I just tried connecting my WM6.5 phone to my Windows 2008 server via wi-fi, and had problems as usual. I thought I'd share the quick solution for those that come across this problem.
The problem is that my server is also an active directory controller, and hence has an extra layer of security that needs to be dealt with. Basically it's one setting and a reboot.
When I tried connecting to it via Total Commander, it returns error 53.
A reference to the change needed is at http://support.microsoft.com/kb/823659 down at the section entitled "Microsoft network server: Digitally sign communications (always)". You have to change this setting to disabled.
To do this, open up Group Policy Management under Administrative Tools, then navigate to Forest: <your domain>, then Domains -> <your domain> -> Group Policy Objects -> Default Domain Policy.
Right click on Default Domain Policy and select "Edit". This opens the Group Policy Management Editor. (I'm sure there's a faster way to open this thing but there you go).
Within the Group Policy Management Editor, go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
That will list all the policies on the right. Select "Microsoft network server: Digitally sign communications (always)", open it, click on "Define this policy setting", and click "disabled". Click Ok, close everything, and reboot.
Note that the kb article (http://support.microsoft.com/kb/823659) says that you only need to do a Net stop server/net start server, but this didn't work for me.
Once I rebooted the server I was able to access shares on my phone.
Related
With all the exellent resorces we haw on this forum, one might think someone would be able to make AS work via WiFi ?, anyone ?
there is a tool which kills the commgr.exe or something like that
i sync to a exchange server so i never needed it but you can google for it
here:
http://www.airscanner.com/downloads/airfix/airfix.html
But why would you want ActiveSync over a WiFi connection????
Sorry, just wondering! :roll:
Andy
AS over wifi was disabled for a reason: security, because it's all done cleartext AFAIK. Airscanner doesn't enable wifi syncing AFAIK, but is useful.
V
maybe..
I found some info on a microsoft blog a while back but never had chance to try it, if you do and it works could you let me know coz it'd be quite handy considering wifi gives me better distance than bluetooth.
***************
One of the major drawbacks of Microsoft's latest OS was the decision to leave out Activesync WIFI support as a security precaution (synchronization data is not encrypted).
Thanks to Jaap Van Ekris, a Microsoft MVP based in Holland, there is now a secure and effective way to synchronize your WM5 device with Activesync using WIFI technology!
Follow the instructions carefully, and please note this has not been tested on a Smartphone so your feedback would definitely be appreciated on the matter.
QUOTE
Desktop PC settings (Control Panel):
1. Enter Network Connections
2. Create a new connection
3. Select 'Set up an advanced connection', click next
4. Select 'Accept incoming connections', click next
5. Click next on 'connection devices' screen
6. Check 'Allow incoming VPN connections', click next
7. Select all users which will be using this account
PPC settings:
1. Go to Settings/Connections/Connections
2. Select 'ADD A NEW VPN SERVER CONNECTION'
3. Enter the IP Address of your PC or its network name, select IPSec/L2TP and click next
4. Choose 'A pre-shared key' and enter some number combination (ex: 123456)
5. Enter user and password of desktop computer.
6. You're finished, enjoy!
Note: in case you have a firewall installed on the computer, you will need to change Activesync rules in firewall settings to allow connections to all IP addresses to default 169.254.2.2 address.
Pay attention that your PPC is setup as MY ISP/Work in CONNECTION settings.
***************
Re: maybe..
vbJoe said:
I found some info on a microsoft blog a while back but never had chance to try it, if you do and it works could you let me know coz it'd be quite handy considering wifi gives me better distance than bluetooth.
***************
One of the major drawbacks of Microsoft's latest OS was the decision to leave out Activesync WIFI support as a security precaution (synchronization data is not encrypted).
Thanks to Jaap Van Ekris, a Microsoft MVP based in Holland, there is now a secure and effective way to synchronize your WM5 device with Activesync using WIFI technology!
Follow the instructions carefully, and please note this has not been tested on a Smartphone so your feedback would definitely be appreciated on the matter.
