When you are setting up a new server source in AS, it has some options for doing things automatically (I assume based on our email domain name). This has never worked for me (I am the sys admin for our Windows network). Do I have to be running Exch2007 to get this functionality, or is it some sort of DNS issue that is making this fail? The front-end server that we use is not mail.domain.com We use webmail.domain.com.
Any thoughts are appreciated. We are going to be allowing our users to bring their own service and devices to our cell phone mix, and I want to make connecting with WM devices as easy as possible. I'm trying to reduce the number of blackberry devices we use.
Thanks!
Brandon
Microsoft Exchange 2007 Autodiscovery
Autodiscovery allows a user to enter their email address and password into Outlook 2007 or Windows Mobile 6 Pocket Outlook to have their profile or activesync relationship automatically configured to access an Exchange 2007 server.
In short, you add a DNS record for the host "autodiscover" in the domain you want to use Autodiscovery in. If you want it to work internally just add it to your company's DNS server. If you want it to work externally you have to add it to your external DNS server.
One important note is that you must have a multi-domain SSL certificate from a known public provider. This is because you need 4-hosts on the certificate (2-domains with 2-hosts each) I purchased a multi-domain certificate from GoDaddy.com for $58 for 1-year.
Search keywords: +Exchange +2007 +Autodiscover
In my work to access OWA I need passcode(RSA, that is a pain in the ass if your connection is cut), and due to the security policy of my work, I can't access the Exchange e-mail account in the android (is on a Exchange server 2003 SP1, with forced password policy, that prompt for password every minute without use and wipes everything, when two many times the password is wrong)
iPhones and WM based devices they are activated normally throw the same server address to exchange mobile service (with the security police enforced), but (i think) due to the unlock pattern tech, that there's no password and security sucks, I just can't configure it.
Even the Radius server blocks my nt account after a few attempts.
On the other e-mail with the Exchange server 2007 SP1, no policy, it works great..
I love android and I don't really like the idea of coming back to a WM or trying a iPhone or maybe a Blackberry since we have a BES too..
On the WM devices I installed a program that remove the annoying requesting always for password without removing the certification stamp that I'm following the policy...
Somebody came up with something like this for android?
Is something it can be worked around on future developments?
Any idea on working around on my issue?
Simply install something like Touchdown....
In any case.. this is not really a development question.
Hello,
I've just bought my Galaxy S.
I have problems with the default Exchange Email client from the phone.(is this Samsung one, or Android?).
At the begining it was working fine, without any issues.
I made a firmware update using Odin to I9000XWJG5 and it was not working anymore. When I was trying to configure it all the time I was getting "Unable to connect to open connection to server". I checked with a USB tracing tool and I saw that the email client is crashing.
Meantime I updated to the last VDF Romania verision I9000BUJF5, but the behaviour is the same.
What it is starnge is that I installed an Market Exchange Clent, Touchdown, and it is working just fine (using Active Sync connection to Exchange Server).
What do you think? Which can be the issue?
The funy thing is that with an other I9000 with the same software, is working the default Exchange Email client! So it is something with my hardware?
Thanks,
Mircea
I have same problem. Any solution? I use 3rd party like TouchDown and RoadSync are working fine. Is this ROM problem?
One more thing: the same behaviour is hapening if I try to configure yahoo mail!!! It is a problem with the embeded email client!
Sent from my GT-I9000 using XDA App
though touchdown works, but it doesn't integrate with the phone and other Widget.
Still prefer the Exchange client comes with SGS.
and looks mirceal has a more serious problem than i do, I only can't sync the calendar, unlike mirceal, can't sync anything
I have the exact same problem. Have you found a solution yet?
Thanks!
On my side I have already tested a lot of mail app and a lot of ROM ( australian JG2 I think and JFF, JM2, JM5, JG8 and JP3)
For all the 3rd party mail app ( htc work mail, k9, touch down) it basically works all the time
For the integrated mail app I had the following issues :
* Unable to connect to open connection to server for all the exchange account
* Unable to connect to open connection to server only on the subfolder ( the inbox was working)
* Unable to connect to open connection to server for the Hotmail
* Hotmail mail downloaded but not displayed ( can't even see the list of mail ... just the count on the first mail app page)
This problem occured only with some ROM and sometime with the same ROM it happened or not after a reboot
For instance on JFF, JG8 and JM5 I have never been able to see the mail coming from the subfolder of my exchange account.
I works fine with JM2 and JP3
For the calendar, I have seen only once working with JM2. With this ROM instand of having 1 exchange calendar I had several calendar coming from my exchange account ( one for every type of event like work, family, personal ....)
Now with JP3 the calendar doesnt sync so I have to use gmail to sync my exchange
So no solution to propose ...
