Hey everyone,
I'm new here to this fantastic community, so i'm not sure if this is in the right place but here goes....
I've recently bought and HTC Touch, and upgraded it with software that i found here.
Now, On campus we've got a couple of networks available, but we're required to log onto one (wifi) for internet called 'UA-aes'.
It's the standard network on campus.
With my laptop, the guy responsible for the netword set it up easily
It needs the following : WPA2AES , PEAP and my user name and password. No domain required.
He didn't install anything else.
I tried hooking up my touch and was able to select wpa2aes, enter my user info and password but then it required a certificate which apparently WM6 doesn't have.
I tried explaining it to the guy, but he said no certificate was needed, and i checked on my laptop, no certificate was indeed needed to connect to the network.
And this is the part where i'm stuck, i'd really like to connect to the wifi, but it doesn't.
Has anyone an idea how to fix this? Where to find the certificate?
This would REALLY help me a great deal.
Anyway, thx guys!
nobody has a solution?
I'm running into the same problem with my school's network - I haven't yet tested this, but here is the solution I'm hoping will do the trick.
"The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
Best of luck
Just to update, I had the chance to test out that registry edit on my network. Again, the network does not require a certificate to access it. But the new reg settings solved my problem - I am now able to log in without being told that I lack a certificate I didn't even need.
Related
Hi,
I want to connect my qtek 9100 on the 802.1x WLAN of my school (ETHZ). It has not been possible yet, although i spent an hour with a person from the tech support of the school.
The problem comes from the very specific configuration that I cannot set on the Qtek 9100!
I need to uncheck the "validate server certificate" option, which is by default for PEAP authentication, something easy to do on a normal windows machine. But the problem is, there is no way to disable this on the qtek 9100 in any "properties" tab, and it therefore complains that the server certificate is not valid, and then refuses to connect!
HOW could I disable "validate server certificate"?? using the registry??
With the person from the tech support we managed to find somehow the registry keys linked to this option in Windows. But of course these keys dont exist on the qtek 9100 in Windows Mobile 5...
Please, is there some expert with some better idea?
Thanks
Fabrice
I havent found a way to do it so far. No various configurations nor random 3rd party software worked on WM5 properly.
This issue is more interesting when consider that htc universal offers LEAP ( which would do work as well ) and wizard dont!
http://forum.xda-developers.com/viewtopic.php?t=42664
From what I can gather you will need a root certificiate. Still trying to get to the bottom of this though.
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
i found some useful info on the net, but have not yet tested them on my MDA Vario:
there seem to be 3 possibilities:
1: you retrieve the root certificate from your techie friend at your university and place it in the designated folder on your ppc.
Click to expand...
Click to collapse
2: you add a DWORD 0 at HKLM\Comm\EAP\Extension\25\ValidateServerCert (http://www.modaco.com/How_to_set_a_wifi_network_to_use_a_certificatel-t237261.html)
Click to expand...
Click to collapse
3: Hkey_Current_User\Software\Microsoft\ActiveSync\Partners
Here you should notice 2 sub-keys, both with a unique UID. One is set up for the ActiveSync Partnership with your PC, the other is set up for the partnership with your Exchange server. Fortunately, it is fairly easy to distinguish between the two. Simply highlight one of them, and look at the different values. You'll see pretty quickly which one is for your Exchange server. While the partner key for your Exchange server is highlighted, create a new value with the following parameters
Type: DWORD
Name: secure
Value: 0 (http://winzenz.blogspot.com/2006/03/hacking-your-windows-mobile-50.html)
Click to expand...
Click to collapse
authors of points 2 and 3 differ from opinion, but I cannot say which is best, perhaps someone else has an opinion?
predo said:
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
Click to expand...
Click to collapse
Hi Predo,
Have you been able to get LEAP to work using AKU2??
Lot of inquiries present on the net, but no clear answers.....
Thx,
Mak
This is what I would do.
This can be easily done from a PC, because you can get a temporary trust from the authentication server which gives you the option to install the root on your PC. Export the root cert from your laptop/PC and copy it over to your mobile device. Once the root.cer is on the wizard just open up file explorer and double tap it the cert will auto install.
Problem solved
I wouldn't use LEAP or even PEAP without validating the server cert. Especially in a hostel environment like a university, which is full of hacks. Associating to an AP without validating certs sets you up for man in the middle.
The only advantage LEAP or Fast EAP (if it were supported) is for roaming. The wizard would also have to support CCX v3. You can get this CCX v3 support by purchasing Funk (now Juniper) Odyssey client, which is $50. When using LEAP or Fast EAP it allows the use of CCKM (fast roaming).
