I have searched and searched for an answer to this problem and have not been able to find anything. Hopefully someone here has run into this before and might have an idea or solutuion. Her is my problem.
I have two exchange servers (2003 SP2) on of which is a front end server handling OWA and OMA. We sync about 18 Windows Mobile 6.1 devices over the air using OMA. We are using SSL. All of our devices have random problems connecting to the server. They will sync fine most of the time but will randomly for no particular reason ask the user for their exchange password. We are not enforcing any password policies on the server and we are always checking the box to save the password. In order to get the device synching again the user has to re-enter their password multiple times and often has to kill and restart activesync on their device.
Any ideas as to what might be causing this?
Any help would be much appreciated.
You could try unchecking the box in Activesync on the phone that requires SSL. We use SSL as well, but we have to uncheck that box on the phone. Although our problem is that the phone never syncs when its checked as opposed to your problem of randomly not syncing and asking for a password.
Unfortunately that is not an option. Our SSL is required for authentication. It will not connect without it. It seems like what is happening is that the device is not always passing the credentials to the server. Usually when it asks me for the password I enter the password once making sure I check the Save Password box then when it asks me the second time I hit cancel. ActiveSync then gives me a could not authenticate error. Now if I just hit Sync again it goes through and works just fine without asking for the password. So my guess is that it is not passing the credentials until after the connection is reinitialized.
From what I understand, Push Email relies on the OMA functionality which uses IIS. The problem my lie there. Although I've never tried, you may have to uninstall/reinstall (or confirm) that the OMA part of Exchange is functioning correctly. Sorry I can't be of more help.
Do the log files on the server show anything when a phone can't log in?
No, the exchange logs don't show much. I almost think it might be something with the device configuration. At this point I just don't know. We will be migrating to Exchange 2007 sometime in the next few months. Hopefully that will resolve the problem permanently. I was just hoping maybe by some chance someone here had seen this problem before. Thanks a bunch for your help.
Is the FE server doing the authentication (NTLM) or is there an ISA server in the way configured with Forms Based Authentication? You should make sure the IIS virtual directory for OMA is set only for Basic Auth - and the following article might be worth a read.... http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1188440,00.html
Hope that helps - good luck!!
Mark.
^^^What he said. Took the words right out of my mouth. You'll still be secured through the SSL certificate, even though you're doing "basic auth" you aren't exactly sending your password as clear text. Requiring SSL on the OMA site will automatically encrypt the connection so you have no need to worry.
Try it out and get back in here. I manage a site with about 50 WM 6.1 Black Jack II's that sync with Exchange 2007 with no issues whatsoever. Also verify that you have all your hotfixes related to OMA installed on your Exchange 2003 server.
Related
Ok...I set up an account with web2mail's exchange server...i upgraded to summiters 2.17 rom to enable push email.....and it all worked great up until now(a good month at least). Out of nowhere I couldn't sync with the exchange server over gprs but it would work fine when i was syncing through usb or was connected to the internet through 802.11. It says synching folders and then stops and just displays the last time it synched through other means, i click to check the status and get the error code 0x80072f17. I have checked my gprs settings and have no problem accessing the internet through internet explorer. I noticed another odd thing...I soft reset my device and my recent programs were still listed under the start menu after the reset, normally these would disappear. I though maybe i need to do a hard reset so I went ahead and upgraded to the 2.3 cingular rom on this site hoping that would fix it. But it hasn't, I have the same behavior with the exchange server and the recent programs list (not sure if they are related but..). Any help would be greatly appreciated.
Thanks
AG
DirecPush E-Mail works by maintaining a constant HTTP stream to the Exchange server. What might be messing you up is the Cingular proxy, which I believe might interfere with this HTTP stream.
If you haven't tried it yet, disable the proxy and try again. If you have, then I'm barking up the wrong tree.
Thanks for your response DonnieZ but unfortunately i have already disable the proxy and that didn't help. As an interim fix I have resorted back to XPress Mail and now I remember why I wanted Microsofts direct push to begin with....because it is terrible....
Has anyone else had this problem?? I don't know if anyone has a solution but I would feel a little better if i wasn't the only one with the problem!