Iwill install again tomorrow JM2 to see if the mail and calendar definitely works with this one
How did you check that the mail app was crashing through usb ?
Hello,
Good news from my side!
I found the issue I experienced.
The things are as follows: when you configure for the first time the default client, it's firstly connecting to ssl.samsungmobile.com server!!!! This I noticed only after I installed wireshark program on the mobile. My problem ead that I am using a separate APN for checking emails. This APN doesn't have access to internet. So it was impossible to reach that public server!!!! And the error was "unable to open a connection to server". It was speaking abot the samsung ssl server and not my company's Exchange Server!!!! Crazy thing.
So at the first time of email client connection setting I used the internet APN till the internal setting algorithm reaches the ssl.samsungmobile.com connection and when it tries to reach the Exchange Mail Server I switch to vpn APN. And the Exchange emails are working without any problem!
Try it!
Mircea
Sent from my GT-I9000 using XDA App
Hi,
can you please clarify what exactly have you done?
for some reason I have the same problem on WiFi as well.
(let alone that ssl.samsungmobile.com is not a valid address).
Same with Galaxy Tab - reason found
This is exactly the same problem on my tab.
literal translation: "connection with server impossible"
It seems, however, that the client is in contact with the server: when I enter a wrong username, the error throws immediatly; with the correct credentials it takes 3 times longer.
New findings:
Exchange 2010 does a good job logging EAS. Extract of the EAS dialog of my Galaxy Tab:
RequestBody :
<?xml version="1.0" encoding="utf-8" ?>
<FolderSync xmlns="FolderHierarchy:">
<SyncKey>0</SyncKey>
</FolderSync>
AccessState :
Blocked
AccessStateReason :
Policy
ResponseHeader :
HTTP/1.1 449 Retry after sending a PROVISION command
MS-Server-ActiveSync: 14.1
ResponseBody :
[No XmlResponse]
So, I can see that the mail client doesn't integrate with Exchange's security policies. Very bad job indeed, as TouchDown AND HTC (Desire:Froyo) do quite well.
Is somebody please going to request Samsung to speed up?
Exchange 2007 vs. 2010
I just discovered that on Galaxy Tab, the mail client can deal with an Exchange 2007 Server with security policies activated, but it cannot get the compliance check done with Exchange 2010.
This is a known issue with certain versions of Android OS on phones available from different manufacturers and service providers. The only verified solution that we know of at this moment has come thru this community, as 'Mitch Roberson' has written below, I have marked that as an 'Answer' as well.
Now, let me list some related details here for everyone's information.
Phones are actually running into a provisioning issue against Exchange 2010 Server. This is evident from the IIS logs pastd below by some users and the logs we have seen in Microsoft Support. For example, you will see the following in IIS Log:
2010-08-31 20:38:54 192.168.2.6 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=johndoe&DeviceId=validate&DeviceType=Android&
Log=V120_Ssnf:T_LdapC13_LdapL16_RpcC35_RpcL63_Ers1_Cpo19453_Fet20015_Pk0_
ErroreviceNotProvisioned_As:BlockedP_Mbx:mail.contoso.local_Dc:dc01.contoso.local_Throttle0_BudgetD)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F7fd952bb-6275-4010-8c3e-bb47f4cea08f%2cNorm%5bResources%3a(Mdb)DB1(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc01.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc02.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 contoso\johndoe 75.204.200.137 Android/0.3 449 0 64 20734
You can see that the Android mobile device is sending a 'FolderSync' EAS command to server for user JohnDoe with the DeviceID = Validate and Type = Android, and is being blocked by Exchange as it is not responding properly to the provision command from server. This is implemented thru Default Throttling Policy and the error it geenrates is error code: 449 (which essentially means device provisioning has failed). Generally this happens when client does not respond properly to provisioning commands from server where server informs mobile device that there are certain EAS policies applied by the Exchange Server Administrator and device needs to acknowledge those for implementation. This happens mostly when the device does not support all or a subset of EAS policies being implemented by the Exchange Server Administrator.
If you bring up the EMS command prompt and enter the following command, you will see the following output (similar to what we saw above in IIS Log):
Output of “Get-ActiveSyncDeviceStatistics -mailbox:johndoe”: (truncated)
RunspaceId : f0323f7c-b3a6-4102-ab5b-d1df0464e318
FirstSyncTime : 8/31/2010 8:38:34 PM
DeviceType : Android
DeviceID : validate
DeviceUserAgent : Android/0.3
DeviceModel : Android
DeviceEnableOutboundSMS : False
Identity : contoso.local/Test/John Doe/ExchangeActiveSyncDevices/Android§validate
Guid : a5750d0c-189c-4ccc-9b22-e5c87845f5c0
IsRemoteWipeSupported : False
Status : DeviceOk
DeviceAccessState : Blocked
DeviceAccessStateReason : Policy
DevicePolicyApplied : Corp
DevicePolicyApplicationStatus :NotApplied
DeviceActiveSyncVersion : 12.0
NumberOfFoldersSynced : 0
We have seen this issue mostly with devices using Android 2.1, users who have been able to update their devices with Android 2.2 somehow, stopped running into this issue, without making any changes on the server side.
