I try to get my mails pushed to my TyTN. Thus I enabled the appropriate services on my Exchange 2003 SP2 server, set the user permissioning and so on. I generated an P12 cert with my CA and imported it using p12import.exe on my tytn. I also installed .cer for the domain and for the CA on the mobile device. Thus I was able to sync and push. Now I am facing the following issue:
After successfully syncronizing and pushing for some hours, I regularely get an 0x85030027. Checking my certificate I can see that my p12 is gone. After reimporting it using p12import, i can change the server settings the following way to force an "reinitialisation" of the link between user settings and cert: I delete the "m" in "blabla.dynaccess.com", go forward to login information - the password is gone then - go back to the server, add the "m", go forward adding the password. Sometimes I am than able to sync again, sometimes I get an 0x85010004. In the latter case I must delete the whole server setting - loosing all my mails - and have set it once again.
Dealing with this issue now for several days and beeing unable to find any description or solution in this forum and the web, I kindly ask for any idea which could be considered beeing helpful...
PS.: Sorry for my English - it is not my native tongue ;-)
I use CACert certificate for my email and have imported it using smartphoneaddcert utiltity from Micro$oft.
Copy your certificate into \Storage\root.cer (has to be named like this) and run SPAddCert.exe, hopefully that should work
thanks for the immediate answer. i already installed my root-certificate with no probs. The issue I have is related to the individual cert for the device, generated and signed by my ca, which is trusted by the tytn. This individual one disappears after some syncs?!
I don't experience the same problem ...
I think your method is ok (Jacco in DDSL.NL) have a nice tools to import personal certificate to device...
You may also look : http://www.httpsync.net
Cheers
André
Now I can describe the problem more precise: the personal certificate disappears after every soft reset?!
I have the exact same problem !!!!
When you do a soft reset the personal Certificate disappears.
I can reimport it directly, but I need to hook it up to a PC in order to validate the Certificate.
Is there no other way. This is really annoying when i'm on a trip, and I have to soft reset the device.
Does anyone know hpw this can be done differently.
Thanks
Micman
Related
My company runs an exchange server that i can connect to via SLL on the web. However, I always got an invalid certificate message. On 2003 devices on ran certchk and i could synschronize my mail, calender and contacts.
Now - with my JJ - i can not get to my mail anymore because of this invalid certificate. I does not help to download the certificate to my device, since it is invalid.
Is there any reg hack, apps or whatever i can use to overcome this?
Thx
Ronaldovic,
Try exporting the root certificate from the Certificate Authority in "DER" format, copy it to the JJ and run it. This should work as the JJ is not certificate locked.
Ferg.
I did - and when i look in settings-certificates - it shows in the list of certificate but with an enddate of somewhere in 2003 (so it is not valid).
Again, with certchk in 2003 devices it all worked flawlessly.
Are the certificates still be the problem now? Or is it something else?
When i sync, i get an error: 0x80072F17
Ah sorry, I read your mail but didn't really read it and assumed I knew what you were saying.
If you can get a reg editor for the JJ (I use something called "Mobile Registry Editor" which is a PC-based app and works through ActiveSync), change DWORD Value under HKCU\Software\Microsoft\Activesync\Partners\[Secure] to 0 I gather this will do it.
On the point of the certi though, can you not get the CA to issue a new certificate to the Exch box? When connecting through SSL, ActiveSync doesn;t give you a "Yeah connect, I don't care!" dialog box as OWA does.
Ferg.
got a good reg editor, but can not find the last [secure] part...what do u mean by that? For example below ..\partners i see two entries(default) and (ServerNameChanged). and two directories with strange numbers.
About the certificate thing...if i understand u correctly i will never connect if i do not have a valid certificate?
I appreciate the help!!
YEAH!!! Great, got it working, thx to u!
I just love this forum.
Glad to hear it!
I am back....