QUOTE
Desktop PC settings (Control Panel):
1. Enter Network Connections
2. Create a new connection
3. Select 'Set up an advanced connection', click next
4. Select 'Accept incoming connections', click next
5. Click next on 'connection devices' screen
6. Check 'Allow incoming VPN connections', click next
7. Select all users which will be using this account
PPC settings:
1. Go to Settings/Connections/Connections
2. Select 'ADD A NEW VPN SERVER CONNECTION'
3. Enter the IP Address of your PC or its network name, select IPSec/L2TP and click next
4. Choose 'A pre-shared key' and enter some number combination (ex: 123456)
5. Enter user and password of desktop computer.
6. You're finished, enjoy!
Note: in case you have a firewall installed on the computer, you will need to change Activesync rules in firewall settings to allow connections to all IP addresses to default 169.254.2.2 address.
Pay attention that your PPC is setup as MY ISP/Work in CONNECTION settings.
***************
Click to expand...
Click to collapse
It doesnt seem to work
When i try to connect onto the VPN, it gives me an error with the dismiss button.
S
Hmm, too bad iyt dident work :-(
You may want to use Exchange Activesync via WiFi, GPRS or whatever. You do not need your PC in this case but you do need an Exchange Server.
Anyway, regarless of my 'leading question'...
I have not actually tried this (after realizing that ActiveSync over WiFi was a bit 'daft') - I stumbled across it in my attempts to get internet connections at work (which was a complete breeze in comparison to doing the same thing with Bluetooth).
Windows Mobile 2003 ActiveSync Configuration for 802.11b and Ethernet networks:
http://theillustratednetwork.mvps.org/WM2003/ActiveSync/WM2003ActiveSyncConfiguration.html
GL (you'll need it :wink: )
Andy
Yes I do know this. I have a 2003 device, and use it !
But would like to sync my jasjar without having to connecting it to the pc in the basement.
Re: maybe..
vbJoe said:
I found some info on a microsoft blog a while back but never had chance to try it, if you do and it works could you let me know coz it'd be quite handy considering wifi gives me better distance than bluetooth.
***************
One of the major drawbacks of Microsoft's latest OS was the decision to leave out Activesync WIFI support as a security precaution (synchronization data is not encrypted).
Thanks to Jaap Van Ekris, a Microsoft MVP based in Holland, there is now a secure and effective way to synchronize your WM5 device with Activesync using WIFI technology!
Follow the instructions carefully, and please note this has not been tested on a Smartphone so your feedback would definitely be appreciated on the matter.
QUOTE
Desktop PC settings (Control Panel):
1. Enter Network Connections
2. Create a new connection
3. Select 'Set up an advanced connection', click next
4. Select 'Accept incoming connections', click next
5. Click next on 'connection devices' screen
6. Check 'Allow incoming VPN connections', click next
7. Select all users which will be using this account
PPC settings:
1. Go to Settings/Connections/Connections
2. Select 'ADD A NEW VPN SERVER CONNECTION'
3. Enter the IP Address of your PC or its network name, select IPSec/L2TP and click next
4. Choose 'A pre-shared key' and enter some number combination (ex: 123456)
5. Enter user and password of desktop computer.
6. You're finished, enjoy!
Note: in case you have a firewall installed on the computer, you will need to change Activesync rules in firewall settings to allow connections to all IP addresses to default 169.254.2.2 address.
Pay attention that your PPC is setup as MY ISP/Work in CONNECTION settings.
***************
Click to expand...
Click to collapse
i followed the instructions above but can't connect to the VPN.
underwurlde said:
But why would you want ActiveSync over a WiFi connection????
Sorry, just wondering! :roll:
Andy
Click to expand...
Click to collapse
Some people don't have bluetooth!
Since I'm having a couple of problems lately that will ultimately require me to hard-reset my TyTN in the near future, I figured I could document the steps I take to salvage the configuration as I go and learn this stuff.
My primary tool will be the Windows Mobile 5.0 Pocket PC SDK, especially the rapiconfig tool, that allows to process and query configuration information in the form of provisioning xml files.
RapiConfig sends the provisioning file to the device, processes it and saves the answer to RapiConfigOut.xml.