AG
Update:
It appears that cingular has blocked encrypted connections on their media net plans because they want to charge you more for ecnrypted push email as they are releasing AKU2 this week.....just a heads up
had similar situation... resolved by selecting to use unsecure address for mail2web exchange in device, e.g http:// in place of https://
and unchecking "this server uses a secure connection" in activesync
hope this helps
Cingular, WM5, and SSL
I'm using SSL for my Exchange connection, using AKU 2.3 (Mr Clean), and Cingular.
Couple of points:
1. Mine works, so much for the Cingular SSL theory.
2. To use a SSL connection for Exchange, the ROOT certificate for the authority has to be in the trusted list on your device. For example, a root certificate for Equifax was in the list on the device by default, but the actual Equifax root that issued the cert for our ActiveSync site was not. I extracted that root cert and added to device before setting up sync, works like a dream.
3. WM5 does not support Wildcard certs by default. (*.mymail.pfm) To enable wildcard support, create the following value in the registry:
HKCU\Software\Microsoft\ActiveSync\Partners\{GUID OF SERVER CONNECTION}
"Secure"=Dword 0x000001)
The GUID should be easy to figure out, it will be the one with the values referring to your Exchange server.
Hope that helps.
Oops
My bad, the value for the key is "0", the "1" blocks it.
Sorry.
Might be your password! At work we have a 90 day lifetime on our domain pasword policy, when we get into the last 10-15 days of that password lifetime you get a message when logging into your PC that your password is expiring soon. When this happens, I have the same problem as the original poster, but, when I change my PW on the domain and then change it on my Wizard, I can sync just fine again. The only thing that I can think of is there is an extra bit of data coming down the pipe with the password exchange notifying of the expiration and it is messing with the sync. This has been verified twice with my account and once with a manager's xv6700.
mail2web ssl
I am using T-Mobile GPRS and free mail2web account. Direct Push and sync over GPRS had been working perfectly over the past months.
However, service quit last Friday or so (notice the date in ageezee's post!!!). Same here: Sync over 802.11 works with the very same server settings. Over GPRS only Error 0x80072f17.
Contacted mail2web service. Recommended restart, disabling of SSL and activating SSL again. Didn't work.
Got Direct Push and sync to work over GPRS after disabling SSL permanently. Might be a mail2web server problem. Still waiting for another reply from service.
I have an 8125 with Summiter's 2.3 Rom installed. I am trying to establish a connection to my exchange server which is hosted. When I enter the server, user ID, password and Domain info correctly, activesync keeps prompting me with "Please correct your Exchange Server password"
My provider insists that the settings were correct on their side and their crack tech support staff told me that WM5 has problems storing the password. They said that the only thing to do is to keep deleting the server connection on the device and recreating it.
Through this persistence, I was able to get it configured once. It was syncing (with push email) for most of the day... until I connected the device to the PC with the USB cable to charge it. Then Activesync on the PC kicked in and the password prompts began.
I have deleted and reconfigured the server on the device in excess of 20 times now with every combination of soft resets in between to try to get this resolved.
Any thoughts? Your help is greatly appreciated!
***EDIT***
email host needed to create a pre-NT4 alias for the userid due to the naming convention ues by our company in their provisioning console. Therefore once I found out the alias the config was a snap. working perfectly now! Thanks.
What tech support for your host meant to tell you is that they do not have a clue what they are talking about. I support numerous WM implementations using AUTD and Push email with WM devices of all flavors that support one of those options (2003, 2003se, 2005) and NONE of my customers have to continually put in ANY information to keep syncing.
It is true that using the special sms tickle method of pull on 2003 devices does sometimes hang up and have to be restarted manually but even then you should not be asked for information you already saved about the connection.
Find a new mail host.
Well, since you have no problems setting up "WM implementations using AUTD and Push email with WM devices", I would love to hear your thoughts on why I keep getting a password prompt over and over again with the message "Please corrrect your exchange Server password".
Using Cingluar 8125 with stock 2.25 ROM.
Mobile services are enabled under ESM
Pre-2k alias is set in the username
SSL is installed on the server with front end virtual directory
I have disabled certificate checking on the device itself by hacking the registry on the device since I'm using self singed cert
Exchange SP2 is installed
Activesync on the PC with USB works like a charm
But, trying to sync over GPRS/EDGE with the exchange server it keeps prompting me to correct exchange server password which I know it's correct since I administer the server myself.
