In my work to access OWA I need passcode(RSA, that is a pain in the ass if your connection is cut), and due to the security policy of my work, I can't access the Exchange e-mail account in the android (is on a Exchange server 2003 SP1, with forced password policy, that prompt for password every minute without use and wipes everything, when two many times the password is wrong)
iPhones and WM based devices they are activated normally throw the same server address to exchange mobile service (with the security police enforced), but (i think) due to the unlock pattern tech, that there's no password and security sucks, I just can't configure it.
Even the Radius server blocks my nt account after a few attempts.
On the other e-mail with the Exchange server 2007 SP1, no policy, it works great..
I love android and I don't really like the idea of coming back to a WM or trying a iPhone or maybe a Blackberry since we have a BES too..
On the WM devices I installed a program that remove the annoying requesting always for password without removing the certification stamp that I'm following the policy...
Somebody came up with something like this for android?
Is something it can be worked around on future developments?
Any idea on working around on my issue?
Simply install something like Touchdown....
In any case.. this is not really a development question.
Related
My company runs an exchange server for email, and I was wondering if anyknow knows how to connect to them, using the mogul. I went through the setup on the phone, with no success...Are their any additional steps required to connect to the server when you are not on the same network as the server?
Missing Certificate ?
I think you'll have to install the certificate from your Mailserver on the phone to get it working.
Do you get any active-sync error code when you're trying to sync ?
In general you get an error-code in ActiveSync which is telling you what's wrong...
IMHO the best idea would be: aks your IT-Stuff in your company
you need to add a server in active sync with your companys exchange server addy and your username/password
To be clear you need to enter your companies OWA server address. At most small companies this is your Exchange server and at most large companies it is your ISA server.
Example:
You access OWA using https://exchange.mycompany.com/exchange
You enter: exchange.mycompany.com in the activesync settings and you use your username, password and domain to authenticate
You also need to make sure Outlook Mobile Access is enabled on the Exchange Server and on your Exchange Mailbox. You will need to contact your IT Admin to verify these settings.
I'm in the same boat as the OP. I had been trying to hit the mail server directly or via VPN, with no luck, probably due to no certificate. Never thought about OWA. I set this up as indicated in the prior post, and checked 'Tasks' only (just to run a quick test), and it sync'ed fine. I then checked email and calendar, and now it takes me to a company sign-in web page (same page I encounter when using web access to OWA). Weird thing is the page is in the ActiveSync window and does not appear to be rendering correctly or completely (e.g. no 'submit' button). Nonetheless, I sign in and click where the submit button "should be" and the page goes away and it appears to start syncing, only to take me back to the sign-in page again after 15-20 seconds. Any suggestions on how to get past this point? I've tried logging in to OWA from IE, but ActiveSync still brings up this sign-in page. And yes, I've got my userID, pswd, and domain properly set up as well. Thanks.
BTW, my company IT won't help because they only support handheld access for specific company-issued devices.
try using mail.yourcompanymailserver.com/oma
its a lightweight version that handles easy in mobile browsers (only if your IT guys have enabled it)
as for the OP your exchange settings could vary depending on how your admin set it up, ssl (requiring a certificate) or not. to get the certificate from your company you can dl it from the server mail.yourcompanymailserver.com/cersrv
you log in using your mail credentials and you select download certificate chain and select a der 64.
save it to your phone and just install.
chances are though if your company is using a lot of treo's they dont require ssl because you can't install self issued certificates on them (good work palm). so if you want to ask your IT guys their setup and post it here i can try to walk through it with you.
this is my situation and how i got it to work.
Although i tried to internal address of 1x01po2s.domain.name, that didn't work.
I thought about it for a while, and reasoned if i can access my companies exchange server outside the network through a http://mail.domain.name address, then maybe that'll work hahaha
BAM! it did and now it works perfectly fine. Conincidentally, since i started trying to get this going last week, i emailed a few guys i know and the last one who got my email (it was forwarded to try to solve the problem) said that because of security policies, i am not allowed to do this. Ooops!
Here is a quick run down of my settings:
server address: mail.domain.name
ssl is selected (checked)
username: exchange/nt workstation login name
password: user password
domain: network domain (we have different domains)
save password is selected
under advanced you can select whatever options you like
next select e-mail, and any other options you want
and you're done!
I also enabled the push email icon and get my email regularly on my phone throughout the day.
Well, i hope that this helps some of you out.
server address: mail.domain.name
Click to expand...
Click to collapse
just so folks know there is no standard for this, its whatever subdomain your company decided to put OWA on, for my company its webmail.companywebsite.com
best thing to do would be to ask someone in your company how to access email from outside the office using internet explorer, thats the address your lookign for
Sprint mogul (Titan) WM6.1 Rom update killed exchange server activesync
(Sorry in advance for the long Email) I purchased a Mogul from RS about three weeks ago. For the first week, it worked great! I logged into my company exchange server down loaded and synced email, cal,contacts,tasks ... was very excited. I also got very excited when I started t read threads in this blog .... it seems like there are some pretty smart members maybe someone can help!!
