I noticed something interesting today. I changed the certificate for my mail server from z.net to a.com (moving domains - long story). The mail server that is listed in the email client (using built in email client - not the gmail app - with ActiveSync) is z.net - however the email client is not complaining that the host in the SSL certificate does not match the server name. Which had me thinking - so I installed "Packet Capture" and started to capture (and did NOT install the generated certificate into the trust store - which makes the certificate an untrusted self-signed certificate which could be used in a MITM attack). Android email happily connected and checked for email. Opened up the browser to browse the webmail and it complained that the certificate is not trusted (as it should).
I'm not an expert of ActiveSync by any stretch but is this a "feature" of ActiveSync? To ignore SSL verification???? I also use Outlook 2016 and it did prompt about the certificate mismatch.
I fired up an old phone that was using activesync with the gmail app and while it did not seem to update - it also did not show any certificate mismatch errors. Outlook for Android also seems to ignore the certificate mismatch.
Am I missing something really obvious?
(This could be a wider Android issue - but I found this issue specifically on my V20)
Related
I'm trying to synchronizise with the exchange server at my work.
But for some reason it doesn't work. I've filled in everything in the right way (address, domein etc.) the fault code is 80070002.
Can somebody help me with this?
same here at home (no firewalls)
Works fine for me. Exchange server needs just some configuration.
Priit said:
Works fine for me. Exchange server needs just some configuration.
Click to expand...
Click to collapse
What kind of configuration?
First, your Outlook Web Access (yes, OWA!) can not use forms based authentication nor SSL encryption. If you don want to use these (you most probably want to use SSL) then you need to create another virtual OWA directory without SSL and force ActiveSync (and Outlook Mobile Access) to use it.
More information at
http://support.microsoft.com/default.aspx?scid=kb;en-us;817379
Check if you can access OMA (Outlook Mobile Access) using http://yourserver/oma and check also Exchange server logs.
I thought this wasn't supported on WM5 until AKU 2.0 comes out (hopefully soon)
So ur saving I have to turn Forms authentication off and ssl off on OWA for my mobile device to work ?
sounds a bit of a poor show.
I need Forms based auth ideally as it goes through firewalls where as the other type does not.
Ours works here and we use SSL.
For the server name make sure you are using the fully qualified domain name that you use from the internet. IE: mail.domain.com. You don't have to put the /exchange on the end.
username, password and domain are all the same as what you use to log in.
OH, and the certificate you use on the server should be for mail.domain.com and not servername.
Hope this helps.
@spartanrob: DirectPush needs AKU2.0. You have always had possibility to sync manually. Or if your operator provides e-mail to SMS then you have the same functionality already today.
@Karzi:
No, I'm not saying you have to turn off SSL and/or forms-based auth., but you need to create another virtual OWA directory, which does not require SSL and forms-based authentication. You can limit access to this directory to localhost only so there will be no security concerns.
@MrHappy:
Your server is probably set up in that way.
Please go read this it helped me with the same error
http://hardware.mcse.ms/archive35-2005-11-248477.html
Basicly says that you have to download the cert from https://server.domain.com/certsrv then install the certificate on your desktop and your handheld then activesync will work....
I was hesitant but it worked for me.... it changed the path in the cert from my ip to my server.domain.com
All need some help. I'm trying to utilize the Push Mail technology. I have set up to sync with an exchange server correctly, however within our company we use certificates to authenticate. So I expported my certificate and imported it into my 8125. When I go to look at my certs in my 8125 I see that it imported successfully. Now when I try to sync it asks for the password and it comes back with an error code of 0x85030028 (cannot obtain a valid cert). Now if I use my PIE and go to the OWA which utilizes the cert as well it sees it and authenticates just fine. For some reason activesync isn't seeing it. Any ideas how to fix?
Geno
From what I know, you can't use certificates with Push email. You have to setup a new virtual site on the server running OWA called it Exchange-PPC or something and have it set for Intergrated Authentication, then you would configure your device to hit the new site like http://www.site.com/exchange/username or something like that.
There's a little more than just setting up the site, some registry changes, check Microsofts site for the error number, you'll find a KB document explaining how to setup the Virtual Site for syncing with your device.
I would like to kno if anyone in xda was able to address the problem with the wm5 client address on a forum i read about, i beleive i am havin the same problems
"the Pocket tv team"
we found a bug with the Windows Mobile Email client that prevents using
certain SMTP servers.
i suspect the bug is general to all Windows Mobile devices including Pocket
PCs, but we only tested it and confirmed it on the Motorola Q (a Windows
Mobile 5.0 Smartphone).
the bug prevents using some login names on SMTP servers (i.e. outgoing
email) that require a user name DIFFERENT from the POP3 ou IMAP4 server
(i.e. incoming email) and when the login name is something like
'[email protected]' i.e. when the login name contains an '@' sign.
this type of server login name is common on servers that use shared domains
on a single IP address, and this is a common case. in this case, since
there may be several users with the same name under different domains (on
the same server), the correct user is identified by using the domain name
with the '@' sign.
in fact i found that bug by trying to configure the Motorola Q to use one of
our email servers to send my email.
what happens is that the Smartphone email client removes the @ sign and
everything that follows it when loging to the SMTP server - we confirmed
that by looking in real time in the log files produced by our SMTP server.