I've seen NUMEROUS posts about this issue but no one seems to have the answer.
This is driving completely bonkers
You say you can sync while connected via USB to a computer but you do not specify whether that computer is INSIDE or OUTSIDE your network. So I am going to assume it is INSIDE, and bet that were you to try the same test from OUTSIDE your network it would fail just as it does using GPRS. If so the indications point to incorrectly putting in your user name/domain information and not the password itself.
I assure you, the domain\username and password combinations are quite right. It's DOMAIN\username and then the password. I mean you can't really get away from that format when you enter the information in the pocket pc or activesync on your pc since it asks you for the domain and the username and the password. I can however login to webmail and oma through the web browser using the exact username and password.
Any more thoughts?
I have no more thoughts until you answer the question I asked. Can you sync while connected to a computer that is OUTSIDE your network?
When putting in your information on the mobile device, in the username field if you are putting domain\user you are wrong. That box is USER NAME ONLY.
Let me start over again. No, usb or gprs outside doesn't work. And yes, the username is put in as just the username with no domain\ in front of it. Activesync substitutes the domain from the domain field as domain\ is what I meant.
So it doesn't work from outside no matter what the connection. Again, the problem is the domain reference. We just have to figure out what is wrong with it.
From outside your network, can you access Ouloook Web Access? If so, EXACTLY what is the URL you use?
I'm using https://servername/exchange
I can also user https://servername/oma from the phone and it works too.
I would really like to see https://servername/exchange work from outside your network. I am interested to know how you got a NETBIOS name to resolve from outside your DNS zone over the internet.
Please read the question asked before answering so I can stop asking you the same thing twice. I asked you:
From outside your network, can you access Ouloook Web Access? If so, EXACTLY what is the URL you use?
Click to expand...
Click to collapse
Your answer might work inside your network but no way will it work outside. And if you are afraid that advertising your domain name will compromise your Exchange box you should just shut it down anyway.
Ok,
I'm REALLY trying to be tolerant here. Unfortunately, I'm starting to reach the end of my patience. You and I BOTH know that I'm not advertising my NETBIOS name on the Internet. We BOTH know EXACTLY what I mean when I say https://servername/exchange. It means a URL accessible from the outside which points to the server via NAT on our firewall and then /exchange. So, here's the URL:
https://mail.glaucomaexpert.com/exchange
When I say that webmail works, I REALLY REALLY mean that it works. I'm not making it up. If you don't know the answer or if you are not sure of the answer, just let me know. That's no problem. I'm really starting to think that this issue is due to the registry hack on the phone to remove certificate checking.
Unfortunately, I'm using a self generated cert and I've tried using the .cab method to import the cert, that didn't work. I simply copied into a file (DER encoded) and tried to import it no workie either. I tried copying as a Base-64 encoded, copied to the phone and when I tried to import it said it was unable to access certificate. Before I disabled certificate checking, it wouldn't accept the certificate. So, now it accepts it but it keeps asking for the password.
I have gone over the exchange settings over and over and over again and I'm simply not seeing anything wrong.
So....here's where I am.
Great. Thanks for answering the question. So in your server configuration fields you are filling in those blanks like this:
Server Address: "mail.glaucomaexpert.com"
User Name: "jdoe" or whatever your user ID is
Password: "Password1!" Your CaSE sEnsiTIvE password
Domain: "myeyessuck" your internal NETBIOS domain name which may or may not be the same as your FQDN
Does all of that sound like what you are using? If you feel more comfortable PMing the information then thats fine. But your settings should resemble what I wrote.
Are you forcing users to use SSL for Outlook Web Access? If so, you might try turning it off TEMPORARILY and test syncing without requiring SSL to eliminate the self signed cert possibility. I won't be much use troubleshooting that as I get my customers fo flip for a Thawte certificate to avoid untrusted root cert authorities.
That's exactly what I'm using:
Server Address: "mail.glaucomaexpert.com"
User Name: "jdoe" or whatever your user ID is
Password: "Password1!" Your CaSE sEnsiTIvE password
Domain: "myeyessuck" your internal NETBIOS domain name
Under secure communications I do not have require secure channel checked.
