Related
In my work to access OWA I need passcode(RSA, that is a pain in the ass if your connection is cut), and due to the security policy of my work, I can't access the Exchange e-mail account in the android (is on a Exchange server 2003 SP1, with forced password policy, that prompt for password every minute without use and wipes everything, when two many times the password is wrong)
iPhones and WM based devices they are activated normally throw the same server address to exchange mobile service (with the security police enforced), but (i think) due to the unlock pattern tech, that there's no password and security sucks, I just can't configure it.
Even the Radius server blocks my nt account after a few attempts.
On the other e-mail with the Exchange server 2007 SP1, no policy, it works great..
I love android and I don't really like the idea of coming back to a WM or trying a iPhone or maybe a Blackberry since we have a BES too..
On the WM devices I installed a program that remove the annoying requesting always for password without removing the certification stamp that I'm following the policy...
Somebody came up with something like this for android?
Is something it can be worked around on future developments?
Any idea on working around on my issue?
Simply install something like Touchdown....
In any case.. this is not really a development question.
Hi
I used to be able sync to my work Outlook email via ActiveSync / Outlook Mobile Access (OMA). However, yesterday my work IT department disabled OMA on my Exchange server as they do not support anything other than the blackberry. Despite my protestation they are refusing to re-enable OMA. This leaves me with a big issue!
Does anyone on here know of a third party application that can sync outlook emails and calander using Outlook Web Access (OWA)?
I have found an application called Chronobis which is able to sync from OWA but only one way i.e. deleted items on Chronobis will not delete from my Outlook inbox and calendar appointments added won't sync to my outlook calander (or so I believe). Whilst this is a good start it really doesn't get me to where I need to be.
I am desperate to sync my work outlook emails to my new HTC HD2 (its the main reason I got it)!
Anyone got any other ideas / know of any other applications?
Would really appreciate any suggestions.
Thanks in advance.
Yes, you can use a service called Seven.
Thanks for your response.
I've had a look and it seems this could do the job! Seems that the only way to get it was to join the beta programme which I've done but when I put my the vendor in it doesnt give me the HD2 as an option.
Any ideas what handset I should choose that will work with the HD2?!
I've also read compatibility issues with Manilla 2.5 in their forums. Has anyone managed to get this working successfully on an HD2? Also, are you able to move emails to your different folders using this app and have them sync with the exchange?
Is this the best / only app out there for my requirement?
Sorry for all the qus!
Thanks again.
ActiveSync uses OWA. Put in webmail server, username, password and works.
OWA still works, like afterburn said, i got my calendar, email and tsks to synch. lol now all my contacts are on my university email accounts, pretty cool tho.
no need for thirdparty, active sync does it.
dont know what OMA is. but what you want is exactly what OWA gives you.
dont set your owa using HCT SENSE/MANILA SETTINGS. do it through normal out look ad account way. HTC tick boxes for tasks, calendar and other stuff are greyed out and only email is available.
but on the standard outlook mobile all the settings are there.
need a run through of how to set it up?
Thanks for your responses guys.
OMA is office mobile outlook. It is a setting within the exchange server which either allows or disallows a mobile device to access emails through the mail app. Having OWA does not mean that you will be able to access your emails from a mobile device (except through the mobile browser).
Activesync uses OMA rather than OWA so at the moment I'm stuck!
As a result I need an app that syncs via OWA.
Seven seems to be able to do it but I could do with any answers to my qus above.
Happy to be proved wrong on this but one day it was all working fine and the next my exchage server settings had been changed and it stopped working.
Any exchange server admins on here who can confirm my thinking is correct?
Gooner4_1998 said:
I've also read compatibility issues with Manilla 2.5 in their forums. Has anyone managed to get this working successfully on an HD2?
Click to expand...
Click to collapse
I'm using Seven on HD2. There were compatibility problems with custom ROMs on other devices based on leaked Leo Manila.
Why don't you use Blackberry Connect on your Wm device? That way, you can sync the same way as Blackberry devices. Of course that requires you to have BB access rights, but since they are so BB happy, you may be able to get that.
