Does any one know if there is a way to use your WM6 device on a secured WPA, TKIP, PEAP network when you have your own user name and password to access regular pc.
I'm trying to use my TILT at work and everytime i try to log in it tells me that i need "personal certificate" to positively identify me.
Would it possible to retreive my personal certificate from my work loptop and transfering it somehow to my Tilt?
I really need some help with that, i've been trying this forever.
THanks in advnace
There is a solution here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2434968&SiteID=1
seattleweb said:
There is a solution here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2434968&SiteID=1
Click to expand...
Click to collapse
Did you try this? It sounds like a similar issue but I've never seen some of the screens they are mentioning for login credentials. I tried the registry key but still get the message that I need a personal certificate.
I'm going to try Odyssey's Access client, which is now Juniper I guess.
Juniper Odyssey Access Client works just fine with the Tilt/WM6.
I was able to connect to my company's PEAP/MS-CHAP-V2 network.
If you do a google search with keywords "p12imprt.exe pocketpc" you will find a smal program that allows you to import personal certificates in your Windows mobile.
I hope this helps.
thanks guys, i'll try all the suggestions and'll let you know
I've set up a RADIUS auth server w/WPA-TKIP @ home.... not too hard to config PEAP. I'll try it out this evening and report back the details.
careful if you try the odyssey client, maybe wait to see seattle's results. Odyssey really grabs a hold of the registry. Do an image backup before installing.
FYI...I checked that thread, and checked my registry, and I have that setting they suggest. I am getting the personal certificate error anyway.
The import certificate sounds interesting. Actually I had been told a while ago I needed to do that, and I thought I saw a way natively on my Tilt to do that, but I have no idea how to get the certificate to import. I asked our admins at my office about that, and they had no clue.
Any thoughts on how/where to get teh certificate to import? (Someone said it woudl be on my laptop that I login with, but don't know whre it is there either).
Why not just export your personal certificate from the PC and run it on the handheld, the first time you try to enroll it will ask for credentials.
Works for me anyway.
nybom said:
Why not just export your personal certificate from the PC and run it on the handheld, the first time you try to enroll it will ask for credentials.
Works for me anyway.
Click to expand...
Click to collapse
Nybom...if you can give me any hints on how to do that it would be great. That was my point in my last statements re: the laptop - I don't know how to export it nor does my admins here.
I use Windows Vista at work. WMDC has a feature that allows you to import various certificates from your corporate network. If you are using ActiveSync on XP, I would suggest looking at options there. I don’t have ActiveSync right now or I would look. I have successfully connected my Tilt to our corporate wireless, which is WPA, AES, PEAP. Hope this helps.
Exporting Personal Certificates
Export a Certificate
To export a certificate, follow these steps:
1. From the computer where the certificate was installed, start Microsoft Management Console (MMC). Start>Run>MMC
2. Add the Certificates snap-in to the console.(Ctrl M) When you are prompted, click My user account as the account to be managed.
3. In the MMC console, double-click Certificates – Current User, double-click Personal, and then click Certificates.
4. In the right pane, right-click the certificate that you want to export, point to All Tasks, and then click Export.
5. When the Certificate Export Wizard starts, click Next.
6. On the Export Private Key page, click Yes, export the private key.
The private key is required for the encrypted messages to be read from the computer where the key will be imported.
7. On the Export File Format page, leave the default settings, and then click Next.
8. On the Password page, type password for the private key.
9. On the File to Export page, type the path and the name for the exported certificate file, and then click Next. (save it to your storage card for future use)
The file name has a .pfx extension. This file is the .pfx file that is imported to other computers.
10. Click Finish.
The export certificate file is saved with the name that you specified and a .pfx extension.
To import, use File Explorer, find where you saved it to, and click on it. It will automatically place it in the correct certificate store.
Thank you so much. I was so excited.
But alas, I apparently do not have any certificates on my laptop. ( I say that because when I DClick on Personal, it says "There are no items to show in this view" ). My method of authentication to the wireless here is via AD, and past discussions everyone thought it would have pushed a cert to my PC, but that seems to not be the case.
Although there are a lot of other certificates, a couple of which are issued by my company, in the Trusted Root Certificate Authorities/Certificates folder. Should I try one of them?
ewingr said:
Thank you so much. I was so excited.