Oh yeah, the odyssey client supports PEAP with the option to not validate the server cert.
hi, i dont know why is that but after upgrading software to new aku2.0 rom ( imate afair ) i started to be able to connect to my university wlan with no problems. Only thing is there i have nothing added in leap tab in network properties.
Anyway, it works so i'm not playing with settings anymore ;-)
At work we have a WPA network, And ever time i try to connect to it with my x1 it asks me for my username and password a few times then shows a error message saying i don't have a personal cert. Are network does not require a personal cert. We do have a signed cert from thawte. Are ssid is hidden and the network settings are "WPA, TKIP, PEAP"
same problem here too.
WPA (not WPA2), TKIP with PEAP. I do have the university certificate, but no personal one.
It just keeps asking the password and username, but never connects.
Pretty damn frustrating, as the network works perfectly on Mac, Windows, Linux and even iPhone. But not on Windows Mobile...??
.............................bump.............................
My company apparently had some odd version of WPA enterprise, so I had to use the following hack on my X1 (as well as any other WinMo phone) to get it to work:
1. Get PHMRegEdit: http://www.phm.lu/Products/PocketPC/RegEdit/
2. Add a key to the registry: \HKLM\Comm\EAP\Extension\25\ValidateServerCert= dword:00000000
3. Connect to your network. For mine, I used the settings: WPA, TKIP, hidden network checked, PEAP.
4. After connecting, enter user/pass. I left domain blank on mine.
After following these steps, it seems to work just fine for me, but YMMV.
Type PEAP into the search engine at the top of the forum and try one of the many answers.
The top one gives you an option to connect without checking for any certificates..
does that sound like the solution you need?
I keep repeating this, as do the moderators and the other more experienced members but the search is an incredibly useful feature on this site !
PLEASE SEARCH BEFORE POSTING
blackax in the 24hours since you first posted you could have tried millions of different searches, PEAP was the first one I tried.
EDIT : bah you gave them the answer from the first post!
@brikis98
Thank you for the post. But i have already tryed that with not it working :-(
@fards
I posted because i couldnt find the answer that worked for me. I should of made that more clear in my first post.
It seems that im not even getting to the Radius server. There is no error in the Log around the time i tryed to access WPA. grrrrr This is driveing me nuts
First, you got to figure out what kind of authentication method yr company used.
For me, my company use Cisco EAP-Fast and my only option is install Juniper's Odyssey Client for WM. It's not free but you can try it for 30 days and it works for me.
download "securew2" and follow the directions here: http://askageek.blogspot.com/2008/09/concordia-wireless-using-windows-mobile.html and you should be able to get WPA enterprise to work. I'm a med school student so we have a pretty encrypted system and the tech there didnt' know if anything would work, but I got this to work. Did a bunch of searches before I found something that worked. I've had no problem connecting since this. Hope this helps!
hollyyih said:
download "securew2" and follow the directions here: http://askageek.blogspot.com/2008/09/concordia-wireless-using-windows-mobile.html and you should be able to get WPA enterprise to work. I'm a med school student so we have a pretty encrypted system and the tech there didnt' know if anything would work, but I got this to work. Did a bunch of searches before I found something that worked. I've had no problem connecting since this. Hope this helps!
Click to expand...
Click to collapse
Well, it's really depends as I said before. This one only support the following:
EAP-TTLS
EAP-GTC
EAP-PEAP
EAP-SIM
My company only support EAP-FAST and only Odyssey can handle so many different protocols (all of the above and a lot more).
Hi all,
I have bought HD2 yesterday and today when I try to connect to wifi of my office it asks me to "the network requires a personal certificate to identify you", while I have done some research and followed below threads, but there seems to be no clear solution. Please can somebody help with a patch to disable network certificate check.
Thanks
followed threads
http://forum.xda-developers.com/showthread.php?t=344087
http://forum.xda-developers.com/showthread.php?t=264781:confused:
I have been struggeling with this also for quite a while.
The suggestion you mention is probably not worth while investigating.
The certificate is required by the access point so you should change it there is you do not want to cahnge the phone.
My solution was the following.
The HD2 comes with a base set of certificates and our corporate network requires one that is not in there.
I managed to find out which certificate I needed and was able to Google it.
Then just copy it to the phone, run the cert file and you're done!
watnuweer said:
I have been struggeling with this also for quite a while.
The suggestion you mention is probably not worth while investigating.
The certificate is required by the access point so you should change it there is you do not want to cahnge the phone.
My solution was the following.
The HD2 comes with a base set of certificates and our corporate network requires one that is not in there.
I managed to find out which certificate I needed and was able to Google it.
Then just copy it to the phone, run the cert file and you're done!
Click to expand...
