Related
Ever since buying the Wizard, I seem to be having trouble to get to our corporate OWA-pages. In general, logging in works perfectly, reading the first mail also without hassle, but replying, reading other mail or whatever results in constant login-screens.
On Windows Mobile 2003, there was a solution from Microsoft to circumvent this, but for WM2005 I have yet to see a solution.
Anyone?
You might try here or here to import personal certificates.
Do you need OWA or can you live with OMA instead? It's not elegant but it's functional.
Steven
Hello,
Why don't use the activesync synchronisation with exchange server ? (if it is a 2003 server of course !)
if it's an https site and using a private CA cert then download the root certificate from a desktop PC and run the .cer file on the handheld to import it. Really simple to do.
twaddle said:
if it's an https site and using a private CA cert then download the root certificate from a desktop PC and run the .cer file on the handheld to import it. Really simple to do.
Click to expand...
Click to collapse
Like jcleek mentioned; I followed instructions to import the certificate from my PC onto my Wizard. Still, after logging on to OWA, I get the same loop again. 1 mail can be read; every next action requests for my password again. :?
My IT guys have been trying to get this push email thing working and it seems to be one difficulty after another and is not as simple as pressing "push email" in the connection icon....
Our latest error appears on my device with the above error code stating
"the security certificate on teh server is invalid. contact your exchange server administrator or ISP to install a valid certificate to the server".
I have read that I need to buy a public certificate from a public authority (CA) or similar such as Verizon or Thawte. Is this the case, or is there a simpler way to get this push email working using the existing configuration and setup of the server?
We use exchange SP2, with outlook 2003 all around. Internet based webmail works correctly with full access, and activesync via PC works perfectly, but push email encounters the above error.
Any suggestions.
are you sure it's 80072fd or 80072efd ?
I don't have a solution, but the problem is described in M$ knowledgebase article: 915438 - see attached Acrobat .PDF.
I had already tried the suggestion in KB915840 to import the certificate from my sbs2k3-domain, but this had failed with "cannot access the certificate" - even with them on the device. However, certificates from my clients' servers, both sbs2k and sbs2k3, import without problems. This happened both before and after o2's AKU2 ROM update - so AKU2 is not the problem. In addition, I spent Easter *totally* reinstalling sbs2k3 and tested it immediately afterwards. All the sbs2k3/Exch2k3-Sp2 boxes are fully patched. The certificate itself is correct/working, since it works for Outlook Web Access via the web with laptops and even the Exec (Universal).
Whilst sync'ing from the workstation via ActiveStink/USB, if you turn off the SSL requirement the sync suceeeds, but that's obviously not a working solution via the 'Net.
Update:
Just had a thought, and checked the various certificates in a hex-editor. The one from my sbs2k3 box is a completely different format. :? I'll see what I can find out.....
maybe not related, but here's a list of all ActiveSync Server Error Codes: http://blogs.flaphead.dns2go.com/archive/2005/11/21/3202.aspx
80072f0d
Sorry, the correct code is 80072f0d.
I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.
But I do find it painful and frustrating that microsoft do not adequately support their own platforms and systems dont integrate as they should and as they are promoted.
M$ sks.
Re: 80072f0d
simon_darley said:
....I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.....
Click to expand...
Click to collapse
I'm not sure if it was clear from my reply - too tired - but rebuilding the server did not help at all.
Yeh, the pains of rebuilding SBS and having it all configured and running correctly when the staff arrive in the morning is not something I do willingly - hence the use of the holiday. It was done only as a last ditch attempt to solve this and another problem that had Micro$oft totally stumped - not related.
There is a difference in the certificate formats, so that's where I'm concentrating my efforts now. Will let you know what I find.
80072f0d error - the fix!
Just spent the past hour kicking and calling myself an £$%&* idiot.:x
Anyway, to cut the story short, the problem *is* indeed the damn format of the SSL certificate exported by sbs2k3. For the WM5 device to import it, it needs to be in DER X509 format.
If you have imported it into your PC/laptop for OWA/OMA/RWW, then you can easily export it from IE's Internet Options into DER format.
From Internet Options:
- go to Content-tab
- click Certificates-button
- find and highlight your certificate - I had imported mine into Trusted Root Authorities
- click Export-button
- click Next on wizard page
- enable the "DER encoded binary X.509 (.CER)" radio-button, and click Next
- enter a suitable path & filename, e.g.: "myserver.cer"
- click Next, click Finish, click Ok.
- Now copy the certificate to your PDA via ActiveSync.
- Open File Explorer on the PDA,
- Find the certificate file and launch it.
- click Yes to import it and you're done!
I think the reason why my sbs2000 certificates worked was that I had installed Certificate Services on those boxes and exported those certificate from there. I don't understand why some of my client's sbs2003 certificates were in DER-format, and others weren't, but we are talking about Microsoft software, so what else should I expect......
msfp and 80072f0d
After testing a few different certificate variations, the engineers that maintain our servers was able to send me two alternative certificates, one or bother of them appear to ahve worked effective.