But alas, I apparently do not have any certificates on my laptop. ( I say that because when I DClick on Personal, it says "There are no items to show in this view" ). My method of authentication to the wireless here is via AD, and past discussions everyone thought it would have pushed a cert to my PC, but that seems to not be the case.
Although there are a lot of other certificates, a couple of which are issued by my company, in the Trusted Root Certificate Authorities/Certificates folder. Should I try one of them?
Click to expand...
Click to collapse
Yes, absolutely. However, when you ADD the cert in the MMC, it will have to be as a computer>local computer account rather than a personal account. Choose the Base64 option to save as a .CER. Import to your device the same way. You may also want to explore the Intermediate Certificate Authority folder on the MMC for more that relate to your company. Doesn't hurt to grab all that you think relate to your company. Mine ended up having 2 Roots and 4 Intermediates.
Thanks!
Next issue: I have no export private keys page come up, and wehn I get to the final page, keys is set to NO.
In case it makes any difference, my laptop is Windows XP Pro.
I wonder if it could be because somethign is 'locked down' by admins here.
ewingr said:
Nybom...if you can give me any hints on how to do that it would be great. That was my point in my last statements re: the laptop - I don't know how to export it nor does my admins here.
Click to expand...
Click to collapse
I also have the certificate pushed out from the AD. But if you do not have any personal certificates listed in the personal tab I don't know what to do.
In my case I went to "Internet options", tab "Content", chose "Certificates", in tab "Personal" marked the certificate with my AD account name and chose "Export". Then "Next", "Next", "Next"... all without changing anything and then saving the file.
Delta_flyer said:
Yes, absolutely. However, when you ADD the cert in the MMC, it will have to be as a computer>local computer account rather than a personal account. Choose the Base64 option to save as a .CER. Import to your device the same way. You may also want to explore the Intermediate Certificate Authority folder on the MMC for more that relate to your company. Doesn't hurt to grab all that you think relate to your company. Mine ended up having 2 Roots and 4 Intermediates.
Click to expand...
Click to collapse
but how do you import it in windows mobile, aboviously it's not the same way as xp, i got my company's .cer file now how do i install in on my tilt. Also i couldn't find any personal certificates even thouh i use my desk pc and my work loptop.
thanks
ok i installing a certificate on a WM devisce is easy just click on the cert once you transfer it to the phone.
BUt can someone telll me why i don't have my own personal certificate on my work pc and loptop. I log in to both using the same network username and pass with the company's domain selected from the drop down menu.
thanks
I can't answer your question since I've seen the same thing on both of my PCs. One had a personal cert, the other did not. I don't think a personal cert. is necessary. If you have the proper root(s) and intermediates, you should get a log on screen when it tries to connect. Once you login the first time, your set.
Related
I've had no problems to date sending/receiving email with my TyTN and now TyTN II/Kaiser.
However, this morning I discovered that I could no longer do this. Pocket Outlook reports "Error Synchronizing ... check your settings" message almost immediately when I try to send/receive emails.
None of the settings have changed. Just to be sure, I changed "WAP" to "Work" and "The Internet". The last two settings no longer produce an instant error, but the email just says "Connecting..." and then does nothing.
Which makes me ask the question - have Vodafone UK started blocking email? Anyone else having problems? The Internet and other applications can access the net with no problems.
Just tryed vodafone in the netherlands and it works fine.
Which email service?
I would guess its more likely a problem with the mail server.
I have no problems with Vodafone UK and connecting to my company Exchange 2003 server.
Hi freenfast!
I want to connect to my uni's Microsoft exchange Server.
I am not successful though.. and have read and searched!
I get an error message - error / support code - 80072ee2
I am wondering if I need some kind of certificate....
I was hoping to find a way to synch with the Exchange Server using,
1. my PC via a cable,
2. my PC via WiFi,
3. via GPRS when I am out and about,
4. via WiFi when I am out and about.
Should I be able to achieve all of these? OR am I expedcting too much !
Any help appreciated!
Ofiaich
ofiaich said:
Hi freenfast!
I want to connect to my uni's Microsoft exchange Server.
I am not successful though.. and have read and searched!