Click to collapse
I could not get one for my corporate network is there any patch to disable it, i had tattoo and iphone which never required such certificate
neitin said:
I could not get one for my corporate network is there any patch to disable it, i had tattoo and iphone which never required such certificate
Click to expand...
Click to collapse
You cannot patch your device to disable this.
It is a requirement of YOUR network.
You need to find out which base certificate it is you need and then install to your phone.
Hi. Sorry to bring up an oldie, but I'm having this issue as well with the exception that my network doesn't require a certificate. I've confirmed this with my IT department. Any ideas as to how this can be disabled? It only seems to happen when I connect my phone to my PC (which is only done to install software, not sync with exchange; that's done wirelessly).
GrandAdmiral said:
Hi. Sorry to bring up an oldie, but I'm having this issue as well with the exception that my network doesn't require a certificate. I've confirmed this with my IT department. Any ideas as to how this can be disabled? It only seems to happen when I connect my phone to my PC (which is only done to install software, not sync with exchange; that's done wirelessly).
Click to expand...
Click to collapse
The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
I have personally tried this and works like a charm, please let me know if doesn't
Greetings from India
PS: remember to reboot your device once you have added the registry
neitin said:
The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
I have personally tried this and works like a charm, please let me know if doesn't
Greetings from India
PS: remember to reboot your device once you have added the registry
Click to expand...
Click to collapse
Nice!!!! Thanks for the information . I will give this a try as my work wireless network presents the same problem.
It may be tied into the following info I found out there on the web, problem as described by someone else with the same or similar issue:
"the wireless controller was sending out EAP-Identity-Request packet very quickly (1 per second), so the time I typed my pass on the PDA, it has already received 5+ EAP-Requests and when I pressed OK, it was sending my Identity with Request-ID=1 and was rejected because the controller was already expecting a greater Request-Id.
I adjusted the timeout and voilĂ !!! Here is the command line for Cisco Wireless Controller 4402 (the value was set to 1s !) :
"
This info relates to WM EAP and Cisco's implementation of EAP.
I will try the regedit and see if this fixes things for me.
i tried doing this by entering a dword via regedit but i am still facing the same issue...please help
Some univeristies use a WLan called EduROAM.
http://www.eduroam.org/
But somehow HTC HD2 cant connect to it.Seems like a personal certificate is the problem.
Has anyone got this working on HD2 ?
It works on Nokia phones running Windows mobile 6.5
you need to download one of the latest version of securew2 client from your uni website or the developer's website. follow instruction to set up the connection given by your uni IT department.
I'm using eduroam connection now in UCL.
Thanks for your answer.
I downloaded securew2
But I still cant get it to work.
Do you have to provide this information on your campus ?
SSID: eduroam
authentication: WPA2
kryptering: AES
EAP-typ: PEAP
authentication: MSCHAP v2
For me WPA1 works better, also AES is wrong. Then you select "Secure W2" in the drop down box not peap. SecureW2 needs to be configured as well. Your university should provide you with that info. You usually don't need the radius part with the cert! That's just to protect you from connecting to the wrong network (and thus giving them your password).
Above information about WPA2 is from my campus informationsite.
After I made some settings on "Eduroam connection" i cant change them.
As soon as push eduroam it tries to connect.
The only way to change them is to install a new rom, so that the phone is
like it was from the first time.
quart666 said:
Some univeristies use a WLan called EduROAM.
http://www.eduroam.org/
But somehow HTC HD2 cant connect to it.Seems like a personal certificate is the problem.
Has anyone got this working on HD2 ?
It works on Nokia phones running Windows mobile 6.5
Click to expand...
Click to collapse
I took my mobile to my University's IT Department and they set it up for me and it works great, I get all of my student emails directly to my mobile. Hope this helps.
bahardman said:
I took my mobile to my University's IT Department and they set it up for me and it works great, I get all of my student emails directly to my mobile. Hope this helps.
Click to expand...
Click to collapse
ROM version ?
In my case,
I download SecureW2 personal client 2.04 ce, install it on my phone via active sync.
Settings>Menu>All settings>Connection>Wifi>Wireless networks>Menu>Add new
and start configuring the settings. Different network will have different settings.
I don't think ROM version matters in this case. It should work with your device, if you got the right SecureW2 client and settings set up on your phone.
Btw, IT department or university's website should provide sufficient information for you to set up the connection.
Good luck.
The IT people cant get it to work......
They say that they cant get it to work on HD2.
Thats why I turned to you guys.
Still no luck, secureW2 keeps asking for user/pass, and yes I know its the right user/pass. A friend at work tried his username and it doesnt workl either.
If I connect to Eduroam on my pc it works, so nothing wrong with user/pass
quart666 said:
The IT people cant get it to work......
