Hi
Got an odd one. at work we have a domain (active directories and all the rest of it). as a result only domain computers can access the internet via the proxy server.
so my desktop works just fine being on the domain, but when i active sync my wizard, active sync effectively puts my phone on the network and nicks the proxy settings from my desktop. but the proxy rejects my phone as its not a domain machine. sure others have this issue.
does anyone know of some errr mini proxy server or something like that, that can run on my desktop to act as a server for my networked phone, meaning the proxy will not even see my phone and therefore not reject it.
i have messed with windows network sharing etc... and i don't think its the way to go.
anyone have any ideas?
Related
I've just set up a small wireless network at home through which I intend to use several devices to connect to the internet through my LAN!
The LAN gateway is running ISA 2004 and my home computer is running the necessary Firewall client (a completely secure connection with username and password)!
Now everything's working fine... the pocket pc hooks up just right and i can browse the network and do what I could probably do using my own personal computer BUT the internet doesn't work!
It keeps asking me for a username and password (which like i usually provide in internet explorer on my personal computer) which i do supply... three times in a row after which it gives me an error saying that ISA cannot authenticate me!
The home computer doesn;t run the internet without the firewall client, and i'm supposing the pocket pc is facing the same dilemma! is there any way to circumvent this issue? perhaps a mobile version of the isa firewall client?
Please help. Thanks!
afaik there isn't a mobile version of the firewall client.
I set my ISA server to allow anonymous internet access ,and set all my machines up as secure nat clients (set isa servers ip as default gateway, I use a dhcp scope to do this). There is lots of info on this on microsofts ISA server website, I'd suggest a look there first, or try a google for secure nat.
Good luck, works well for me but ymmv.
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian
I would like to config my ppc to get online thru my office's internet.
But sadly, my office is using proxy server, a VPN, plus I'm on a domain.
On my ppc, I had applied all the necessary settings on proxy namely
proxy address and port number, and VPN such as site IP, user name and password for our Check point VPN.
On my desktop, the setting is set on The Internet but still failed.
Would it be the fact that I was connected as a "guest" during ActiveSync?
Can anyone shine some light on me please.
MovianVPN
You will probably need to download MovianVPN ($99.95) for use with firewalls other then Microsoft's, which is all the VPN client included with WM2003 supports.
Hi guys,
Right i have an XDA exec and an XDA mini , ones for work ones for personal use.
I've set up an exchange server at home for the mini however it has to listen on port 8080 (the web outlook frontend).
However I'm trying to connect the activesync client to this via
address:8080 in the server field on the device but it doesn't seem to work
I can obviously access the site via 8080 on http but not via activesync. I've tried this on both the XDA MINI and the XDA EXEC and neither can access the server and i can't move the ports .
does the client support ports?
can you override them?
help!!!!
Activesync works by default over port 80 (non-secure) and 443 (secure) only. There may be a reg hack but I am unaware of one. If your cable or phone company is blocking port 80 just install a certificate, which you REALLY should be using anyway) and connect over 443 using SSL.
this is the problem, both portss 80 and 443 are taken up already by an apache web server.
I have exchange running under a virtual machine on the linux server. The windows 2003 box intergates with the existing mail sub system giving me access to the pop3 and smtp service on the linux side of things so its transparrent.
So apache runs on both port 80 and 443 so I can't bind anything to them.
I was looking into a reg hack if there was one.
If i find anything i'll post it but until then i have the same problem...which is a real annoyance!
the other thing is that the server i'm working with is only allowing port 8080 to be directed to it. Does activesync use any other port for the sync via web? As that might be the other problem.
right i've found a partial solution.
What i've done is use mod_proxy as part of the apache2 stuff to do a reverse proxy to the server over a virtual host on the system...
soo all traffic for the virtual domain foo.com goes to 192.168.1.20 which is the server behind the firewall (which just happens to be a bridged virtual machine).
That means now I can access exchange web via http on port 80 so atcive syn now connect to it.
unforutnately the crap thing is now active sync constantly asks for a username and password all the time and doesn't sync. So I'm guess it can see the server but not get any further...
so does anyone know if active sync needs access to any other ports as I can forward them much easily through the firewall.
help and thoughts please .
HAHAHAHAH GOTCHA
right that did it...
two things..i'd made a mistake int he domain name on active sync and added an E into the domain name where I should have!
also because i'd promoted the VM to a Domain Controller after installing IIS etc I had to re-register the ASP.NET framework so OMA worked.
I now have push mail working on linux out of a VM whilst apache is running on the same box
nice
Can I challenge you to document your setup and post it on a new thread for others to learn from?
yeah i'll do that , currently however I've been having a bit of a war with the SSL setup as the first pass was "open communications"
I've hit a snag where access to to OWA works for everything bar for internet explorer. I think i know the problem and have a solution so once I've tried that I'll document it and get it up here.