I get an error message - error / support code - 80072ee2
I am wondering if I need some kind of certificate....
I was hoping to find a way to synch with the Exchange Server using,
1. my PC via a cable,
2. my PC via WiFi,
3. via GPRS when I am out and about,
4. via WiFi when I am out and about.
Should I be able to achieve all of these? OR am I expedcting too much !
Any help appreciated!
Ofiaich
Click to expand...
Click to collapse
I believe if you go to https://(your university mail server)/server.cer in your Pocket IE, you will be asked to save the certificate. After you save it, you should be able to access your school's exchange server directly.
Hope it helps,
- TKN
Hi tariq_niazi!
thanks for your quick reply!
tariq_niazi said:
I believe if you go to https://(your university mail server)/server.cer in your Pocket IE, you will be asked to save the certificate. After you save it, you should be able to access your school's exchange server directly.
Hope it helps,
- TKN
Click to expand...
Click to collapse
I have added a screenshot below. The message is
the requested url/server cert was not found on this server !
My servers address for email logon in is http://owa. uni name. co. uk
But I did type https://owa. uni name. co. uk/server.cer in Pocket Explorer !
Ofiaich
hmmm I guess it works differently for servers running Microsoft version of Exchange Server. But I run a Kerio Mail Server that also has this exchange capability, I can simply get the certificate over the air. Let me check if my university gave any instructions on how to download the certificate (it there is any). Let me get back to you as soon as I can.
- TKN
Thanks very much tariq_niazi !
I was told by the university that they do not use certificates but their information setting up a XP Laptop to work with the new server clearly states that you need to "check here" to Vaildate server certificate.
Then there is certificate called GTE CyberTrust Global Root !
As I had typed before, my hope is to be able to do these,
1. my PC via a cable,
2. my PC via WiFi,
3. via GPRS when I am out and about,
4. via WiFi when I am out and about.
Thanks for your time !
Ofiaich
My university (Cal Poly Pomona) uses a certificate from Thawte Premium Server CA which is already in my Pocket PC by default. That is why I am able to sync with their servers using SSL. You can check and see if your school uses a SSL certificate that is preinstalled in your device by double clicking on the security icon in your browser when you go to your email login page. There are ways I remember to export a PC version of SSL certificate to Pocket PC certificate using a tool. I cannot remember but if you google around, you should be able to find it. I believe the file format for that SSL certificate for your Pocket PC will be der instead of cer in my case.
Hope it helps,
- TKN
Hi tariq_niazi!
thanks again for your time... !
tariq_niazi said:
There are ways I remember to export a PC version of SSL certificate to Pocket PC certificate using a tool. I cannot remember but if you google around, you should be able to find it. I believe the file format for that SSL certificate for your Pocket PC will be der instead of cer in my case.
Hope it helps,
- TKN
Click to expand...
Click to collapse
Yes, I just checked tools -> Internet Optons -> Conten -> Cerficates
and sure enough the GTE CyberTrust Global Root is in the tabbed list of Trusted Root Certificates.
There is also an 'export option' which then launchs a wizard.
There are now 3 options for the format to choose
DER Encoded binary x.509 (.CER)
BASE-64 Encoded x.509 (.CER )
Cryptographic Message Syntax Standard PKCS #7 Certificate ( .P7B )
I can then see if I choose, for example, the first one, that I have to name the file, choose a location etc and save it!
I guess I can save all 3 types, then find the directory on my Kaiser to copy them to!
Maybe device/windows/system/certdtls ?
Ofiaich !
Let me know how it goes, I am interested in seeing if this method works or not.
- TKN
I will ! I will post here!
Do you think I am correct with my choice of directory on the Kaiser?
I am search for info on that now.
Tomorrow, I might not post........... busy day... but Wednesday, I will definitely post..
thanks again !
Ofiaich
As far as I know, you should be able to click on the cer or whatever file you got and it will install automatically. That is what happened whenever I downloaded the server.cer file directly from my mail server. I am not sure of placing those files in the folder you have mentioned but it does not hurt trying and see if it works.
- TKN
Hi!
I got the certificate on my Kaiser now! Thanks! Imported it to the Kaiser through ActiveSynch
Now I have changed the ActiveSynch settings for calendar and mail, so it checks on the server..