Lesson #1:
How to retrieve Messaging account settings, even if they appear to have vanished, using the EMAIL2 configuration service provider:
<!-- query-email2.xml -->
<wap-provisioningdoc>
<characteristic-query type="EMAIL2" recursive="TRUE" />
</wap-provisioningdoc>
C:\>RapiConfig.exe /p query-email2.xml
The result will be a list of manually configured messaging accounts, plus Hotmail and MMS.
The result will not include passwords (parm name="AUTHSECRET). To be later able and use the output file for restore, these params should be added for those accounts with (parm name="AUTHREQUIRED" value = "1") and the file should be saved under a meaningful name. Since MMS will be commonly setup by the ExtRom setup, it should be removed.
Next time we'll look at wireless connection setup.
Lesson #2:
How to enable RAPI access with manager privileges and retrieve WLAN settings.
The attempt to retrieve WLAN settings using the "Wi-Fi" characteristic will fail with "Access denied", because the Wi-Fi configuration provider requires manager level access, which is like Administrator on a PC.
By default, RAPI only uses user access level, and users can obviously not be allowed to manage WLAN settings using RAPI.
The SDK provides a way around this. Allowing RAPI access to manager-level features can be enabled by a security policy. This policy must be set using a signed configuration file.
The SDK contains a file "RapiAllowed.cpf" in the rapisecurity folder that can be used for this purpose.
However, first the certificate used to sign this file must be installed on the device.
For this, the SDKCerts.cab must be run on the device. This step might fail however, if the network provider chose to prevent the user from using unknown certificates.
The the RapiAllowed.cpf can be copied and run as well. There will be no feedback other than a SMS confirming the installation.
RAPI is a powerful interface, so the inverse, RapiRestricted.cpf, must be run before the device is brought into possible hostile enviroments (e.g. where some people might run Bluetooth scanners, USB ports on public computers, etc).
There is also a tool available from Microsoft called "Security Configuration Manager" that allows reviewing and resetting device security.
With RAPI security disabled, querying Wi-Fi is a piece of cake:
<!-- query.xml -->
<wap-provisioningdoc>
<characteristic-query type="Wi-Fi" recursive="TRUE"/>
</wap-provisioningdoc>
C:\>rapiconfig /p query.xml
The RapiConfigOut.xml will show all configured WLANs grouped into access-point-based and ad-hoc networks, with a characteristic for each network.
The network key is included as dummy string "****************" that needs to be replaced by the real passphrase.
I guess the next thing is to take a look into the network settings provided by CM_Networks and CM_GPRS_Entries.
HB_TyTN, very interesting stuff in your lessons, thanks for your effort
Also you may like to check rapi unlocker here:
http://forum.xda-developers.com/showthread.php?t=252356
Excellent thread! Will definitely keep mentioining it in my forthcoming, related articles!
About networks
The network thing in Windows Mobile seems pretty messed up. In an attempt to make things easier, safer and more automated, I think, Microsoft left anybody on the way.
Here is what I understand and (warning), I may be totally off.
There are four pre-defined networks Internet, Corp, WAP and Secure WAP.
Although those may have different names based on OS language and HTC, provider or user choosing, the IDs of these networks are fixed and can be looked up in the SDK/include/connmgr.h file. E.g. Internet, is identified by 436EF144-B4FB-4863-A041-8F905A62C572.
These networks describe different setups in terms of routing, security or proxy settings or are used from different applications (e.g. WAP/MMS).
Of all networks, one is selected as Internet (public) and another can be chosen as private under Select Networks in Advanced Connections.
Internet will provide TCP/IP only. Private will provide access to Windows shares, and may connect to the internet, usually thru a proxy.
The Connection Manager separates the world into Internet and private, based on the URL of the server.
Non local server names, e.g. www.xda-developers.com will be connected with the network specfied as Internet.
Yes, this includes any directly entered IP address, as the detection is based on the occurrence of a "." dot in the server name. The only way around this is to specify the URL in Settings, Connections, Advanced, Exceptions (using * as a wildcard if necessary).