The sync goes ok now, but every time i send a new mail, it gets send twice. In my outbox on the JJ there is one email, when i receive i see two coming in (exactly the same)
Any1?
i can get it to look like its working by turning off ssl. e.g. it says sycing 20/20 emails. However when i go to messages there are none there! Similarily contacts, tasks and calendar items appear to be syncing in active sync, but they just dont show up!
Hi,
I have run into the same problem.
Used the tips on changing the registry (for which I really thank you!!!).
However, it seemed working until I realize that my Treo 700w keeps asking for the password. No matter how many times I enter my password correctly, it just keeps asking the password over and over again. It does not save my password even if I select "save password" option.
Have you run into this problem and found any workaround?
Thanks in advance. Bo.
Boryu,
Remove and re-add the server source.
I've had this a few times and it's well annoying! This seems to do the trick though.
Ferg.
same issue
i have the same issue,
i used registry editor but its not allowing me to add the reg key!!
am i doing something wrong,, and were do i add the Secure Dword?
Why don't you just renew the certificate? Just right click the website folder within IIS 6.0 and select Properties. There is a security tab (Directory Security?) within which you can renew an existing certificate.
I had the same problem getting push email to work, and renewing the certificate fixed the problem.
Why don't you just renew the certificate? Just right click the website folder within IIS 6.0 and select Properties. There is a security tab (Directory Security?) within which you can renew an existing certificate.
I had the same problem getting push email to work, and renewing the certificate fixed the problem.
ronaldovic said:
got a good reg editor, but can not find the last [secure] part...what do u mean by that? For example below ..\partners i see two entries(default) and (ServerNameChanged). and two directories with strange numbers.
About the certificate thing...if i understand u correctly i will never connect if i do not have a valid certificate?
I appreciate the help!!
Click to expand...
Click to collapse
Hi i see exactly the same, but wich value do i have to change ??
please help
thanks in advance
My IT guys have been trying to get this push email thing working and it seems to be one difficulty after another and is not as simple as pressing "push email" in the connection icon....
Our latest error appears on my device with the above error code stating
"the security certificate on teh server is invalid. contact your exchange server administrator or ISP to install a valid certificate to the server".
I have read that I need to buy a public certificate from a public authority (CA) or similar such as Verizon or Thawte. Is this the case, or is there a simpler way to get this push email working using the existing configuration and setup of the server?
We use exchange SP2, with outlook 2003 all around. Internet based webmail works correctly with full access, and activesync via PC works perfectly, but push email encounters the above error.
Any suggestions.
are you sure it's 80072fd or 80072efd ?
I don't have a solution, but the problem is described in M$ knowledgebase article: 915438 - see attached Acrobat .PDF.
I had already tried the suggestion in KB915840 to import the certificate from my sbs2k3-domain, but this had failed with "cannot access the certificate" - even with them on the device. However, certificates from my clients' servers, both sbs2k and sbs2k3, import without problems. This happened both before and after o2's AKU2 ROM update - so AKU2 is not the problem. In addition, I spent Easter *totally* reinstalling sbs2k3 and tested it immediately afterwards. All the sbs2k3/Exch2k3-Sp2 boxes are fully patched. The certificate itself is correct/working, since it works for Outlook Web Access via the web with laptops and even the Exec (Universal).
Whilst sync'ing from the workstation via ActiveStink/USB, if you turn off the SSL requirement the sync suceeeds, but that's obviously not a working solution via the 'Net.
Update:
Just had a thought, and checked the various certificates in a hex-editor. The one from my sbs2k3 box is a completely different format. :? I'll see what I can find out.....
maybe not related, but here's a list of all ActiveSync Server Error Codes: http://blogs.flaphead.dns2go.com/archive/2005/11/21/3202.aspx
80072f0d
Sorry, the correct code is 80072f0d.
I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.
But I do find it painful and frustrating that microsoft do not adequately support their own platforms and systems dont integrate as they should and as they are promoted.
M$ sks.
Re: 80072f0d
simon_darley said:
....I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.....
Click to expand...