So it imported, and now my active sync works for receiving these emails, now I need to look at these heartbeat pings and find out how I set the periodic checking.
Just wondering, normally if you dial a gprs/3g connection, you pay once, and stay connected all day. Does this now mean that it connects, downloads, disconnects, then 5 minutes later reconnects, downloads, and disconnects, thus paying a much larger reconnect fee everytime?
I am playing with this as a new toy, but I can see the costs are going to go ballistic....
and... perhaps for all those that are already experienced here, how does one send an email that remote wipes the device?
is there a command, or a key word or something that makes the system realise the remote wipe command....
sorry, I know this is off the topic of my original post, but thought you might know.
if not, I can start a new topic....!!!
The certificates that I was given was a server.cer and a root.cer.
If anybody needs to know, I can ask the engineers how they did what they gave me to get it to work.
The remote wipe is done from the sbs2k3 box - or rather the box running Exchange2k3Sp2. Your admin needs to install a small tool that he (Domain Administrator credentials needed) then accesses via IE.
Microsoft has published a new white paper (Feb 2006) that describes the whole procedure - just a shame they missed the need for the certificate to be in DER format. The white paper is: "Deploying Windows Mobile 5.0 with Windows Small Business Server 2003".
I try to get my mails pushed to my TyTN. Thus I enabled the appropriate services on my Exchange 2003 SP2 server, set the user permissioning and so on. I generated an P12 cert with my CA and imported it using p12import.exe on my tytn. I also installed .cer for the domain and for the CA on the mobile device. Thus I was able to sync and push. Now I am facing the following issue:
After successfully syncronizing and pushing for some hours, I regularely get an 0x85030027. Checking my certificate I can see that my p12 is gone. After reimporting it using p12import, i can change the server settings the following way to force an "reinitialisation" of the link between user settings and cert: I delete the "m" in "blabla.dynaccess.com", go forward to login information - the password is gone then - go back to the server, add the "m", go forward adding the password. Sometimes I am than able to sync again, sometimes I get an 0x85010004. In the latter case I must delete the whole server setting - loosing all my mails - and have set it once again.
Dealing with this issue now for several days and beeing unable to find any description or solution in this forum and the web, I kindly ask for any idea which could be considered beeing helpful...
PS.: Sorry for my English - it is not my native tongue ;-)
I use CACert certificate for my email and have imported it using smartphoneaddcert utiltity from Micro$oft.
Copy your certificate into \Storage\root.cer (has to be named like this) and run SPAddCert.exe, hopefully that should work
thanks for the immediate answer. i already installed my root-certificate with no probs. The issue I have is related to the individual cert for the device, generated and signed by my ca, which is trusted by the tytn. This individual one disappears after some syncs?!
I don't experience the same problem ...
I think your method is ok (Jacco in DDSL.NL) have a nice tools to import personal certificate to device...
You may also look : http://www.httpsync.net
Cheers
André
Now I can describe the problem more precise: the personal certificate disappears after every soft reset?!
I have the exact same problem !!!!
When you do a soft reset the personal Certificate disappears.
I can reimport it directly, but I need to hook it up to a PC in order to validate the Certificate.
Is there no other way. This is really annoying when i'm on a trip, and I have to soft reset the device.
Does anyone know hpw this can be done differently.
Thanks
Micman
We are running off a 2003 server. We do have webmail access. However, apparently we are using a personal security certificate. I can set up the activesync connection, but it never syncs.
I need step by step instructions on what I need to do, how to get the certificate off the server, import to my device, etc. HELP!
Assume I know nothing about exchange, certificates, etc - cause I don't!
Exchange 2003
Have you resolved this yet? I have had extensive research on this subject. My first Q: Do you have exchange setup on laptop or desktop?
You need to install your private certificate authority as a trusted root certificate authority on your device. The following link talk about how to do this.
http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx
You can also disable the certificate checking. The communication would still be encrypted, but if you ever accessed another site where the certifcate was invalid you would not be warned, so this solution is much less secure and therefore not recommended.
http://winzenz.blogspot.com/2006/03/hacking-your-windows-mobile-50.html
Hey first post! loving the forum by the way. and the HD2 phone. I already have my personal email with pop set up.
Just wanting to set up my exchnage account from work.
It has a self signed cert and i connect to the exchange via HTTP.
Ive saved the .cer file to the memory stick but i dont know what to do with it. Any advice appriciated.
Right, clicking on the cert and installing, Going to the certificates setting, its been placed in the "intermediate" catorgory. To get active sync and outlook working....Now what?
just click it, also, make sure you have trusted the certificate authority from your work, not just the exchange servers cert as it has no way of working out who made the cert...
I have the trusted certificate, when i "just click it" it opens with the detials of the cert... I will try alittle more today but i was assuming there must be an option to set a http proxy like in outlook.