I do have reversed proxy SSL working to exchange though so now everything is secure and I can access OWA via firefox so again thats cool.
The I.E thing im certain is an issue with the actually app and that when it detects I.E it trys to be all clever but unfortuantely the domains don't match atm so its https://foo.com/exchange to http://bar.com/exchange and because of the domain name difference its getting a little twitcy.
theres three solutions, re-install everything from scratch (fat chance).
try to convert the active dicrectory domain to the one that matches foo (have you READ the documentation!....80 odd pages or something). Or change the https domain name on apache and redo the certificate (nice and easy but i'll do it tuesday).
once I can get it working seamlessly i'll do the docus
I'm an IT guy and I just got into smartphone PPCs for the first time after a long-time hiatus from PDAs when I used to be a Palm owner. After my last palm, a LifeDrive, got stolen I moved to a Moto Q wich was a big dissapointment OS wise, and I never really got into modding it or anything, just set my POP3 e-mail server and used it like that for 2 years (draw back was that I didn't have contact sync nore internal e-mail sync that got handled by my exchange server). My contract with that Q expired and I made the move to a Sprint Mogul with WM 6.1 Pro and I'm NEVER LOOKING BACK!!!
Anyways, enough about me, this is my first contribution so I wanted to do the little intro.
I had searched around a bit about how to get ActiveSync to sync my company's Exchange server through PPTP VPN (we don't have it published with a certificate for an actual push config) but all I found was info on how to setup the VPN itself, being an IT guy that was like pointing out the obvious to me as I had already got that running and connecting but couldn't get anything but the OWA site opening in IE and Opera.
Basically what I figured out was that I had to program a work URL exception in the Connections control panel under the Advanced tab. There I added my exchange server's IP address as a URL and used that IP to program the server under ActiveSync with all the usual credentials. I can't configure it to receive as items arrive, instead I had to let the configuration run on a 10 minute schedule. Every time the schedule is up I see the VPN connecting pop up and it syncs PERFECTLY and disconnects the VPN. (It doesn't turn on my screen each time, it just pops up if I'm using it; but that pop up can be turned off if it gets to annoying).
I don't know if anyone else knew about this but I though I'd share this info as I searched for a few days and found nothing, ended up figuring this out myself. If this is new info I'll post more detailed configuration information for those who desire it.
BTW, this is working over the Data Plan and WiFi as well.
Wow. your a god...
I been trying to figure why it kept disconnecting the vpn when it synced up.
Adding the work url exception works perfect...
(Im using WM6.1 on a Samsung Omnia)
Many Many thanks!
No problem dude! I'm surprised no one else has really found this helpful. Glad I could help!
BTW, those exceptions work very well for internal web sites as well. I use it to log in to web-based management consoles such as Symantec's Mail Security for Exchange, Symantec Endpoint, basically if you got an internal website of some sort you can access it through VPN using a Work URL Exception.
I was looking for this info too, i would like more detailed configuration information about this.
Thanx in advance...
Roland hendriks
What part of the configuration are you having trouble with? Configuring the VPN, the Exchange Server or the URL Exception?
Thanks
I personally am thankful for your information. Even if none of the other 1000s of readers out there say anything...
Thank you for sharing your knowledge.
Tim
Glad I could help! I know I broke my head over this one during the first week of me having a WM phone. I figured it out thanks to the Fdc Soft Task Manager using the Netstat utility. It let me know exactly what the network stack of the phone was trying to do and the URL exclussion I just stumbled upon and reading what the page said it lead me to believe that it might be a routing table for configured "WORK" connections. And it worked.
During the past month or two of using my exchange like this and switching around ROMs and cooking my own ones now I've noticed that having TCP Data Reconnect and Transmission Retry settings in your registry set to high will cause Active Sync to take a long ass time for it to actually route communications through the VPN connection. I noticed this after using custom ROMs wich some have these settings increased to ensure communications go through but they raise connection timeouts way to much. On my own custom ROM I've set these to defaults (2 and 4 respectively) and Active Sync only takes about 1 minute to start syncing onces you hit sync while you wait for it to dial the cellular line and the VPN.
you talk about the vpn..
i think you are in the very small percentage of ppl who can get that to work.
i have the activesync set to manual and have tried the vpn type to both IPSec/L2TP and PPTP
w/o success..i always get a UN PW error which i know cant be so..
i set the host ip to what was shown from "whatsmyip"..
searching for quite awhile, i see thousands of ppl who cant get it to work and have
never found a reliable method that works for anyone but the person who posted it.
if you could back track a little and post how to do it, there are probly
thousands of ppl who would find it very useful and really appreciate it.
thanx
Well one thing is how to setup a WM device's VPN client to connect to your VPN server and another is actually configuring your VPN server. Do you have a working VPN setup in your corporate network already? This usually is setup by having a static IP assigned to your corporate internet connection and a firewall configured to allow VPN access with all the necessary traffic and authentication routes.