Click to collapse
I'm not sure if it was clear from my reply - too tired - but rebuilding the server did not help at all.
Yeh, the pains of rebuilding SBS and having it all configured and running correctly when the staff arrive in the morning is not something I do willingly - hence the use of the holiday. It was done only as a last ditch attempt to solve this and another problem that had Micro$oft totally stumped - not related.
There is a difference in the certificate formats, so that's where I'm concentrating my efforts now. Will let you know what I find.
80072f0d error - the fix!
Just spent the past hour kicking and calling myself an £$%&* idiot.:x
Anyway, to cut the story short, the problem *is* indeed the damn format of the SSL certificate exported by sbs2k3. For the WM5 device to import it, it needs to be in DER X509 format.
If you have imported it into your PC/laptop for OWA/OMA/RWW, then you can easily export it from IE's Internet Options into DER format.
From Internet Options:
- go to Content-tab
- click Certificates-button
- find and highlight your certificate - I had imported mine into Trusted Root Authorities
- click Export-button
- click Next on wizard page
- enable the "DER encoded binary X.509 (.CER)" radio-button, and click Next
- enter a suitable path & filename, e.g.: "myserver.cer"
- click Next, click Finish, click Ok.
- Now copy the certificate to your PDA via ActiveSync.
- Open File Explorer on the PDA,
- Find the certificate file and launch it.
- click Yes to import it and you're done!
I think the reason why my sbs2000 certificates worked was that I had installed Certificate Services on those boxes and exported those certificate from there. I don't understand why some of my client's sbs2003 certificates were in DER-format, and others weren't, but we are talking about Microsoft software, so what else should I expect......
msfp and 80072f0d
After testing a few different certificate variations, the engineers that maintain our servers was able to send me two alternative certificates, one or bother of them appear to ahve worked effective.
So it imported, and now my active sync works for receiving these emails, now I need to look at these heartbeat pings and find out how I set the periodic checking.
Just wondering, normally if you dial a gprs/3g connection, you pay once, and stay connected all day. Does this now mean that it connects, downloads, disconnects, then 5 minutes later reconnects, downloads, and disconnects, thus paying a much larger reconnect fee everytime?
I am playing with this as a new toy, but I can see the costs are going to go ballistic....
and... perhaps for all those that are already experienced here, how does one send an email that remote wipes the device?
is there a command, or a key word or something that makes the system realise the remote wipe command....
sorry, I know this is off the topic of my original post, but thought you might know.
if not, I can start a new topic....!!!
The certificates that I was given was a server.cer and a root.cer.
If anybody needs to know, I can ask the engineers how they did what they gave me to get it to work.
The remote wipe is done from the sbs2k3 box - or rather the box running Exchange2k3Sp2. Your admin needs to install a small tool that he (Domain Administrator credentials needed) then accesses via IE.
Microsoft has published a new white paper (Feb 2006) that describes the whole procedure - just a shame they missed the need for the certificate to be in DER format. The white paper is: "Deploying Windows Mobile 5.0 with Windows Small Business Server 2003".
I have an 8125 with Summiter's 2.3 Rom installed. I am trying to establish a connection to my exchange server which is hosted. When I enter the server, user ID, password and Domain info correctly, activesync keeps prompting me with "Please correct your Exchange Server password"
My provider insists that the settings were correct on their side and their crack tech support staff told me that WM5 has problems storing the password. They said that the only thing to do is to keep deleting the server connection on the device and recreating it.
Through this persistence, I was able to get it configured once. It was syncing (with push email) for most of the day... until I connected the device to the PC with the USB cable to charge it. Then Activesync on the PC kicked in and the password prompts began.
I have deleted and reconfigured the server on the device in excess of 20 times now with every combination of soft resets in between to try to get this resolved.
Any thoughts? Your help is greatly appreciated!
***EDIT***
email host needed to create a pre-NT4 alias for the userid due to the naming convention ues by our company in their provisioning console. Therefore once I found out the alias the config was a snap. working perfectly now! Thanks.