I left Contacts Tasks and Notes on the PC,
I would have thought synching would be quick..
now I get the error message - error / support code - 80072ee2
again............ Hmmmm... nearly there....
I have a new question..! Any ideas what a 'device sms address' is ?
Sleep time for me !
Thanks again!
Ofiaich
Hi!
I am still not successfull with this!
I can synch my Kaiser to the PC and synch contacts, calendar, notes, emails etc but still get the error message - error / support code - 80072ee2
I read elsewhere in XDA Developres to turn off the firewall. I know this is not a good idea, but tried it, no luck with synching, so switched it back on again.
I am frustrated that I can only synch when at home with the PC via cable !!
Ofiaich
FIXED
I managed to fix this in the end. Turns out that Vodafone UK were not blocking emails after all
Go to Connections \ Settings and select "Select Networks".
I changed "...connect to the internet should connect..." to "My ISP" and then it all worked.
This has really puzzled me, because I have not installed any software, or changed any other settings. It just stopped working. I had a similar issue with other software getting data from the internet, which again involved changing a setting in Connections.
It's all a ball-ache to be honest, and probably one of the worst things about Windows Mobile.
Hi!
I tried that to see if it sorted my problems too....
But I still get error / support code - 80072ee2
I am sure the university is doing something with their server !!
I am out of ideas....
Ofiaich
Hi!
got the Microsoft Exchange Server working now....
Outlook 2007 PC address on the PC was different to what I should use for synching with the Kaiser...!
Strange but T_r_u_e !
Attachments in Hotmail still do not work, but don't care...! The email throught M.E.S. gives what I need !
Ofiaich
Glad to hear it!
- TKN
Hello,
My company uses Exchange server 2003 sp2. I've tried to sync my TyTN II several times but I always get this message: "The security certificate on the server is invalid. Contact your system administrator or ISP to install a valid certificate on the server and try again".
I'm actually able to access https://myserver.com/OMA (not http) using my nickname and password, but I don't even know what that means. I talked to the IT guys and they just sent me to a Microsoft page where it says: "This problem may occur because the device manufacturer locked the Windows Mobile 5.0-based device. This lock prevents you from installing Secure Sockets Layer (SSL) certificates correctly".
So, their only answer was: contact your manufacturer to see if the device is locked (??). (Although they also said I didn't need a SSL certificate)
¿Could anybody please help me to understand this? ¿Do I have to install a certificate? ¿Do the IT guys have to do it? I really need to solve this so any information is welcome
thanks a lot.
If it is a "self-signed" certificate (and not an official one bought f.e. via verisign.com), than you have to install it on your device to make it "valid". Additionally the Hostname provided in the certificate must exactly match the hostname of your exchange-server otherwise it won't work either. HTH
PS.: you can find out both when you access your companys exchange server via OWA (OutlookWebAccess). Once you're logged on you can examin the certificate and look if the hostname matches, if the certificate is still valid (every certificate has an expiration date) and who the "certification authority" is.
You can still use OWA if the company allows you to use it unencrypted. Just uncheck use SSL during setup.
I'd be curious if anyone would know how to rip the public key from Firefox or something so it can be imported to the phone to make it work.
I have been told if you can get your exchange admin to send you the .CERT file from the IIS webserver you can run that on your phone and get it to work. However, I believe that has the public and private key pairs, which is a security risk to your entire organization if you have the private pair!
jon_k said:
You can still use OWA if the company allows you to use it unencrypted. Just uncheck use SSL during setup.
Click to expand...
Click to collapse
domain credentials over unsecured channel, bad mojo man
Your IS guys should have a certificate for you to install which will resolve the problemI have a root ca certificate for my company installed on my phone so I have no problem using any certificate they sign.
As already said, check the hostname matches extacly and check the expiry date of the certificate.
Hey Guys, thanks for all your answers!
I'm logged on the OWA server and the certificate says "Equifax Secure global eBusiness CA-1". The expiration date is 24/02/2010. Does anybody know how can I install this on my device? I checked the hostname and it matches perfectly
If it is like the certificate I have to use to get my Tilt/Office Exchange to work, then you just double click on it and it should say "Installed" or something like that. After that, assuming you have everything else setup, it should work like a charm.
thanks a lot to all you guys! Had some problems because the certificate would install in the "intermediate" store, instead of the root store, but I found this site and followed the instructions:
http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/
It's synchronizing right now and it's way faster than activesync!