Sole server names and except URLs will be connected thru the network designated as private.
With each network, connections, network cards and wireless networks can be associated, so that, finally, the connection manager uses or dials one of those connections based on the network it chose to use.
That's a long intro into lesson #3: Querying network information
I'll start resetting RAPI security to restricted, by copying RapiRestricted.cpf to the device, running it and checking the SMS message for success. This should prevent any actual messing up something.
Now to querying networks using the CM_Networks configuration provider.
<!-- query.xml>
<!--<!DOCTYPE wap-provisioningdoc SYSTEM "msprov.dtd">-->
<wap-provisioningdoc>
<characteristic-query type="CM_Networks" recursive="TRUE"/>
</wap-provisioningdoc>
C:\>rapiconfig /p query.xml
C:\>notepad RapiConfigOut.xml
The introduction above is to explain why this query does not reveal anything useful, other than a list network names, their ID and an obscure "Secure" value, which is 0 for all my connections.
I find it more interesting to query the CM_PPPEntries or the CM_GPRSEntries providers. They use a similar, yet somewhat convoluted schema.
Here are the notable parts:
DestID associates the entry with one of the networks I talked about and queried above.
Phone is the number to dial for the connection. For GPRS, this entry is set to "~GPRS!". I wonder who came up with that string.
Username and Password are obvious and so is RequirePw.
DnsAddr, AltDnsAddr are not out of the ordinary, and if SpecificIpAddr is "1", the ip address is in IpAddr, although I'd assume it is assigned dynamically in most cases.
DeviceType and DeviceName are set to "modem" and "Cellular Line" for the connections that use the phone network.
DeviceSpecificRAW is the most dangerous entry here, since it contains the parameters for the phone device in binary form. I wonder if there is any point in looking into those other than to inflict pain.
Some of the device parameters are set verbosely, so let's rather look at those. However, your provider may not like it if you modify these vigorously.
If BearerInfoValid is 1, BearerInfoService and BearerInfoSpeed are supposed to specify the type of modem and it's speed. Values in my case are 1 -Async Modem and 15 - 9600 v32, which goes to show that the latter value is rather useless, because I know I get more than that with both UMTS and GPRS. So better not tamper with these.
CompressionInfoValid and RadioLinkInfoValid are set to 0 in my case, so one can easily do without.
GRPSInfoValid is set to 1, but the only real interesting parameter is GPRSInfoAccessPointName, which must be set for the GPRS connection to know whom to talk to.
GPRSInfoQOSSettingsValid and GPRSInfoMinQOSSettingsValid are 0, which is sad, because I'm really not happy with my GPRS Quality of Service and would have loved to improve it.
Now, that was a joke. QoS is a way of classifying network traffic for bandwidth and latency and I doubt any provider supports it for Joe Average.
For all the parameters documentation is in the Smartphone SDK about the Telephony and TSP API structures.
Finally, a list of default URL mappings, as found in the CM_Mapping provider documentation.
*://*.*/* The Internet
*://*/* My Corporate Network
wsp://*/* WAP Network
wsps://*/* Secure WAP Network
To query my personalization settings, next time I'll dive into the registry and see what I can do with RAPI configuration queries.
How is it possible to add an exception in the proxy list.
For example in Windows XP, you go to:
Start -> Control Panel -> Internet Options -> Connections Tab -> LAN Setting -> Advanced, and you get whats attached.
How do you add this address into an exception on Windows Mobile 6.1 (I'm using a Sony Xperia X1 with IT-Touch v7.1).
Many thanks..
blake13 said:
How is it possible to add an exception in the proxy list.
For example in Windows XP, you go to:
Start -> Control Panel -> Internet Options -> Connections Tab -> LAN Setting -> Advanced, and you get whats attached.
How do you add this address into an exception on Windows Mobile 6.1 (I'm using a Sony Xperia X1 with IT-Touch v7.1).
Many thanks..
Click to expand...