You can get it here: http://www.htc.com/us/mobile/connect/8925/install/default.html
Of course it is not specific for the HD2, and I have no idea if it'll work, but it is worth a try.
BB connect sounds like a good idea, wasn't aware it was a possibility, thanks.
I actually have a BB from work so I know that I am set up for it. However, I work for a company that are very keen on security so there is no way they will give out the settings I would need (its set up by the IT department and then just given to you).
Is there any way to get the info / settings I need from my current blackberry? Ive had a look on it and can't see anything obvious.
Just checked through some documentation on BB connect and unfortunatley it requires that I install ActiveSync and BB Connect on a computer connected to my works network.
As I dont have admin rights on my work laptop I won't be able to do this (unless anyone knows how to install programs without being an administrator!).
Looks like Seven might be the bset solution!
Vangrieg, which handset did you choose to set up for the HD2?
Thanks
I admin an exchange server, the most common reason for OMA not working is if there isnt a valid ssl cert for the domain, but i can confirm that as you mentioned, it will deffo not work if mobile access is turned off on the user account (there are 2 seperate options for web and mobile access)
i dont see any decent reason why a server admin would disable it, he must be on a power trip or sommert!
Thanks lancemate.
Could the valid ssl cert be the reason even if others in my company are still able to access as before? Its only affecting me. I've set up one of my collegues mail accounts on my phone to see if it still worked and it did without any issues.
When I called IT they said they hadn't changed any of my settings so I had assumed that OMA was the issue. I asked them to check and to re-enable and they told me they were unwilling to even look at my settings!!! Our IT department has been moved to India which makes it even harder to get any help!
Could an ssl cert suddenly just expire?!
Is there anyway of me to get a valid ssl cert for the domain witout going through IT to see if this is the issue?!
Been doing some more research and want to see if getting an ssl certificate onto my phone will make it work. Absoloutely no idea if it will work but its the last thing I can think off!
Is it possible to download the SSL certificate from my OWA site?
If I double click on the padlock in the bottom left corner I can get the certificate details up on the "details" tab (although there are loads of files and I don't know what I'm looking at!). When I click "copy to file" the export wizard come up but I have no idea where to go from there!
Anyone able to offer any assistance please?
Also, I'm sure this is a stupid question but would I need to put this certificate on my phone or could I use a different one?!
Thanks
It cant be an SSL Cerificate issue if your Colleague's account works on your device.
It MUST be that OMA is disabled on your account or something else is horribly wrong. As mentioned above i cant see any reason why an Exchange administrator would disable OMA.
Can you connect to your account using activesync on a different device to check whether its the phone or settings on server side?
To help you with using Blackberry Connect as a possible solution here are some resources on how to run programs that require admin level on machines you havent been given admin rights to. Some methods cover your tracks completely and others simply let you create/amend and delete windows accounts and associated rights in whatever way you need.
i would suggest using the first link to create a bootable usb stick that loads a modified linux command prompt. You can then use this to give yourself local admin rights.
http://pogostick.net/~pnh/ntpasswd/
http://www.jms1.net/nt-unlock.shtml
http://internetbusinessdaily.net/how-to-hack-a-window-xp-admins-password/
I've tried to set up on 2 other phones, bith with no joy so I'm guessing its the server side rather than the phone.
Is there no way that its anything to do with the ssl certificate? Are they set up company rather than by user? Will my suggestion of putting a certificate on my phone definately not work (if I could even find out how to export it from OWA)?!
I also cant see why the OMA would have been diabled so thinking it must be something else!
Thanks
I share Gooner's concerns and look forward to finding a solution. 1) My company has not yet enabled mobile devices to sync via Outlook Web Access. 2) Blackberry Connect does not yet work on HD2. There is a thread for BBC on this very same forum.
I am confident that a solution will soon emerge for 1) and/or 2).
Audio Oblivion said:
It cant be an SSL Cerificate issue if your Colleague's account works on your device.
Click to expand...