Noticed that there was a new Rom (Sprint TV and improved connection) installed the ROM.
Have spent endless hours with HTC technical support, sprint technical support (not an appropriate name). At times managed to get the email to load but never again Cal, Tasks, contacts. Always able to get sent emails to load (by checking option) . I'm left with a couple of alternatives (any others would be greatly appreciated (actually I really like this phone but I need my email,schedule,etc to work) The error is 0x8503001C there is no exact description about this from MSmobile it seesm to be an awh**** code. Searching on the web provides 1000s of hits unfortunately not just my issue.
o Go to an early Rom WM6.0. So far it seems like to do this I need to unlock the phone then flash the earlier rom?? Since no SIM card I need to hack the registry?? There are several products out there which is best (I do not mind paying for somethng that works well). I down loaded several "Oficial ROm versions ... unfortunately did not write down the number of the one the phone came with.
o Find some way of getting this thing to work well to keep the extra features
o My grace period ends in a week ... cancel with Sprint go to Att but there is not a 3G phone I like ... only Iphone ... it has issues for exchange server??
o I got my wife a Touch at the same time (it runs WM6.1) same issue. Downloaded once my corp email no cal, etc.
o I was told that this Rom was cooked up by MS & Sprint what a disaster
Please, please help ... Thanks in advance
Scurfer
Exchange email and Skype not working after Upgrading Sprint Touch to Wm6.1
The Exchange activesync died at connection and never can sync my company emails after I upgraded Touch to 6.1 Sprint/HTC ROM. Skype also does not work, no sound after first ring, even with 2.2.0.45. I like the GPS and Rev.A speed, and do not want to risk downgrading the ROM. Anybody encounter ssimilar situation?
I have searched and searched for an answer to this problem and have not been able to find anything. Hopefully someone here has run into this before and might have an idea or solutuion. Her is my problem.
I have two exchange servers (2003 SP2) on of which is a front end server handling OWA and OMA. We sync about 18 Windows Mobile 6.1 devices over the air using OMA. We are using SSL. All of our devices have random problems connecting to the server. They will sync fine most of the time but will randomly for no particular reason ask the user for their exchange password. We are not enforcing any password policies on the server and we are always checking the box to save the password. In order to get the device synching again the user has to re-enter their password multiple times and often has to kill and restart activesync on their device.
Any ideas as to what might be causing this?
Any help would be much appreciated.
You could try unchecking the box in Activesync on the phone that requires SSL. We use SSL as well, but we have to uncheck that box on the phone. Although our problem is that the phone never syncs when its checked as opposed to your problem of randomly not syncing and asking for a password.
Unfortunately that is not an option. Our SSL is required for authentication. It will not connect without it. It seems like what is happening is that the device is not always passing the credentials to the server. Usually when it asks me for the password I enter the password once making sure I check the Save Password box then when it asks me the second time I hit cancel. ActiveSync then gives me a could not authenticate error. Now if I just hit Sync again it goes through and works just fine without asking for the password. So my guess is that it is not passing the credentials until after the connection is reinitialized.
From what I understand, Push Email relies on the OMA functionality which uses IIS. The problem my lie there. Although I've never tried, you may have to uninstall/reinstall (or confirm) that the OMA part of Exchange is functioning correctly. Sorry I can't be of more help.
Do the log files on the server show anything when a phone can't log in?
No, the exchange logs don't show much. I almost think it might be something with the device configuration. At this point I just don't know. We will be migrating to Exchange 2007 sometime in the next few months. Hopefully that will resolve the problem permanently. I was just hoping maybe by some chance someone here had seen this problem before. Thanks a bunch for your help.
Is the FE server doing the authentication (NTLM) or is there an ISA server in the way configured with Forms Based Authentication? You should make sure the IIS virtual directory for OMA is set only for Basic Auth - and the following article might be worth a read.... http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1188440,00.html
Hope that helps - good luck!!
Mark.
^^^What he said. Took the words right out of my mouth. You'll still be secured through the SSL certificate, even though you're doing "basic auth" you aren't exactly sending your password as clear text. Requiring SSL on the OMA site will automatically encrypt the connection so you have no need to worry.
Try it out and get back in here. I manage a site with about 50 WM 6.1 Black Jack II's that sync with Exchange 2007 with no issues whatsoever. Also verify that you have all your hotfixes related to OMA installed on your Exchange 2003 server.
I've read a few threads after searchign on Android and Exchange but can't really find what I'm after.
I need to enforce a security policy if users want to sync their exchange account. There's a few people in the office who want Android devices (we provide them with a device) but until there's somethign which enforces something along the lines fo a PIN after 20 mins ala WinMo then we can't do it.
Anyone have any ideas if it's coming or if there's an app to do it? I've tried Touchdown but just seems the same as the Hero Exchange app to me.