Click to collapse
Go to Settings, Connections, Advanced and open the Exceptions list. You can then enter URLs that you don't want to go via a proxy for. This works in conjunction with your current Data Connection or WiFi. The logic seems to be - If you have a WiFi connection active and it is set to 'Connects to: Work' then the URLs will be connected to directly over that WiFi connection. If the WiFi is set to 'Connects to: The Internet' then a VPN connection to your Work will be attempted over the WiFi (assuming you have one defined?). If you have a HSDP/3G/GPRS connection active then a VPN connection will also be attempted but over the active HSDP/3G/GPRS.
The URL list doesn't just work for HTML pages via IE, if any application attempts to locate a host that is in the URL list it follows the same logic as above - unless it has it's own hook-ins to the OS and forces a connection itself.
I have only one entry in my URL list and that is the DNS domain name of my Work network - '*.work.domain/'. This seems to work well for me.
That's my experience of it anyway.
Andy
Have you ever noticed that it takes a month of Sundays for your Windows Mobile phone to... actually connect to the server and start downloading? Watch for it the next time you go to a website with your phone.
From my experiences with AT&T, it's because their DNS services suck giant... coconuts. They're overloaded, slow, and take forever to respond to a query. (For those that don't know, a DNS server is like a phone book, it converts domains (names) like www.google.com into IP addresses (phone numbers) like 74.125.67.100)
By changing the DNS servers for my MEdia Net connection, pages begin loading up to 30 seconds faster. It's not a speed boost speed wise, but it greatly shortens the time you're waiting for the page to pop up.
Directions for Windows Mobile 6.5:
1. Click "Start"
2. Click "Settings"
3. Click "Connections"
4. Open "Connections"
5. Choose "Manage Existing Connections"
6. Choose your connection (In my case, MEdia Net)
7. Click "Edit"
8. Hit "Next" twice until you get to a page asking for a User Name and Password. DON'T CHANGE THIS or you will lose your data connection! (view attachment)
9. Click the "Advanced" button. This opens up the TCP/IP settings. DON'T CHANGE THIS (view attachment)
10. Select the "Servers" tab. This is where you change your DNS server. Set to "Use Server-Assigned Addresses" to use your carrier's servers. (view attachment)
11. Select "Use Specific Server Addresses" and enter your DNS server addresses. I have personally had great luck with:
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
I personally use 4.2.2.2 because it's easier to remember. There are many other public DNS servers out there, just Google! (view attachment)
12. Hit "OK", and if the connection is open, you will get a dialog asking to save. Click "Yes" (view attachment)
13. TEST IT OUT!
-------------
I'm very interested in seeing how many other people report connection speed decreases by changing their DNS servers. This weekend, I was at a racetrack near Green Bay, Wisconsin and I couldn't connect to any websites at all. The connection kept timing out. I became curious, changed the DNS to 4.2.2.2 from default, and I had instant connections.
Well, I'm on tmobile Edge connection and everything is fine for me so i can't feel your pain. have you tried skyfire browser to browse or are you talking about downloading emails?
hi to every one.plz help. i have flashed energy rom to my hd2 t8585. problem is with email when i set up the hotmail every thing was perfect it was loading my emails.now when ever i onn wifi and go to the mail sense button in options when i press the update folder button in order to retrive new mails it starts to connect to data connection(network internet) rather then wifi which is already onn.how can i change settings to retrive mails using only wifi.
thanks
Please dont title your subjects with "please help", that should be part of your post not juts used as title, titles should be descriptive of subject as per rules. For example it should be "Problem with email and data/wifi connection" or something along those lines.
Haven't you considered moving over to Android? Much better OS for user friendliness.
Go to the Mail Tab -> Inbox -> Menu -> Tools -> Options
Select your account
Select: Edit Account Setup -> Next -> Next -> Next -> Next -> Advanced Server Settings. Set the Network Connection to The Internet.
This means that if your phone is connected to the internet by WiFi then it will use that method. If it is not, then it will start up the phone networks data connection.
As a side note, are you using Hotmail as an exchange account?
Set up a new account, select Outlook. Enter email address and password. Select Manual Setup.
User name: full email address
Domain: \
Server Address: m.hotmail.com