Well I was able to save, and copy the certificate by going to my companies OWA site.
I copied it via memory card, and was able to install it. Upon installing it I'm not asked for an option of where to install it (root vs. intermediate, etc)
Unfortunately by default it is going to intermediate.
I hope that this will fix it once I figure out how to install it into root.
For now it has not fixed my problem, still get an error synchronizing with the server.
Edit:
Strange, I re-installed the certificate, to make sure it was from the "head" title branch (my company has an extra level to the branch so I tried both), and this time instead of soft-reset, I completely shut-down the phone.
Powering it back up, it now sync's fine, and there is a 2nd verisign cert with a different expiration installed in the root store. My poor outlook is still syncing data as it catches up for the last couple weeks!
Doh.
WeldingRod said:
Well I was able to save, and copy the certificate by going to my companies OWA site.
I copied it via memory card, and was able to install it. Upon installing it I'm not asked for an option of where to install it (root vs. intermediate, etc)
Unfortunately by default it is going to intermediate.
I hope that this will fix it once I figure out how to install it into root.
For now it has not fixed my problem, still get an error synchronizing with the server.
Edit:
Strange, I re-installed the certificate, to make sure it was from the "head" title branch (my company has an extra level to the branch so I tried both), and this time instead of soft-reset, I completely shut-down the phone.
Powering it back up, it now sync's fine, and there is a 2nd verisign cert with a different expiration installed in the root store. My poor outlook is still syncing data as it catches up for the last couple weeks!
Doh.
Click to expand...
Click to collapse
I also had this problem, and the sync. still does not work... if someone has some idea
Thank you
hello everyone,
I got this to work by installing the .cer certificate from the self signed website certificate AND installing a .cer from the server's self signed ROOT CERTIFICATE. The root certificate is usually located on the C: drive of the server with certificate services installed. Your IT guy should know where this is. You just copy the root cert to a file just as you would the website cert. Install both on the phone...the website cert will go to "intermediate" and the rott cert will go into the "root" store. Once I did this, no more error codes and my activesync shows "connected" instead of the last time it was synced.
Hi
Had the same problem and it's solved thanks to this solution mentioned by oscarsalgar
It's working perfect !!!
Thank you very much
K'uvo man, gracias puesh hermano, me salvaste la vida puesh. Triple hijueputa q me ayudo este post man. Gracias pelado!!
I have received a HTC TYTN II from my company, which currently is synching with our mailserver so that I can read my email wherever I am.
Since I'm curious, I tried to get my old Wizard to do the same. I did the same install as with the Kaiser, but I get the dreaded "0x85010004". I scanned thru the Kaisers registry and took all root-certificates under "HKEY_LOCAL_MACHINE\Comm\Security\SystemCertificates" and imported them into the Wizard and rebooted, but no luck. I am assuming it's a certificate of some kind that is missing, but I can't find where else it could be? Does Exchange install a hidden certificate on the phone in order to identify it, and if so - why isn't it shown in the certificates menu?
Any help is appreciated.
BR
Fredrik
activesync cert with exchange
hi fredrik,
activesync accessing exchange on a mobile device uses OWA (outlook web access) to access your email through SSL. the best way to get the cert you need is to log into your OWA (probably something like https://webmail.yourcompanyname.com) or whatever it is (it's the same address you use when you put in when confiigure exchange with activesync) from a desktop pc. than, right click on a blank portion of the page and go to properties. you should see a button that says certificates, click on that, than click on the details tab. than click on the "copy to file" button and the cert export wizard will start. click next, than select base64 as the type of cert, than hit next, name it, save it, put it on a memory card or bluetooth the file to your phone and install it. sometimes, during the install, your phone will error out when installing it, just soft reset, and then install it again. you should get a message that says it was installed successfully. than configure for activesync for exchange on your phone and you should be all good. let me know if that works for you.
Thanks for the help!
Tried that and got the same problem. The original phone has Pointsec installed in it, but I do not think that it gerenates any certificates (at least not any I have found in the registry). Is the ACU version important?