I just enabled http(port 80) access to the exchange server and it's working like a charm.
So I guess it's still a certificate issue. I guess disabling certificate checking is not doing the trick but instead cause more problems.
I really wish I could import the self signed certificate. This really sucks. Your help is appreciated. Thanks. I should had tried this before. I just assumed this registry hack wouldn't have any bearing on it originally.
@deeztech - I'm also suspicious of the registry hack to disable the certificate checking. This worked for me in the 2003 days with my client's Blue Angels but I've never been able to get it to work with WM5. I have numerous Exchange 2003 servers that I maintain here in So. Fla and they all have self generated certs. I use MMC and add the Certificates snap-in. From the Trusted Root Authorities I'll right click my certificate - all tasks and then export to a Der encoded x.509. Copy to my storage card and execute it from there.
Of course it sounds like your certificate is installed correctly as your logon to OWA and OMA are working which is why I suspect that reg hack you mentioned.
I did read on exchange-experts to check the authentication on the webserver....
Curious if it's just your PDA or are there others with the same issue?
Glad you narrowed it down. Unfortunately I don't have a magic bullet for the self signed certificate piece but I do have some suggestions for you.
1) Enable forms based authentication: http://support.microsoft.com/kb/830827/
2) Require SSL for access
3) Unless you intend to offer services you might turn off the default website at https://mail.glaucomaexpert.com/
If you are interested in a cert from a trusted CA check out Thawte, where you can get an SSL123 certificate in just a few minutes for as little as $149: https://www.thawte.com/process/retail/new_ssl123?language=en&productInfo.productType=fssl2
My company runs an exchange server for email, and I was wondering if anyknow knows how to connect to them, using the mogul. I went through the setup on the phone, with no success...Are their any additional steps required to connect to the server when you are not on the same network as the server?
Missing Certificate ?
I think you'll have to install the certificate from your Mailserver on the phone to get it working.
Do you get any active-sync error code when you're trying to sync ?
In general you get an error-code in ActiveSync which is telling you what's wrong...
IMHO the best idea would be: aks your IT-Stuff in your company
you need to add a server in active sync with your companys exchange server addy and your username/password
To be clear you need to enter your companies OWA server address. At most small companies this is your Exchange server and at most large companies it is your ISA server.
Example:
You access OWA using https://exchange.mycompany.com/exchange
You enter: exchange.mycompany.com in the activesync settings and you use your username, password and domain to authenticate
You also need to make sure Outlook Mobile Access is enabled on the Exchange Server and on your Exchange Mailbox. You will need to contact your IT Admin to verify these settings.
I'm in the same boat as the OP. I had been trying to hit the mail server directly or via VPN, with no luck, probably due to no certificate. Never thought about OWA. I set this up as indicated in the prior post, and checked 'Tasks' only (just to run a quick test), and it sync'ed fine. I then checked email and calendar, and now it takes me to a company sign-in web page (same page I encounter when using web access to OWA). Weird thing is the page is in the ActiveSync window and does not appear to be rendering correctly or completely (e.g. no 'submit' button). Nonetheless, I sign in and click where the submit button "should be" and the page goes away and it appears to start syncing, only to take me back to the sign-in page again after 15-20 seconds. Any suggestions on how to get past this point? I've tried logging in to OWA from IE, but ActiveSync still brings up this sign-in page. And yes, I've got my userID, pswd, and domain properly set up as well. Thanks.
BTW, my company IT won't help because they only support handheld access for specific company-issued devices.
try using mail.yourcompanymailserver.com/oma
its a lightweight version that handles easy in mobile browsers (only if your IT guys have enabled it)
as for the OP your exchange settings could vary depending on how your admin set it up, ssl (requiring a certificate) or not. to get the certificate from your company you can dl it from the server mail.yourcompanymailserver.com/cersrv
you log in using your mail credentials and you select download certificate chain and select a der 64.
save it to your phone and just install.
chances are though if your company is using a lot of treo's they dont require ssl because you can't install self issued certificates on them (good work palm). so if you want to ask your IT guys their setup and post it here i can try to walk through it with you.
this is my situation and how i got it to work.
Although i tried to internal address of 1x01po2s.domain.name, that didn't work.
