sync anything
I have the exact same problem. Have you found a solution yet?
Thanks!
On my side I have already tested a lot of mail app and a lot of ROM ( australian JG2 I think and JFF, JM2, JM5, JG8 and JP3)
For all the 3rd party mail app ( htc work mail, k9, touch down) it basically works all the time
For the integrated mail app I had the following issues :
* Unable to connect to open connection to server for all the exchange account
* Unable to connect to open connection to server only on the subfolder ( the inbox was working)
* Unable to connect to open connection to server for the Hotmail
* Hotmail mail downloaded but not displayed ( can't even see the list of mail ... just the count on the first mail app page)
This problem occured only with some ROM and sometime with the same ROM it happened or not after a reboot
For instance on JFF, JG8 and JM5 I have never been able to see the mail coming from the subfolder of my exchange account.
I works fine with JM2 and JP3
For the calendar, I have seen only once working with JM2. With this ROM instand of having 1 exchange calendar I had several calendar coming from my exchange account ( one for every type of event like work, family, personal ....)
Now with JP3 the calendar doesnt sync so I have to use gmail to sync my exchange
So no solution to propose ...
Iwill install again tomorrow JM2 to see if the mail and calendar definitely works with this one
How did you check that the mail app was crashing through usb ?
Hello,
Good news from my side!
I found the issue I experienced.
The things are as follows: when you configure for the first time the default client, it's firstly connecting to ssl.samsungmobile.com server!!!! This I noticed only after I installed wireshark program on the mobile. My problem ead that I am using a separate APN for checking emails. This APN doesn't have access to internet. So it was impossible to reach that public server!!!! And the error was "unable to open a connection to server". It was speaking abot the samsung ssl server and not my company's Exchange Server!!!! Crazy thing.
So at the first time of email client connection setting I used the internet APN till the internal setting algorithm reaches the ssl.samsungmobile.com connection and when it tries to reach the Exchange Mail Server I switch to vpn APN. And the Exchange emails are working without any problem!
Try it!
Mircea
Sent from my GT-I9000 using XDA App
Hi,
can you please clarify what exactly have you done?
for some reason I have the same problem on WiFi as well.
(let alone that ssl.samsungmobile.com is not a valid address).
Same with Galaxy Tab - reason found
This is exactly the same problem on my tab.
literal translation: "connection with server impossible"
It seems, however, that the client is in contact with the server: when I enter a wrong username, the error throws immediatly; with the correct credentials it takes 3 times longer.
New findings:
Exchange 2010 does a good job logging EAS. Extract of the EAS dialog of my Galaxy Tab:
RequestBody :
<?xml version="1.0" encoding="utf-8" ?>
<FolderSync xmlns="FolderHierarchy:">
<SyncKey>0</SyncKey>
</FolderSync>
AccessState :
Blocked
AccessStateReason :
Policy
ResponseHeader :
HTTP/1.1 449 Retry after sending a PROVISION command
MS-Server-ActiveSync: 14.1
ResponseBody :
[No XmlResponse]
So, I can see that the mail client doesn't integrate with Exchange's security policies. Very bad job indeed, as TouchDown AND HTC (Desire:Froyo) do quite well.
Is somebody please going to request Samsung to speed up?
Exchange 2007 vs. 2010
I just discovered that on Galaxy Tab, the mail client can deal with an Exchange 2007 Server with security policies activated, but it cannot get the compliance check done with Exchange 2010.
This is a known issue with certain versions of Android OS on phones available from different manufacturers and service providers. The only verified solution that we know of at this moment has come thru this community, as 'Mitch Roberson' has written below, I have marked that as an 'Answer' as well.
Now, let me list some related details here for everyone's information.