What tech support for your host meant to tell you is that they do not have a clue what they are talking about. I support numerous WM implementations using AUTD and Push email with WM devices of all flavors that support one of those options (2003, 2003se, 2005) and NONE of my customers have to continually put in ANY information to keep syncing.
It is true that using the special sms tickle method of pull on 2003 devices does sometimes hang up and have to be restarted manually but even then you should not be asked for information you already saved about the connection.
Find a new mail host.
Well, since you have no problems setting up "WM implementations using AUTD and Push email with WM devices", I would love to hear your thoughts on why I keep getting a password prompt over and over again with the message "Please corrrect your exchange Server password".
Using Cingluar 8125 with stock 2.25 ROM.
Mobile services are enabled under ESM
Pre-2k alias is set in the username
SSL is installed on the server with front end virtual directory
I have disabled certificate checking on the device itself by hacking the registry on the device since I'm using self singed cert
Exchange SP2 is installed
Activesync on the PC with USB works like a charm
But, trying to sync over GPRS/EDGE with the exchange server it keeps prompting me to correct exchange server password which I know it's correct since I administer the server myself.
I've seen NUMEROUS posts about this issue but no one seems to have the answer.
This is driving completely bonkers
You say you can sync while connected via USB to a computer but you do not specify whether that computer is INSIDE or OUTSIDE your network. So I am going to assume it is INSIDE, and bet that were you to try the same test from OUTSIDE your network it would fail just as it does using GPRS. If so the indications point to incorrectly putting in your user name/domain information and not the password itself.
I assure you, the domain\username and password combinations are quite right. It's DOMAIN\username and then the password. I mean you can't really get away from that format when you enter the information in the pocket pc or activesync on your pc since it asks you for the domain and the username and the password. I can however login to webmail and oma through the web browser using the exact username and password.
Any more thoughts?
I have no more thoughts until you answer the question I asked. Can you sync while connected to a computer that is OUTSIDE your network?
When putting in your information on the mobile device, in the username field if you are putting domain\user you are wrong. That box is USER NAME ONLY.
Let me start over again. No, usb or gprs outside doesn't work. And yes, the username is put in as just the username with no domain\ in front of it. Activesync substitutes the domain from the domain field as domain\ is what I meant.
So it doesn't work from outside no matter what the connection. Again, the problem is the domain reference. We just have to figure out what is wrong with it.
From outside your network, can you access Ouloook Web Access? If so, EXACTLY what is the URL you use?
I'm using https://servername/exchange
I can also user https://servername/oma from the phone and it works too.
I would really like to see https://servername/exchange work from outside your network. I am interested to know how you got a NETBIOS name to resolve from outside your DNS zone over the internet.
Please read the question asked before answering so I can stop asking you the same thing twice. I asked you:
From outside your network, can you access Ouloook Web Access? If so, EXACTLY what is the URL you use?
Click to expand...
Click to collapse
Your answer might work inside your network but no way will it work outside. And if you are afraid that advertising your domain name will compromise your Exchange box you should just shut it down anyway.
Ok,
I'm REALLY trying to be tolerant here. Unfortunately, I'm starting to reach the end of my patience. You and I BOTH know that I'm not advertising my NETBIOS name on the Internet. We BOTH know EXACTLY what I mean when I say https://servername/exchange. It means a URL accessible from the outside which points to the server via NAT on our firewall and then /exchange. So, here's the URL:
https://mail.glaucomaexpert.com/exchange
When I say that webmail works, I REALLY REALLY mean that it works. I'm not making it up. If you don't know the answer or if you are not sure of the answer, just let me know. That's no problem. I'm really starting to think that this issue is due to the registry hack on the phone to remove certificate checking.
Unfortunately, I'm using a self generated cert and I've tried using the .cab method to import the cert, that didn't work. I simply copied into a file (DER encoded) and tried to import it no workie either. I tried copying as a Base-64 encoded, copied to the phone and when I tried to import it said it was unable to access certificate. Before I disabled certificate checking, it wouldn't accept the certificate. So, now it accepts it but it keeps asking for the password.