Click to collapse
Well, sometimes you need to install the certificate manually on your device to make it work. That's the case where I work - we use a self-signed certificate.
I use zarafa as a direct replacement for exchange, it syncs my emails,calendars, contacts etc.
It allows push email as well.
Hi JMes
After looking around I have found it appears that there are 2 services that will allow you to sync a mobile device using OWA, even if it is not set up for OMA.
Seven - Currently in beta but others have had success with this service on an HD2. I believe that it will sync Calendar, Tasks and Email.
Emoze - Also allows you to check outlook via OWA and offers a free service or a paid for service. Paid for service allows you to remove the "sent from emoze" tag allows attachemnts to be sent up to 2mb (rather than 100kb). Think it costs 10 euros a year.
Hi *,
From a long time i'm trying to find a rom for Magic 32B be used for work.
My needs is to have a rom with ActiveSync (Mail, Calendar and Contacts) and, if possible, lookup in the "GAL" of Microsoft Exchange.
I know many software for these features, but it's possible inclusion in a rom?
Thanks in advance!
Ale
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
DarkOne951 said:
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
Click to expand...
Click to collapse
Thanks for the reply.
Android 2.1 ROM sync ONLY Email and Contacts. NO CALENDAR
ckale82 said:
if possible, lookup in the "GAL" of Microsoft Exchange.
Click to expand...
Click to collapse
I haven't seen any rom you can do that in ...
1.6 roms seem to use the 'work email' app which is an adapted version of the htc mail app from non-google branded htc devices.
2.x roms have native exchange support, mail and contacts sync only.
I believe you could get what you're looking from the market but you'll probably have to get your wallet out and pay.
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
That's what I thought too. However I never had a need for it and only basic needs for exchange. gmail for sure did calendar sync.
You'll want to go 3rd party and get a fancy one anyway. Should be worth the money if the feature set is important (not withstanding my opinion).
st0kes said:
I haven't seen any rom you can do that
Click to expand...
Click to collapse
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
yep. the old 1.5 rom with htc framework does exactly this.
i know, because i still use 1.5 for just this reason.
the best rom you'll find that does this without any need for third party apps etc is enomther's the original rogers rom. (not to be confused with his the original donut roms.)
you'll find it in the G1 development forum.
in order to use GAL addresses, you have to use "add receipient" to fill out the "to" field when doing an email. then you can choose between "contacts" (google) or "company" (GAL).
you can't browse the GAL as far as i am aware, but you can search it.
EDIT: by the way, it does full exchange sync. emails, contacts and calendar.
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
you can purchase touchdown and it does everything you ask
on any version you want
includes searchable GAL
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
gymmy said:
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
Click to expand...
Click to collapse
umm android has all those through applications available in the market ....
What are moto apps
markkohfm said:
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
Click to expand...
Click to collapse
What are moto apps - can' seem to find it searching on xda... If anyone could enlighten me, I would appreciate it.
I whole-heartedly recommend Nitrodesk TouchDown. It's a kick-ass app for Exchange. You get push updates for Mail, Calendar, etc.
It might seem expensive relative to your average mini-app, but you have to keep in mind that this is way more useful than those.
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
BigRD said:
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
Click to expand...
Click to collapse
glad we reached a consensus that business users need to stop whining about exchange and drop 20$ for touchdown
is really a stellar exchange client
hopefully there will not always be a need for this as it should be part of the base OS
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy.
The enterprise I work for, doesn't use the Active Sync certificates forced and runs on Exchange server 2007. No issues with the Exchange Android OS. No touchdown needed.
The partner who we support has to fetch the certificates and runs on Exchange server 2003. Now, they will migrate everything to Exchange 2007..., than I want to see what will happen because they will keep the security policy or adapt it to the new infra. I'm using the touchdown, because otherwise I'll have my account locked on the Radius server.
iPhone's are even more limited. To sync an iPhone with my partner Exchange server 2003, you need the following:
- On the Inbox folder have less than 500Mb
- Be over the OS version 3.x.x
- If you make a NT password reset, you have to re-create the profile and sometimes hope for a miracle or change the domain to the complete address or insert it on the username.