i am not aware of any workaround.
the problem does not happen when the SMTP server uses the same login name as
the POP3 or IMAP4 server (in that case, the login name can have an "@" sign,
and it is handled correctly). the problem only happens when the SMTP server
uses a different login, and that this different login has an "@" sign.
once again, MSFT was apparently trying to be "smart" i.e. they assumed that
the @domain part in the login name of the SMPT server was entered by mistake
by the user, but being too smart is not always a good thing.
note that using fully-qualified user-name that include a mandatory @domain
part is very common and even google's gmail uses this, as you can see in the
'Account Name' section of
http://mail.google.com/support/bin/a...y?answer=13287 .
if you use gmail to both receive and send email, it will work, because the
POP3 and SMTP servers use the same login. but if you want to use gmail just
to send (i.e. SMTP), and use another server to receive (i.e. POP3 or IMAP4),
then it won't work, because of that bug.
this is a pretty serious problem.
also, the IMAP4 client configuration does not allow to specify the remote
directory (in the user's account on the IMAP4 server) where the IMAP folders
are located, which may be different from the default login directory. This
renders IMAP4 completely un-usable in some cases.
Of course those bugs are not new to Windows Mobile 5.0. It's just a shame
that MSFT never fixed them.
Click to expand...
Click to collapse
I have always been able to succesfully connect to the exchange server via activesync, whether it be via GPRS or USB. Now I can't, I keep getting the http_500 error.
I have checked and I can log into the exchange server via OWA in either http or https. Have changed my phone to use SSL, not to use SSL, nothing, same error.
Looked at Microsoft's explanation of having a duplicate smpt address, but it can't be, as the server is running Exchange 2003 SP2, so I can't configure or look at the server. I also can't ask IT, as they don't know I have access and even if you ask, they won't know, as mobile devices are not yet supported.
1 - The Exchange Server has to be configured to allow Mobile Devices to connect.
2 - The Exchange server has to be configured to allow push mail
3 - I think you need to install a certificate on the PPC (using enroller, or just copy/paste the **.cer file and open it)
Maybe you don't need the certificate when NOT using SSL, but I think I remember I couldn't get it to work without... So I installed my certificate on my PPC and HAD TO use SSL to get it to work.
However, ...If you cannot even check whether your Sysops allow pushmail/ActiveSync, you are in dire straits.... You have to know that info.
Since I've had this phone I've failed to sync with the Sync Centre. It just results in errors every time.
However, because I will be syncing everything that will be on my exchange server, how can I set up this exchange server on the X1? I don't mean the email address only, I need it to connect to my exchange calender, contacts, mail - everything.
I sync to my exchange server via mail2web with no problems - keep in mind if you are syncing to a pc as well you need to select only one location for calendar & contacts.
Isn't it possible to put in the exchange server details directly into teh phone without using 3rd party software?
Is it true that vodafone have removed the exchange feature from their handset?
I'm getting this error.. 0x85010014
Jammy2 said:
Isn't it possible to put in the exchange server details directly into teh phone without using 3rd party software?
Is it true that vodafone have removed the exchange feature from their handset?
Click to expand...
Click to collapse
you don't need 3rd party to set up exchange activesync, it's out of the box.
Jammy2 said:
I'm getting this error.. 0x85010014
Click to expand...
Click to collapse
this is relating to the SSL. Either you have setup an activesync w/o SSL connection, or your PDA clock might be wrong that makes the SSL certificate invalid.
That's assuming your exchange server side is okay.
I've just discovered that everything part from mail will sync if I don't specify my exchange in Vista. When I do that's where the errors show up.
As for exchange on the phone, I will get "network waiting" when I disable SSL. This actually appears to be an issue with many WM devices. What do you mean when you say my clock might be wrong?
The simple Version:
Authentication inside of Active Directory runs over "Tickets" for every User. If the clocks between 2 Ressources are too tifferent, the Ticket becomes invalid, cause the time is an important component of the encryption.
The savest way is to let the phone sync its clock with the exchange server - after Active Sync configuration
For doing this you only need working SSL-encrypted "Outlook Web Access" and your Exchange account have to be "Active Sync"-enabled (an admin has to do this).
Windows Mobile shows you all information yout need to set Active Sync up.
Ah, so the exchange server needs to be active sync enabled?
At the moment I am syncing everything from outlook on my pc, not directly to the server as the device was designed to do
Mine works with my Exchange 2007 server without a problem, out of the box. I just entered my server address, my domain username and password.
Are you sure the server is set up correctly. The exchange server has to have OMA (Outlook Mobile Access) set up. Are there any other devices syncing with the server correctly? Is port 443 open?
Something to note I had to install the security certificate of the server on my phone before it could sync.
I use mine with an Exchange 2007 too. After installing the server
all the necessary features are turned on automatically:
- OWA (Outlook Web Access - website)
- OMA
- Active Sync user role for every account
The OWA-website has to be accessible for public. And the server certificate (for SSL) has to be installed if it is selfsigned
(it is if your browser shows a certificate warning on computers
outside of the company network). Copy it from the browser to
your phone and (double)click it for install. Alternativly ask your network administrator for help.
If the cert is bought from an official worldwide trusted cert
seller like thawte or verizon this should not be neccessary.