Phones are actually running into a provisioning issue against Exchange 2010 Server. This is evident from the IIS logs pastd below by some users and the logs we have seen in Microsoft Support. For example, you will see the following in IIS Log:
2010-08-31 20:38:54 192.168.2.6 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=johndoe&DeviceId=validate&DeviceType=Android&
Log=V120_Ssnf:T_LdapC13_LdapL16_RpcC35_RpcL63_Ers1_Cpo19453_Fet20015_Pk0_
ErroreviceNotProvisioned_As:BlockedP_Mbx:mail.contoso.local_Dc:dc01.contoso.local_Throttle0_BudgetD)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F7fd952bb-6275-4010-8c3e-bb47f4cea08f%2cNorm%5bResources%3a(Mdb)DB1(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc01.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc02.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 contoso\johndoe 75.204.200.137 Android/0.3 449 0 64 20734
You can see that the Android mobile device is sending a 'FolderSync' EAS command to server for user JohnDoe with the DeviceID = Validate and Type = Android, and is being blocked by Exchange as it is not responding properly to the provision command from server. This is implemented thru Default Throttling Policy and the error it geenrates is error code: 449 (which essentially means device provisioning has failed). Generally this happens when client does not respond properly to provisioning commands from server where server informs mobile device that there are certain EAS policies applied by the Exchange Server Administrator and device needs to acknowledge those for implementation. This happens mostly when the device does not support all or a subset of EAS policies being implemented by the Exchange Server Administrator.
If you bring up the EMS command prompt and enter the following command, you will see the following output (similar to what we saw above in IIS Log):
Output of “Get-ActiveSyncDeviceStatistics -mailbox:johndoe”: (truncated)
RunspaceId : f0323f7c-b3a6-4102-ab5b-d1df0464e318
FirstSyncTime : 8/31/2010 8:38:34 PM
DeviceType : Android
DeviceID : validate
DeviceUserAgent : Android/0.3
DeviceModel : Android
DeviceEnableOutboundSMS : False
Identity : contoso.local/Test/John Doe/ExchangeActiveSyncDevices/Android§validate
Guid : a5750d0c-189c-4ccc-9b22-e5c87845f5c0
IsRemoteWipeSupported : False
Status : DeviceOk
DeviceAccessState : Blocked
DeviceAccessStateReason : Policy
DevicePolicyApplied : Corp
DevicePolicyApplicationStatus :NotApplied
DeviceActiveSyncVersion : 12.0
NumberOfFoldersSynced : 0
We have seen this issue mostly with devices using Android 2.1, users who have been able to update their devices with Android 2.2 somehow, stopped running into this issue, without making any changes on the server side.
I contacted HTC Support (on 9/28 via http://www.htc.com/us/support/e-mail) about this issue and they responded (like other users have reported here), please keep in mind this can change at any time in future, so please contact HTC Support directly for updates:
"At this time we do not have any Android based device that will sync with an Exchange 2010 Server. We may provide future Android devices that do offer this. However, as there is currently no release information for any upcoming devices, we encourage you to continually visit HTC’s product page at http://www.htc.com/us"
While working on this issue we also discovered that Android provided limited support for EAS policies and is working to continually improve it in their upcoming versions. For more information, please see related posts below. Again, this information is subject to change at any moment, so please refer to Android website (http://code.google.com/p/android/issues/list) for current info.
1. http://code.google.com/p/android/issues/detail?id=9426 : "we only support the basic (EAS 2.5) features in Froyo. So if your server requires, for example, password history or expiration, or complex characters, then it won't be provisionable in Froyo. Our goal is to provide more policy support in future versions, but for now we support - password (PIN/alpha), minimum characters, max. fails to wipe, inactivity timeout, and remote wipe.”
2. Exchange Device Password policy not enforced when "Allow non-provisionable devices" is selected: http://code.google.com/p/android/issues/detail?id=8601
Fix for this issue is in the Android 2.2.1 Update, released recently (for Nexus One users, may not be available thru other service providers at this time, contact your service provider for any updates that they can provide for your device), Android now implements the policies it can rather than ignoring all policies and thus it can successfully sync with the server.
Hope this helps!