If you don't have a static IP in your office and use a lower cost DSL or Cable connection you aren't SOL, for these types of connections you can use a service like dyndns.org to dynamically upadate your dynamic IP into a static dns name like: mycompany.dyndns.org for example. This requires you to setup your firewall or ISP modem to communicate with dyndns.org to report the changes. Most firewalls come with this funcionality already built-in, but most of them also call them by different names so you'd have to look up your equipment's documentation on how to report a dynamic dns service.
I would be happy to help you setup your VPN correctly but its more practicall for me to help you setup a checklist on which type of VPN you want to setup (IPSec or PPTP) and what your corporate network's infrastructure looks like and let you know what to look for in google; there is PLENTY of very helpful information on the web on how to setup VPN but first you have to know what you need and how you are going to achieve it and then you'll know what to look for.
Each setup is very particular to the customer's needs and the network infrastructure that is setup and how much security you want to use (IPSec is a naturally secured VPN tunnel protocol while PPTP is not secured by nature but can be secured with a Radius server in your DMZ validating authentication in an encruypted manner to your Active Directory service).
What I posted above will work for an already existing and working PPTP VPN connection wich I already had running for years in my office and I regularly use with my laptop to connect to my exchange server while on the road or at home. What I posted above is what is need to get your WM device to connect to an already functioning PPTP VPN server.
Hope this helps. And if I'm to help you make a checklist I need a lot of information:
Type of ISP (static IP or dynamic IP)
Type/Brand of firewall device
How the devices are connected together (dumb modem or internet router from your ISP to your firewall's WAN port or a full blown router provided by your ISP wich is patched into your firewall's WAN port)
Internal network configuration (both AD and Exchange on same server (SBS) or separated)
What amount of security you are looking for.
Send me some PMs and maybe I could at least point you in the right direction.
nttdemented: I'm doing the PPTP shuffle at the moment, and wanted to pick your brains..
The basic connection is running fine - e.g. when I add 192.168.0.1 as an Exception and go to http://192.168.0.1 in Pocket IE the VPN fires up and I see the page just fine.
I've also added '10.6.1.8' as an exception, but if I go to that address in PIE, I don't see any network activity (using ethereal/tcpdump) on the 'ppp0' server interface (I use Ubuntu server's pptpd) ...
Can I assume that your Exchange server is hosted on the same machine as your PPTP server? Some MS SBS or similar?
Even if I configure an http proxy (on the 192.168.0.1 IP) I see no activity when I try the 10.6.1.8 address. :/
thanks so much!!
that i didn't find/read about the "exceptions" option in WM before...
Somehow, when i got my phone, i got it to work without this workaround, it just worked, out of the box, no exception setting required. (VPN settings + exchange server location were enough)
But yesterday, from the one moment to the next, it suddenly stopped working.
In my efforts to get it to work again i deleted the exchange settings, but doing that, I deleted all my contacts and my agenda! I was in big trouble because I really needed those , but after reading your post, i got it working again! my phone is synching "as we speak" and i'm very happy!
don't know how it worked before, don't know why it stopped working, all I know is, it's working now!
you made my day
Good to know!
Cheers!
I've since stopped using this method as we got around to publishing our Exchange server with an SSL certificate so I'm actually using SSL enabled ActiveSync push on my phone now.
Excuse me but perhaps you can help me too.
My problem is that I can get/sync my mails using WIFI.
If I connect thru GPRS, y go to send/receive and I get all the mails. If I'm on my office and connect thru WIFI to the work net I also get all the mails from the exchange server.
The problem is when I'm outside my office and connect to other wifi net and try to sync my mails. I have an HTC TOUCH CRUISE with WM 6.1 original from HTC without any flash.
Thanks in advance.
VPN connection doesn't always connect for ActiveSync synchronization?
I have had ActiveSync working with an Exchange server over a PPTP VPN connection for years now, but there has been one nagging issue I can't figure out. For the most part it works, but sometimes when ActiveSync tries to sync it will not make the VPN connection. There is only one connection listed when I tap on the icon on the notification bar - the phone's data connection. So in activesync, the icon with the arrows spins for a while but nothing synchronizes. I think it ends up saying "waiting for network" or something like that. It seems to always work when I manually hit "sync", but sometimes it fails on scheduled synchronizations.
Any idea why this happens sometimes?
oh...cheers...got my brain back...
The exceptions rule has almost fixed mine now. I'm getting mail but not through Activesync (just sits waiting for network).