I have gone over the exchange settings over and over and over again and I'm simply not seeing anything wrong.
So....here's where I am.
Great. Thanks for answering the question. So in your server configuration fields you are filling in those blanks like this:
Server Address: "mail.glaucomaexpert.com"
User Name: "jdoe" or whatever your user ID is
Password: "Password1!" Your CaSE sEnsiTIvE password
Domain: "myeyessuck" your internal NETBIOS domain name which may or may not be the same as your FQDN
Does all of that sound like what you are using? If you feel more comfortable PMing the information then thats fine. But your settings should resemble what I wrote.
Are you forcing users to use SSL for Outlook Web Access? If so, you might try turning it off TEMPORARILY and test syncing without requiring SSL to eliminate the self signed cert possibility. I won't be much use troubleshooting that as I get my customers fo flip for a Thawte certificate to avoid untrusted root cert authorities.
That's exactly what I'm using:
Server Address: "mail.glaucomaexpert.com"
User Name: "jdoe" or whatever your user ID is
Password: "Password1!" Your CaSE sEnsiTIvE password
Domain: "myeyessuck" your internal NETBIOS domain name
Under secure communications I do not have require secure channel checked.
I just enabled http(port 80) access to the exchange server and it's working like a charm.
So I guess it's still a certificate issue. I guess disabling certificate checking is not doing the trick but instead cause more problems.
I really wish I could import the self signed certificate. This really sucks. Your help is appreciated. Thanks. I should had tried this before. I just assumed this registry hack wouldn't have any bearing on it originally.
@deeztech - I'm also suspicious of the registry hack to disable the certificate checking. This worked for me in the 2003 days with my client's Blue Angels but I've never been able to get it to work with WM5. I have numerous Exchange 2003 servers that I maintain here in So. Fla and they all have self generated certs. I use MMC and add the Certificates snap-in. From the Trusted Root Authorities I'll right click my certificate - all tasks and then export to a Der encoded x.509. Copy to my storage card and execute it from there.
Of course it sounds like your certificate is installed correctly as your logon to OWA and OMA are working which is why I suspect that reg hack you mentioned.
I did read on exchange-experts to check the authentication on the webserver....
Curious if it's just your PDA or are there others with the same issue?
Glad you narrowed it down. Unfortunately I don't have a magic bullet for the self signed certificate piece but I do have some suggestions for you.
1) Enable forms based authentication: http://support.microsoft.com/kb/830827/
2) Require SSL for access
3) Unless you intend to offer services you might turn off the default website at https://mail.glaucomaexpert.com/
If you are interested in a cert from a trusted CA check out Thawte, where you can get an SSL123 certificate in just a few minutes for as little as $149: https://www.thawte.com/process/retail/new_ssl123?language=en&productInfo.productType=fssl2
People
Since last week i had sleepless nights trying to get my direct push email , Global address book working with my exchange server. I tried everywhere but there was little to go on.
Few min back i got this going and the elation has quickly changed to sharing back to the forum.
And Yes , it has to do with installing certificate on the device. I checked with my Iphone and Android owning colleagues and they can do complete MS exchange server sync inspite of getting the certificate warning but not Microsoft. It seems they are crucifying their own lot only.
So this is how it starts -
- ask your admin for the certificate or else go to the web exchange address and on the address tab click on the lock sign which is displayed. This is the certificate you would need for your device. Click on the lock and copy the certificate thumbprint ( assuming you know how to make it into a .cer file). Install this .cer on device root and install. go to security tab - certificates on the deicce and make sure the certificate is shown as installed in there.
I guess this would do the job. Hope this dope might help some of you.
Cheers!