Once again on the Exchange 2007, no issues.
I had the same issue with android because I use exchange calendar and mail.
CursorSense has exchange calendar, it is 1.5, but works very smooth for me. The main problem was the initially pin, I had to call my exchange IT person to remove that security so I can use it. Otherwise, you are out of luck.
I've never had success with android 1.6. I've tried the Moto apk, and many other names, adb push it to the phone, and it just doens't work. So, for me, 1.6 has no exchange calendar, but only email.
As for 2.1, it does support exchange calendar. But I'm waiting a faster rom to start using it. In the meantime, I use touchdown, which is WAYYYY better than the native software from android. The widget actually works!! The widget from android in 2.1 includes Email and Calendar, but none of them refreshes the information all the time, so you will actually have to go in the email account to see new email, and your calendar to see new updates. With Touchdown, the widget is easier to use and it updates quickly. It is too expensive, I agree.
There is another app, called Roadsync, but I don't like the UI.
ricardomega said:
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy
Click to expand...
Click to collapse
Well, that is down to the business running Exchange, not anything to do with Android ... enterprises should be using universally trusted certificates.
If you get a certificate error in activesync it means your exchange admin bought a cheap SSL certificate that your device doesn't trust.
Not agreed.
Ref. 1 (Wiki):
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the IETF standards.[1]
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.[2]
RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine.[3] RADIUS serves three functions:
to authenticate users or devices before granting them access to a network,
to authorize those users or devices for certain network services and
to account for usage of those services.
Click to expand...
Click to collapse
This is GOOD. IT MEANS SECURITY.
Talking about universally trusted certificates... if the windows mobile since 5.1 version and other devices exchange services (like Symbian S60 devices up and others) work flawless ... our new gadgets are the one's who doesn't work ...
The partner that I was speaking are leaders on their security division product for decades.
Sorry, but please point out the Apps.
1: Client side cert import for access to company websites ?
2: Encryption which is FIPS 104-2 certified
3: Group Policy enforcement
Touchdown does work, but its not just exchange email which uses certification
My company which uses lotus traveler to enable access to corporate mail and calendar on WM devices. I installed this on my HTC HD running WM6.5 (Dutty Leo ROM). The installation has forcing us to use strong alphanumeric passwords and also greyed out the "prompt if unused for" radio button where you would typically turn off the phone password locking. This has rendering the phone virtually unusable as it takes 3 mins to enter a strong alpha password each time you use the phone...brilliant!
Is there a hack/registry edit that I can use to un-grey this button so I can turn it off and start using my phone normally again.
Any suggestions would be appreciated...
It's probably not related to the Lotus Traveller itself, but with the company enforced policies included in the CAB file - I presume You got the CAB from the company, not the Lotus/IBM website. At least that was the case in our company, that they forced to use the simple PIN lock with Exchange sync - I was already bothered by the simple PIN, so I dropped the whole idea. But I suggest You take a look in the CAB file, if You can still get it and see what changes does it make in the registry. Or You can also ask from Your company IT guys about the WM policies they have to enforce, they should know.
Anyway, hope You have some directions to go now.
Thanks for the suggestions....
1) I tried removing the lotus traveler application - this had the effect of removing the security enforcement. I reinstalled it and it was enforced again.
2) The traveler application launches automatically when the phone boots up. So I removed it from the startup sequence. Unfortunately this did not solve the problem. So I think there must be a registry setting somewhere that is set and monitored by the application.
3) I also looked in the setup.xml file that was in the traveler.cab installation file. I could not find any registry mods that were related to security.
4) The traveler release notes say the following: Customizable device password strength enforcement rules!
Traveler provides a built-in set of default device preferences and security settings that an administrator can modify for use when a device initially registers with Lotus Notes Traveler. The default device settings for users come from the Traveler administration database default device settings document. Users can change their device preference settings from their devices, but only an Traveler administrator can change device security settings.
Suggestions?