I contacted HTC Support (on 9/28 via http://www.htc.com/us/support/e-mail) about this issue and they responded (like other users have reported here), please keep in mind this can change at any time in future, so please contact HTC Support directly for updates:
"At this time we do not have any Android based device that will sync with an Exchange 2010 Server. We may provide future Android devices that do offer this. However, as there is currently no release information for any upcoming devices, we encourage you to continually visit HTC’s product page at http://www.htc.com/us"
While working on this issue we also discovered that Android provided limited support for EAS policies and is working to continually improve it in their upcoming versions. For more information, please see related posts below. Again, this information is subject to change at any moment, so please refer to Android website (http://code.google.com/p/android/issues/list) for current info.
1. http://code.google.com/p/android/issues/detail?id=9426 : "we only support the basic (EAS 2.5) features in Froyo. So if your server requires, for example, password history or expiration, or complex characters, then it won't be provisionable in Froyo. Our goal is to provide more policy support in future versions, but for now we support - password (PIN/alpha), minimum characters, max. fails to wipe, inactivity timeout, and remote wipe.”
2. Exchange Device Password policy not enforced when "Allow non-provisionable devices" is selected: http://code.google.com/p/android/issues/detail?id=8601
Fix for this issue is in the Android 2.2.1 Update, released recently (for Nexus One users, may not be available thru other service providers at this time, contact your service provider for any updates that they can provide for your device), Android now implements the policies it can rather than ignoring all policies and thus it can successfully sync with the server.
Hope this helps!
Hi
I am interested in moving from my iPhone 4s to the Nexus 4 but had a question about activesync before I take the leap.
I have a Nexus 7 and that won't play nice with my work exchange account. The message I get is "this server requires security features that your android device doesn't support including xxx.xxxxx.xxx".
One of the requirements my work place has is that I must have a 4 digit password to lock the phone down and that must contain at least 1 number and 1 special character. This must also be changed every month.
I have no issues on my iPad or iPhone where everything syncs nicely but for some reason the Nexus 7 simply won't setup my work emails.
My question is, is the Nexus 4 likely to play nice or will it be the same as the Nexus 7?!
Any advice greatly appreciated!
Thanks
PS. My IT department won't help at all so no point me asking them to amend any settings on my account!
I don't really use Exchange but since the Nexus 7 runs the same Android version as the Nexus 4, I suspect that you will run into the same problems the Nexus 7 has.
Well I took the plunge and unsurprisingly I am getting the dreaded error message (as per first post). I have managed to sync with touchdown and below is a copy of the clipboard when all the settings were being tested.
Checking Certificate...Checking to see if server is self-signed :https://xxx.xxxxx.xx
Server cert IS trusted, disabling accept all certsChecking ActiveSync with SSL...
Server is Microsoft-IIS/6.0
ActiveSync was found
ActiveSync Version :Versions:Microsoft-IIS/6.0,1.0,2.0,2.1,2.5,12.0,12.1
Trying activesync protocol 121...
ActiveSync provisioning returns HTTP:200
ActiveSync provisioning success
The following policies have been requested :
- Allow Simple password? No
- Alphanumeric password
- Min Complex 1
- Password/PIN required
- Failed Attempts 4
- Min Length 4
- Timeout 300 sec.
- Expires 90 days
- History 8 entries
- Password recovery
- Max Email download size - 5120
- Email history 7 days
- Calendar history 30 days
Refreshing AS folders
Enabling PUSH
Given the above does anyone have any idea at call why the stock email won't sync?
Really love the phone but need to get this to work or I'm going to need to go back to the iPhone!
Any help appreciated.
Many thanks
Tarik
Hello guys, i need some help i just bought a Note 3 to my wife, her old phone was and iphone, there she has her exchange company email working good, now when we try to setup the account on the Note 3 always show me "Verification Fail", im working on same company so we use the same server and mine sync good, could be something related to the iphone that not aloud to provision the Note 3, thanks in advance
Depending on your corporate environment, you may need to setup the connection manually instead of letting it auto configure the settings. The exchange server I have at work has to be configured with DOMAIN\Username for it to work.
Exchange also has a limit of 10 mobile devices (at least 2010 does) so if you have connected a lot of devices you may need to log into OWA and delete some of the connections.
Lastly don't try to many times you will lock out the account if you domain has a lockout policy. The only way to get it unlocked is to either wait the time allotment from the lockout policy and try again or contact your system administrator and have them unlock the account.