They say that they cant get it to wrok on HD2.
Thats why I turned to you guys.
Still no luck, secureW2 keeps asking for user/pass
Click to expand...
Click to collapse
You might need to get another version of secureW2 client.
I tried a secureW2 client provided by my uni and i faced the same problem as you. It kept on prompting me for username and password. I changed to another client (SecureW2_Personal_Client_204_CE), downloaded from SecureW2 forum, and it worked great!
During the installation of the client, registration is needed, i could register and install it couple of times on my phone without any problem. However, yesterday when i tried to reinstall the client after upgrading my ROM, the installation failed at the registration part. Maybe because they stop providing the free version?
I managed to get it installed on my phone again via activesync though.
Cant find that version.
I downloaded version SecureW2_Enterprise_Mobile_313_GA_TRIAL.exe
bump..
I still cant get it to work
http://www.chalmers.se/insidan/SV/arbetsredskap/it/bastjanster/eduroam
Chalmers University of Technology uses Thawte premium server certificate for authentication.
What you need to do is this, go to Thawtes website and download their certificates:
(Apparently I cannot post links, but just google for "thawte root certificate" the file is at www dot thawte dot com slash roots)
The certificate you need is located in the folder Thawte Roots\Thawte SSLWeb Server Roots\thawte Premium Server CA\Thawte Premium Server CA.cer
Download that to your HTC HD2 and install it by just clicking it in the file browser on your phone.
Then you can just follow the instructions you found at their webpage.
Hope this helps.
//a
how to connect to EDUroam
Firstly, this refers to connecting an HTC android phone (specifically the HTC Desire, but what I get from the web is that they are all much the same, these HTC android interfaces).
The problem starts when an innocent user looks for a WiFi network and finds eduroam. It then asks for not particularly relevant password information and cannot connect because the configuration of the default network setup is wrong. If you try to get the phone to forget that network it appears to do so that when you reconnect it still assumes that the connection was correctly set up. In order to get it to forget their network properly you have to enter the wrong password several times so that the phone thinks you have illegally trying to access the network. It then completely forgets.
The network discovery procedure will again come up with EDUroam, and the configuration should follow the instructions on the following website from Oxford University: <search for android eduroam oxford in Google>
In fact the names given on the HTC desire setup are slightly different. The important thing is that the EAP type should be PEAP, and the secondary type should be MSCHAPv2.
You then enter the username which will be effectively your registered e-mail address at your own institution, and then use as a password the thing eduroam calls "network access token" (16 lower case alphabetic character password generated for you if you buy your institution on request.
You then connect up and miraculously you have the connection you wish!
You should check that the connection is mobile roaming capability on your phone and checking that you really do have Internet and e-mail access as you wish through the WiFi connection directly.
I have been looking for the SecureW2 Personal Client 2.0.4 for Windows CE package (original filename: "SecureW2_Personal_Client_204_CE.zip"). I have been unable to find it and the sources given in this thread no longer exist or are no longer available.
If anyone has the file, please provide it.
Hi All,
I have problem to connect my school wifi network.
School wifi use 802.1x for authentication. The School use self signed PEAP
certificate. I could not connect my HD2 android phone to my school wifi.
But When I add a record to my winmobile registry I could use the schoo wifi on WinMo.
Here is the necessary correction for WinMo.
-------------
add a DWORD Registry Entry under
HKEY_LOCAL_MACHINE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off
-------------
Is they any way to similar solution for android?
Thanks for your helps,
Best Regards,
DM
An interesting one, since PEAP is kind of part of the WPA-Enterprise networking area which Android doesn't officially support, however there appears to be workarounds if you do a bit of digging in the google docs.
If you have root on your device, edit /data/misc/wifi/wpa_supplicant.conf and add
whatever network you want; it will even show up in the list in the UI. This example
works for me:
network={
ssid="MyEmployer"
key_mgmt=WPA-EAP
identity="myusername"
password="mypassword"
}
If your network is more complicated (tunnels, certificates, etc), see the
wpa_supplicant project's default configuration file, which has many examples towards
the bottom.
http://hostap.epitest.fi/gitweb/git...ob_plain;f=wpa_supplicant/wpa_supplicant.conf
Click to expand...
Click to collapse
is once such reference (from here: http://code.google.com/p/android/issues/detail?id=1386).
It definitely seems like something to do with wpa_supplicant.conf but my phone is currently in another house so I can't have a look at mine for more info, sorry!
Reno_79 said:
.....
It definitely seems like something to do with wpa_supplicant.conf but my phone is currently in another house so I can't have a look at mine for more info, sorry!
Click to expand...
Click to collapse
Thanks for your kindly reply. I will try that.
Best Regards,
DM