In the last few days I have browsed the registry quite thoroughly and there doesn't appear to be key that controls whether radio buttons are active or not (greyed out). I was hoping to make the "prompt if unused for" radio button active again so I could manually switch it off.
I'm out of ideas....any suggestions pls
i have lotus traveler installed on my tp 2 i have flashed my phone many times and reinstalled lotus and have had no problems. can you post a screen shot.
Security Policy
Hi
I am a Notes admin and can confirm this is a polcy that has been set to secure company data on mobile devices. Most companies have a policy that requires company information/access be secured especially on things like mobile devices.
Think about it, your company email system would be available to anyone stealing or finding your phone. While this may not worry you, it could be a cause for concern for your company executives or auditors - and could be a compliance issue in many industries.
The policy is set on the email server itself and pushed down and enforced on the device so it cannot be bypassed.
To remove it or get a less secure PIN you will need to speak to your company Lotus Notes admin.
This is an issue I have seen before and can cause conflicts between employees who use their own phones and resent the way they use them being changed and those concerned with securing and protecting their company.
Hope that helps but the long and short is speak to your email admins. The security policy is not default so someone must have set it up that way for a reason.
MIUI used to have an option to disable the password option even when it is enabled/enforced by Notes Traveler. However the new versions of miui do not have this.
Check this link
http://miuiandroid.com/community/th...en-security-has-been-removed-fro-1-7-29.8941/
why not have the security measures focus on the app?
paulbenwell said:
Hi
I am a Notes admin and can confirm this is a polcy that has been set to secure company data on mobile devices. Most companies have a policy that requires company information/access be secured especially on things like mobile devices.
Think about it, your company email system would be available to anyone stealing or finding your phone. While this may not worry you, it could be a cause for concern for your company executives or auditors - and could be a compliance issue in many industries.
The policy is set on the email server itself and pushed down and enforced on the device so it cannot be bypassed.
To remove it or get a less secure PIN you will need to speak to your company Lotus Notes admin.
This is an issue I have seen before and can cause conflicts between employees who use their own phones and resent the way they use them being changed and those concerned with securing and protecting their company.
Hope that helps but the long and short is speak to your email admins. The security policy is not default so someone must have set it up that way for a reason.
Click to expand...
Click to collapse
so why not have the security measures focus on securing the app and the app data? personally, I don't mind the 24/7 emails...but making me lock my phone so the company can blow up my phone at 7pm on a sunday...LAME.
Are there any news? I would like to remove the LockScreen security and want to use ibm verse.
Is there any way to get out of having to enter a pin because of the exchange server security requirements? I don't have any info on my work email I am worried about.. so it would be nice not to have to have a PIN/Password to be able to use it.
I have an exchange, it doesn't have to ise a pin at all, I just put it on to the native the email app
Just open and your in.
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
clintre said:
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
Click to expand...
Click to collapse
Ok. Guess I'll see if I can access it through other means than exchange. Not sure. Just hate typing in the pin all the time!!
Thanks for the info though
I run an exchange server myself with a few activesync devices running. It sounds like the pin you are describing is imposed by your system administrator, when I set up an account on an evo or inc all I need is my domain credentials and a server address.
I also run an Exchange setup. I can verify that a few native e-mail apps from 2.1 days somehow bypass certain Exchange requirements, much to my dismay (Motorola comes to mind). They pretty much lied to Exchange and said they were compliant when they weren't and didn't enforce some rules. However, all the new stuff follows the ActiveSync rules, assuming that's the setup you're aiming for. I suppose if you really wanted to bypass the security you could check to see if they left IMAP or POP open, but then they'd just be some not-very-smart sysadmins.
Also, you shouldn't need anything more than your e-mail address and your password to ActiveSync. After the initial attempt at syncing it will ask for you to verify the security permissions. If it drops out and asks for your server name, domain, and such then tell your admins to fix AutoDiscover.
Oh, and while the thought of your admins being able to wipe on command is scary, you will have the ability to remote wipe your device in the event you lose it. It'll be accessible under OWA, so that's handy.