I thought about it for a while, and reasoned if i can access my companies exchange server outside the network through a http://mail.domain.name address, then maybe that'll work hahaha
BAM! it did and now it works perfectly fine. Conincidentally, since i started trying to get this going last week, i emailed a few guys i know and the last one who got my email (it was forwarded to try to solve the problem) said that because of security policies, i am not allowed to do this. Ooops!
Here is a quick run down of my settings:
server address: mail.domain.name
ssl is selected (checked)
username: exchange/nt workstation login name
password: user password
domain: network domain (we have different domains)
save password is selected
under advanced you can select whatever options you like
next select e-mail, and any other options you want
and you're done!
I also enabled the push email icon and get my email regularly on my phone throughout the day.
Well, i hope that this helps some of you out.
server address: mail.domain.name
Click to expand...
Click to collapse
just so folks know there is no standard for this, its whatever subdomain your company decided to put OWA on, for my company its webmail.companywebsite.com
best thing to do would be to ask someone in your company how to access email from outside the office using internet explorer, thats the address your lookign for
Sprint mogul (Titan) WM6.1 Rom update killed exchange server activesync
(Sorry in advance for the long Email) I purchased a Mogul from RS about three weeks ago. For the first week, it worked great! I logged into my company exchange server down loaded and synced email, cal,contacts,tasks ... was very excited. I also got very excited when I started t read threads in this blog .... it seems like there are some pretty smart members maybe someone can help!!
Noticed that there was a new Rom (Sprint TV and improved connection) installed the ROM.
Have spent endless hours with HTC technical support, sprint technical support (not an appropriate name). At times managed to get the email to load but never again Cal, Tasks, contacts. Always able to get sent emails to load (by checking option) . I'm left with a couple of alternatives (any others would be greatly appreciated (actually I really like this phone but I need my email,schedule,etc to work) The error is 0x8503001C there is no exact description about this from MSmobile it seesm to be an awh**** code. Searching on the web provides 1000s of hits unfortunately not just my issue.
o Go to an early Rom WM6.0. So far it seems like to do this I need to unlock the phone then flash the earlier rom?? Since no SIM card I need to hack the registry?? There are several products out there which is best (I do not mind paying for somethng that works well). I down loaded several "Oficial ROm versions ... unfortunately did not write down the number of the one the phone came with.
o Find some way of getting this thing to work well to keep the extra features
o My grace period ends in a week ... cancel with Sprint go to Att but there is not a 3G phone I like ... only Iphone ... it has issues for exchange server??
o I got my wife a Touch at the same time (it runs WM6.1) same issue. Downloaded once my corp email no cal, etc.
o I was told that this Rom was cooked up by MS & Sprint what a disaster
Please, please help ... Thanks in advance
Scurfer
Exchange email and Skype not working after Upgrading Sprint Touch to Wm6.1
The Exchange activesync died at connection and never can sync my company emails after I upgraded Touch to 6.1 Sprint/HTC ROM. Skype also does not work, no sound after first ring, even with 2.2.0.45. I like the GPS and Rev.A speed, and do not want to risk downgrading the ROM. Anybody encounter ssimilar situation?
I am trying to configure Microsoft exchange server to get my work emails on my universal.however even though i have my setting all ok,and pda is connecting to internet,no emails are being downloading.
I am getting message that folders have been synchronized but email are neither being sent and received.
tried to speak to my works IT guys who are insisting all settings are OK.
funnily enough i configured my pals pda ,who happens to have a universal like me but using a different phone company ,and all worked beautifully.
when i contacted my phone company they said that all is ok from their side,but I still am not succeeding.
any idea guys?
I think they should enable a certain service. With me all worked fine untill a partly HD crash, now I can still get e-mail into Outlook, but not to my PDA any more. I believe it has to to with Public Directories. At least that's the part what's wrecked in my server.
Good luck!
Bas
OP, I'm assuming you are referring to DirectPush, I would double check with IT that you have your account enabled for User Initated Sync, and that you have all options configured identically to what IT gave you. Specifically, it could be that your company is using SSL and you have yet to export the certificates that are needed to your phone, rendering it unable to sync.
Urthwhyte is right about the ssl, installing it is a simple as accessing the certificate file though your file manager. You might also be experiencing the same problem I am, where your service provider doesn't accept your businesses certificates (doesn't apply to wifi connects).