/F
Talked to my IT department and they told me that Pointsec decodes a certificate in order to communicate with our mailservers. Anyone any good at pointsec and knows if it puts a crypto on the Registry or if it is purly file based? If the file is decrypted each time I punch in my code, it should register the time when the file is being decrypted... What programs can search files in WM and search for the time stamp?
BR
Fredrik
I have an AT&T Tilt. I had Direct Push from Exchange Server working perfectly with no effort - was working for months. Then, I had a hardware problem with that phone and was given a replacement from AT&T. After replacing it I am unable to configure the direct push any more. I wrote down all the settings and carefully reapplied them on the new phone.
What I am seeing now is when manually invoking a send/receive, ActiveSync reports the following:
------
Result:
The server you are synchronizing with is not an Exchange Server, or is running incompatible
software. Choose Configure Server on the ActiveSync menu to specify the correct server.
Support Code: 0x85030022
------
I've been on the line with the hosted exchange server folks and there's no change on their end...
I installed the certificate as suggested above - seemed like it was worth a shot. No difference.
Any ideas?
sorry for the late reply.
I'm not too sure about your pointsec fredrick, as we don't use it on our mobile devices at work, but we do use it on our computers. as far as i know, pointsec is supposedly suppose to be transparent encrypt/decrypt after you first turn on your device and enter a passcode, heck, windows mobile should operate like pointsec isn't even on the device, so it shouldn't be a cert issue, but who knows, i never liked pointsec anyway. sorry i can't be more helpful.
ubetchya,
that error message is pretty straight forward, either the OWA address is wrong or your certificate isn't installed correctly. i know this sounds lame, but if you can, borrow a friend's Windows Mobile phone and config it with activesync to verify your settings are correct. for the owa address, try adding "/exchange" without the quotes at the end, maybe their redirect isn't working correctly. so if your server address is "https://webmail.hostedexchange.com", make it look like "https://webmail.hostedexchange.com/exchange" (that should take you to directly to the exchange server without using their redirect). if you want, you can also try downloading the certificate directly from your hosted exchange guys, if they have the cert page up that is (most exchange admins leave it up, i know we do =P ) to get to the cert page, go to a desktop pc...
1. type in your webmail server address and add "/certsrv" at the end without the quotes (ie; "https://webmail.hostedguys.com/certsrv"
2. it will prompt you for a username, it should be in the following format "domain\username", so if my domain was microsoft, and my username was bill, than my username would be "microsoft\bill" without the quotes
3. enter your password.
4. click on the last link, "download a certificate, certificate chain, etc"
5. select the base 64 encoding method and than click download CA certificate.
6. save it to a memory card or bluetooth it over to your phone and install it.
hope that helps!
oh... and one more thing about your server address, it could be different than adding "/exchange" at the end, to verify, just to your webmail and see wear it redirects, when you get to your login page (if using forms based authentication), use that address, if not using forms based, (small popup window for login) just log in and than use that address.
UBetchYa said:
I have an AT&T Tilt. I had Direct Push from Exchange Server working perfectly with no effort - was working for months. Then, I had a hardware problem with that phone and was given a replacement from AT&T. After replacing it I am unable to configure the direct push any more. I wrote down all the settings and carefully reapplied them on the new phone.
What I am seeing now is when manually invoking a send/receive, ActiveSync reports the following:
------
Result:
The server you are synchronizing with is not an Exchange Server, or is running incompatible
software. Choose Configure Server on the ActiveSync menu to specify the correct server.
Support Code: 0x85030022
------
I've been on the line with the hosted exchange server folks and there's no change on their end...
I installed the certificate as suggested above - seemed like it was worth a shot. No difference.
Any ideas?
Click to expand...
Click to collapse
I got it working. The error message was pretty close to telling me that it's an invalid server "name". My hosted exchange provider uses owa3.... I was missing the all-important 3.
No matter how hard they try, programmers can't make it completely idiot proof...
All is working now beautifully. Thanks much for the suggestsions.