I've not tried Touchdown, but they say they support PIN enforcement.
http://www.nitrodesk.com/dk_touchdownFeatures.aspx
Regards,
Dave
Yes, Touchdown and Roadsync both support the PIN function (they ignore it somehow, as android doesn't have a PIN function!)
although i do believe that it is technically possible to exclude individual accounts from the policy on the server (although not exactly the best idea in terms of security).
Alternatively, just do what we did at work and say 'No, you cannot have an Android Phone for your Work Phone'.
Since the ROM update on the HTC hero, I have been able to access my work email (a massive highly secured company who generally know what they are doing) and I know for a fact that they enforce this kind of security arangement on mobiles that want to connect - however android has somehow got around this and there is no remote enforcement and I can use my phone for these emails via PUSH. (I use the gesture lock as a password) You could get them to sign an agreement that they will apply this kind of thing to their phone manually. I don't know if there is an app for remote wipe.
Your company isn't allowing you in some backdoor or anything... depending on their version of exchange they are simply allowing you to use activesync through exchange.
What we all really need is an andriod client to take advantage of exchange 2007's exchange web services protocol, activesync is old technology and limited.
O.P. - You can limit users on a single user basis, if you're running windows active directory. Need a little more info on what you are trying to accomplish. If you're allowing them to use their mail client setup they are saving a password that is not clear text and is hashed... you can install a remote wipe on the phone and if they lose it, simply wipe it and forget it.
Is there any way to get out of having to enter a pin because of the exchange server security requirements? I don't have any info on my work email I am worried about.. so it would be nice not to have to have a PIN/Password to be able to use it.
I have an exchange, it doesn't have to ise a pin at all, I just put it on to the native the email app
Just open and your in.
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
clintre said:
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
Click to expand...
Click to collapse
Ok. Guess I'll see if I can access it through other means than exchange. Not sure. Just hate typing in the pin all the time!!
Thanks for the info though
I run an exchange server myself with a few activesync devices running. It sounds like the pin you are describing is imposed by your system administrator, when I set up an account on an evo or inc all I need is my domain credentials and a server address.
I also run an Exchange setup. I can verify that a few native e-mail apps from 2.1 days somehow bypass certain Exchange requirements, much to my dismay (Motorola comes to mind). They pretty much lied to Exchange and said they were compliant when they weren't and didn't enforce some rules. However, all the new stuff follows the ActiveSync rules, assuming that's the setup you're aiming for. I suppose if you really wanted to bypass the security you could check to see if they left IMAP or POP open, but then they'd just be some not-very-smart sysadmins.
Also, you shouldn't need anything more than your e-mail address and your password to ActiveSync. After the initial attempt at syncing it will ask for you to verify the security permissions. If it drops out and asks for your server name, domain, and such then tell your admins to fix AutoDiscover.
Oh, and while the thought of your admins being able to wipe on command is scary, you will have the ability to remote wipe your device in the event you lose it. It'll be accessible under OWA, so that's handy.
Hi,
I configured our exchange server for corporate push mail on my Galaxy Note with March 2012 firmware. There's "optional encryption" requirement in the policy, where Exchange server ask for encryption if the device supports it.
Since Galaxy Note supports encryption, it enabled the encryption and asked me for a password.
Now, each time the screen locks, I have to enter a complicated password (consisting of characters, digits & a special character!) to unlock it! The phone became very unusable!
I understood from the post of "Eviip" in the page below that this is actually a requirement from Samsung side when you enable encryption, since my Exchange policy definitely does not require this. All other colleagues with Androids that can't do encryption or using iPhone's can just type a 4-digit pin code and use their phones.
http://www.google.com/support/forum/p/Google+Mobile/thread?tid=6355566b726a0932&hl=en
Is there anything I can do for this, except buying a 3rd party mail application?
Weird, because as far add I understand it GB doesn't support device encryption, only ICS does...
What ROM are you running?
Also, did the exchange policy configure the encryption or did you do it? Because as I understand it the exchange policies don't demand device encryption, just mail stream encryption (but I'll look into that further) and that is pretty innocuous stuff...
Sent from my GT-N7000 using Tapatalk
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
thomas_d_j said:
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
Click to expand...
Click to collapse
touchdown is no option for me, because it supports 2 different exchange accounts at a time only with "profiles", which is unusable for me!
regarding your problem: i know for sure that there were some hacks for this (a modified apk which doesn't incorporate the lock requirements. the downside is: with every rom upgrade you would have to redo this hack, as the mentioned apk may change in the system itself to a newer version...
Yeah, same to me
I 've update to 4.0.3 ICS but now I want to no use password or PIN for unlock screen mean that can I not use my exchange policy? (cause my GN haven't any privacy data to secure
so can you show for me? thanks!
I finally gave up with this and used the patch that I found in the forums (for rooted phones). It works pretty well!
http://forum.xda-developers.com/showthread.php?t=1117452