Shailen
I picked up the focus yesterday and have run into an issue syncing with Outlook/Exchange Server 2003. I receive the error code below after the email account setup runs for a bit, I get contacts and calendar entries, then a few emails before the error is returned (everytime I try to sync later as the msg suggests). I tried finding the error code referenced on MS Support/Forums, AT&T Samsung forums, and even xda developers with no luck.
I did try a hard reset (from settings) and then recreate the account and I tried removing the hub on the start screen and then deleted the account and recreate same error every time.
Samsung Tech Support suggested that I add the same Certificate on my Server to the phone, Did so - still, no luck.
Anyone see this error/issue?
Outlook Error
Not Updated
We're having a problem syncing your
information. Try again later.
Last tried about a minute ago
Erro code: 8500201C--------------------------------------------------------------------------------
Mine has worked flawlessly. Sounds like you did everything I would have suggested except return and get a replacement phone.
I had that problem. the cause of mine was to have the SSL turned on. After I created the account, I went to setting>email and choose the outlook account, clicked on advanced, then scrolled down and uncheck the SSL checkbox. All worked perfect after that. although I guess I am not super secure.. but anyone that wants to hack and read my email.. feel free pretty boring.
It is obviously a software issue. How can a replacement phone solve any problem.
If your exchange server does not use public certificates (the ones that your company has to pay for), or the certificate comes from some publisher that WP7 doesn't know about, it will be touch to set it up. For one, import the server certificates directly does not work. In the past with WM phones, MS suggests you need to import the root certificate instead. So, see if you can find the root certificate for it.
agreed - was able to get Corporate Store to allow me to try settings on another Focus, with same results.
can see the Folders on my Outlook (some are unique to my Exchange Server), so we know that we are nearly there. little more tweaking, and also, update to a new Server,
but, that might not be for week or so, so if anyone has solutions, would be much appreciated.
I had problems with mine and worked with our Exchange admin. We found it was the encryption part of our policies. Both Device and Storage card encryption parts of the policy have to be turned off. After some research this is correct and expected to be fixed in Early 2011 when Microsoft starts pushing this for business.
Oh it also does not support alphanumeric passwords at the moment:
http://social.answers.microsoft.com/Forums/en-US/windowsphone7/thread/ee2ecd48-89bf-4e8c-b48e-553967517a4d
Here is the one about encryption:
http://social.answers.microsoft.com/Forums/en-US/windowsphone7/thread/7c4329c9-9f51-4184-8f48-5d4bc5c6269e
cwiley2566 said:
Oh it also does not support alphanumeric passwords at the moment:
http://social.answers.microsoft.com/Forums/en-US/windowsphone7/thread/ee2ecd48-89bf-4e8c-b48e-553967517a4d
Click to expand...
Click to collapse
That is really strange because my HTC Surround took my alpha numeric password just fine for my exchange email. Haven't had any issues with it at all.
Do you mean a password for the domain or the screen lock password? They are talking about the policy that requires a alpha numeric password (or not allowing simple passwords) for unlocking your screen. Our company allows simple passwords (just numbers) so I didn't see the problem.
We don't have a certificate,and all I had to do was go to advanced and turn off encrypted SSL connection ( I also have alphanumeric and symbol password for exchange)
I am referring to the screen lock policy in Exchange. Of course alphanumeric and symbol passwords for exchange/domain authentication will work.
Installing SSL Cert (quick and dirty)
Email your server's SSL cert to a GMail account. Hotmail blocks the attachment as an unsafe filetype.
Open the attachment and Phone7 should ask you if you want to install. Go back and set up your Outlook account.
Got mine working on Exchange 2003 even after the error messages
This happened to me as well. We have an Exchange 2003 server and what I did was go to "email and accounts" on the phone and went through the proccess and setup everything correctly but still got the error messages.
Now this is what fixed my issue (strange). I got out of the "email and accounts" and went into all programs list and opened "Outlook" , from there I put the settings in again for my account and presto, it just started working and syncing.
I did 2 phones likes this already and it works. Dont ask me how, but it does.
Hope this helps OP and anyone else using Exchange 2003.