Tytn II
Hi there,
I'm trying to connnect my Tytn II to my work's exchange server so I can use it instead of having to use a Crackberry however I'm getting the following message in ActiveSync:
Support code # 0x85030022
The server you are synchronizing with is not an exchange sever, or is running incompatible software. Choose Configure Server on the ActiveSync menu to specify the correct server.
Can anyone help ?
Hi Smooth,
Have you tried all the steps in this thread already? make sure you have installed the correct certificate, have the correct server address and ask your administrator if activesync is enabled on the exchange server. post back with your results to the tricks in this thread and we'll see what else you can try.
ok i'm sorry, but i have been all over the place and still cant make this work!
my work IT dept only allows remote email via the web. i can access using opera no problem but i'd like to sync/push/downloadupload/whateveritscalled into my outlook on the phone seamlessly. HOW DO I DO IT?!?!? i have tried and TRIED to set this up to no avail thru "new account" in the messaging and thru activesync. it cant be that hard since there are only 2 simple steps when i access it via opera.
#1) i go to the website:
www.sodexhomail.com (but when it loads, the full address is https://www.sodexhomail.com/owa/&reason=0)
#2) and i login with only 2 pieces of info:
domain\username: xx-xxxxxxx\myname
password: xxxxxxxx
please please PLEASE someone tell me how to set this up STEP BY STEP so i dont have to keep going thru opera!
thanks!
Ok this is not so hard. I configured it myself many times.
First you have to ask your IT Department whether they allow mail on your device. What if you lose your device, other people might have access to sensitive emails.
For pushmail to work you need an Active Directory user account and this account has to be mailbox-enabled. From the information you just supplied, you do have an AD account which is mailbox-enabled.
When you go to http://www.sodexhomail.com/owa you will see that you will be redirected to https://www.sodexhomail.com/owa Do you see the extra S behind HTTP ? THis means that you access your website securely. In your internet browser on your normal desktop or laptop computer you will see a little golden lock at the end of the address bar. When you click it, you have the option to see the security certificate and to export it to a file. Export this certificate to a file (just click next all the time and give it a descriptive name) and save it on your computer. Then connect your Diamond to your computer and transfer this certificate to your diamond. On your Diamond browse to this certificate and click it so it will be installed. For ActiveSync and Pushmail to work you must do this.
Ask your IT Departmend whether they have enabled your user account for active sync and pushmail. If not, you can't use pushmail. If they did, continue with the following steps on your diamond.
Ok, you've already installed the ssl security certificate on your diamond. Now open Active sync on your diamond and do the following.
1. Click MENU.
2. Click Configure Server
3. In the field Server address type: www.sodexhomail.com and enable SSL
4. click next
5. In the User name filed type your user name and password
6. In the domainfield, type sodexhomail.com and enable to remember your password.
7. Click next
8. Enable the items you want to sync, like contacts, calender, email and tasks
9. Select email and click configuration and select the option how far back active sync should go for syncing emails and select for the messages HTML.
10. Click advanced and enter your email address.
11. CLick Finish.
12. In the main Active Sync menu, click menu again and choose Schema
13. Select As items arrive and configure the times you want to receive pushmail. I entered 00:00 - 23:59 so 24h a day.
Now you should be done.
Good luck.
EDIT: If your company uses Microsoft Exchange 2007, maybe your administrators configured Outlook Anywhere. This means that you only have to install the ssl certificate and dont have to configure the above steps. On your diamond you simply go to Start - Messages and create a new account. Fill in your company mail adddress and password and on the next screen you will be asked if you want to configure your mail settings from the internet automatically. I configured this myself and works like a charm. But if your IT admins did not configure Outlook Anywhere, this won't work.
You an only do it if your company enables OMA (outlook mobile access).
OWA for access via a browser and OMA for push access via activesync are totally different.
dannyoneill said:
You an only do it if your company enables OMA (outlook mobile access).
OWA for access via a browser and OMA for push access via activesync are totally different.
Click to expand...
Click to collapse
His company uses Exchange 2007 and there is no more OMA in Exchange 2007.
MRE-net, you are awesome! thanks so much for the help, but i have good news and bad news.
i followed your instructs to the letter, but it does not work. whereas before i was getting a "check your settings/password" error or the like, i am now getting "Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server admin. support code: 0x85010004". before i even tried to sync, 2 things you said (as well as knowing how tight my company is with info) told me that it wouldnt work in the end:
MRE-net said:
First you have to ask your IT Department whether they allow mail on your device. What if you lose your device, other people might have access to sensitive emails.