If you really want it to work and you don't care if ppl pull the data off the air, you could disable ssl if it's not required.
I picked up the focus yesterday and have run into an issue syncing with Outlook/Exchange Server 2003. I receive the error code below after the email account setup runs for a bit, I get contacts and calendar entries, then a few emails before the error is returned (everytime I try to sync later as the msg suggests). I tried finding the error code referenced on MS Support/Forums, AT&T Samsung forums, and even xda developers with no luck.
I did try a hard reset (from settings) and then recreate the account and I tried removing the hub on the start screen and then deleted the account and recreate same error every time.
Samsung Tech Support suggested that I add the same Certificate on my Server to the phone, Did so - still, no luck.
Anyone see this error/issue?
Outlook Error
Not Updated
We're having a problem syncing your
information. Try again later.
Last tried about a minute ago
Erro code: 8500201C--------------------------------------------------------------------------------
Mine has worked flawlessly. Sounds like you did everything I would have suggested except return and get a replacement phone.
I had that problem. the cause of mine was to have the SSL turned on. After I created the account, I went to setting>email and choose the outlook account, clicked on advanced, then scrolled down and uncheck the SSL checkbox. All worked perfect after that. although I guess I am not super secure.. but anyone that wants to hack and read my email.. feel free pretty boring.
It is obviously a software issue. How can a replacement phone solve any problem.
If your exchange server does not use public certificates (the ones that your company has to pay for), or the certificate comes from some publisher that WP7 doesn't know about, it will be touch to set it up. For one, import the server certificates directly does not work. In the past with WM phones, MS suggests you need to import the root certificate instead. So, see if you can find the root certificate for it.
agreed - was able to get Corporate Store to allow me to try settings on another Focus, with same results.
can see the Folders on my Outlook (some are unique to my Exchange Server), so we know that we are nearly there. little more tweaking, and also, update to a new Server,
but, that might not be for week or so, so if anyone has solutions, would be much appreciated.
I had problems with mine and worked with our Exchange admin. We found it was the encryption part of our policies. Both Device and Storage card encryption parts of the policy have to be turned off. After some research this is correct and expected to be fixed in Early 2011 when Microsoft starts pushing this for business.
Oh it also does not support alphanumeric passwords at the moment:
http://social.answers.microsoft.com/Forums/en-US/windowsphone7/thread/ee2ecd48-89bf-4e8c-b48e-553967517a4d
Here is the one about encryption:
http://social.answers.microsoft.com/Forums/en-US/windowsphone7/thread/7c4329c9-9f51-4184-8f48-5d4bc5c6269e
cwiley2566 said:
Oh it also does not support alphanumeric passwords at the moment:
http://social.answers.microsoft.com/Forums/en-US/windowsphone7/thread/ee2ecd48-89bf-4e8c-b48e-553967517a4d
Click to expand...
Click to collapse
That is really strange because my HTC Surround took my alpha numeric password just fine for my exchange email. Haven't had any issues with it at all.
Do you mean a password for the domain or the screen lock password? They are talking about the policy that requires a alpha numeric password (or not allowing simple passwords) for unlocking your screen. Our company allows simple passwords (just numbers) so I didn't see the problem.
We don't have a certificate,and all I had to do was go to advanced and turn off encrypted SSL connection ( I also have alphanumeric and symbol password for exchange)
I am referring to the screen lock policy in Exchange. Of course alphanumeric and symbol passwords for exchange/domain authentication will work.
Installing SSL Cert (quick and dirty)
Email your server's SSL cert to a GMail account. Hotmail blocks the attachment as an unsafe filetype.
Open the attachment and Phone7 should ask you if you want to install. Go back and set up your Outlook account.
Got mine working on Exchange 2003 even after the error messages
This happened to me as well. We have an Exchange 2003 server and what I did was go to "email and accounts" on the phone and went through the proccess and setup everything correctly but still got the error messages.
Now this is what fixed my issue (strange). I got out of the "email and accounts" and went into all programs list and opened "Outlook" , from there I put the settings in again for my account and presto, it just started working and syncing.
I did 2 phones likes this already and it works. Dont ask me how, but it does.
Hope this helps OP and anyone else using Exchange 2003.