Ask your IT Departmend whether they have enabled your user account for active sync and pushmail. If not, you can't use pushmail. If they did, continue with the following steps on your diamond.
Click to expand...
Click to collapse
so...good news, i'm acutally smart enough to follow instructions, thank you so much! and bad news is that the sync error tells me that my company doesnt support/allow it (right?), and i'm guessing theres no way around this without IT admin involvement.
thanks again.
spiffyjiff said:
MRE-net, you are awesome! thanks so much for the help, but i have good news and bad news.
i followed your instructs to the letter, but it does not work. whereas before i was getting a "check your settings/password" error or the like, i am now getting "Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server admin. support code: 0x85010004". before i even tried to sync, 2 things you said (as well as knowing how tight my company is with info) told me that it wouldnt work in the end:
so...good news, i'm acutally smart enough to follow instructions, thank you so much! and bad news is that the sync error tells me that my company doesnt support/allow it (right?), and i'm guessing theres no way around this without IT admin involvement.
thanks again.
Click to expand...
Click to collapse
You have to get them to enable active sync for your mailbox.
In the meantime solution
Had a similar problem so i requested IT to send duplicate emails to my live/hotmail account which they had no problem with. From hotmail its easy to sync to WM. You can also tell hotmail that when it sends emails it can do it on bahalf of [email protected].
[Then you can set a rule on hotmail to forward some emails back to your main work account - have not donr that though]
Hi guys,
I have a HTXC 8x but I think my question applies to all WP8 devices. I have an open source groupware (Zarafa) running on my own hardware at home which provides me with an Exchange ActiveSync interface. Currently I use this without any encryption (only in local wifi, not over 3g) but I do plan to rout this to the internet in order to be able to sync on the go. Now I do have my own self signed SSL certificate and securing the webaccess worcs like a charm. Anyway I can't seem to find any information on how to add this certificate to my WP8 device in order to accept the encrypted Active Sync API. Is this possible at all? Am I just blind? How do I do this?
Thanks for your help allready and cheers,
derliebewolf
I have no idea, if this info helps.
Im using RDP Gateway to my work network with 2 certificates - the one with cer suffix and the one pfx with suffix and with password. I can add it from Skydrive via Skymanager without problems...
derliebewolf said:
Hi guys,
I have a HTXC 8x but I think my question applies to all WP8 devices. I have an open source groupware (Zarafa) running on my own hardware at home which provides me with an Exchange ActiveSync interface. Currently I use this without any encryption (only in local wifi, not over 3g) but I do plan to rout this to the internet in order to be able to sync on the go. Now I do have my own self signed SSL certificate and securing the webaccess worcs like a charm. Anyway I can't seem to find any information on how to add this certificate to my WP8 device in order to accept the encrypted Active Sync API. Is this possible at all? Am I just blind? How do I do this?
Thanks for your help allready and cheers,
derliebewolf
Click to expand...
Click to collapse
You export the public key of your CA (Certificate Authority - the Key that was used to sign you self signed certificate) to a *.cer file. You then send that to yourself via E-Mail, open it on the phone and install it. Then connecting to your server using the self signed certificate should work.
StevieBallz said:
You export the public key of your CA (Certificate Authority - the Key that was used to sign you self signed certificate) to a *.cer file. You then send that to yourself via E-Mail, open it on the phone and install it. Then connecting to your server using the self signed certificate should work.
Click to expand...
Click to collapse
Well, that sounds easy. Gonna give it a try over the weekend, thanks a lot!
Note: that process assumes that you used a self-signed CA cert and then used it to sign your SSL cert, rather than just self-signing the SSL cert (the first approach is better but the second may be simpler). In either case, though, there should be a cert with key usage info specifying that it can be used to verify authenticity (the cert whose private key was used to create the signature). Export that as a .cer (or similar) file and email it to your phone or post it on a web server that you visit using your phone, and you'll be asked if you want to install it.
Do not export the private key unless you're using a client cert for authentication (if you aren't sure, then you aren't). The most common formats for cert export don't even permit including a private key.