wifi & secure w2 certificate problem! which rom? - Tilt, TyTN II, MDA Vario III General

hello everybody,
i am having huge problems connecting to my university`s wifi (tu-clausthal in germany). i installed secure w2 newest version and the required certificates from my university. i configured everything according to the guidelines. however, i cannot connect to the wifi network, it keeps connecting forever and nothing happens. i am 100% sure the configuration is correct, a friend of mine can connect with the exact same config. also i can connect to any other wifi network, no matter if wep, wpa, etc. only havin problems with the certificates, it seems.
now my question: has anybody successfully connected to a secure w2 wifi network? if so, which rom and which version of secure w2 did you use?
the technical support of my university doesnt know anything about windows mobile...iphone and symbian phones seem to connect without problems...
any suggestions?
edit: i am using AtheniOS rom wm 6.1

Same problem connecting to a w2 on my AT&T Tilt. My company was running a linksys standard WPA but installed a WPA2 a few months ago. My IT department tried to help but they don't know windows mobile and AT&T tech support was useless. I have a WPA2 option in my wireless menu but I can't connect??? I'll get looking and will post if I find anythink.

hmm too bad. as i said, one of my friends can connect without problems....

With WPA2 Enterprise (not WPA2-PSK) Windows Mobile allows only EAP-TLS & PEAP Authentication, the authentication type will be configured on a central RADIUS server(s). With EAP-TLS you MUST have a personal certificate on the device as well as the Root CA's certificate. The client certificate must also have the 'Client Authentication' attribute. The Root CA certificate will generally have the 'All Purposes' attribute. With PEAP you have the option to use either a Certificate or Username/Password to identifiy the user - you would normally use Username/Password, however the RADIUS Server always identifies itself to the client using a Certificate. The client has the option to ignore this certificate if it chooses, however the default is to verify it is a trusted certificate. In XP or Vista you can turn this checking off in the network settings by unchecking the box 'Validate server certificate'. In Windows Mobile there isn't a way of doing this in the GUI, however there is a registry tweak that can be set:
Code:
[HKEY_LOCAL_MACHINE\Comm\EAP\Extensions\25
ValidateServerCert=0
Setting the value to 1 means check the certificate, 0 means don't check it.
Also verify the Time & Date on your device is in sync with the RADIUS server as timing is critical with PKI.
Other than that I don't know what to suggest. I sucessfully use my Kaiser with (almost) stock 5.2.19212 ROM on two WPA2 networks, one using WPA2/AES with PEAP authentication and the other using WPA2/AES & EAP-TLS - both work fine.
One more thing, check the version of the 'TNETW1251.dll' file. There appears to be at least two floating around. I have version 3.55.0.0 in my ROM.
HTH
Andy

thanks for your advice!
i just flashed the new atheniOS win 6.5 and installed the secure w2 software and now it works! i dont know why or how though

Related

WM6: Ok, VPN: Ok, Remote Desktop: NOT Ok - HELP

Hello all,
I have been successful in loading the WM6 ROM: works great! I have been successful at using the phone for Bluetooth DUN. I have been successfull at setting up a VPN connection to my place of employment: I can look at the RRAS server GUI and see that I have established a viable connection.
What I have NOT been successful at is getting Remote Desktop to work. RD is one of the reasons I upgraded to this ROM. Has any one been able to get their Windows desktop on their Treo? If so, how did you do it?
I can't seem to find any pertinent information on how to make this work so anything you can tell me would be a great help.
Cheers,
idyllic
http://forum.xda-developers.com/showthread.php?p=1453117#post1453117
http://forum.xda-developers.com/showthread.php?p=1451613#post1451613
joannaex said:
http://forum.xda-developers.com/showthread.php?p=1453117#post1453117
http://forum.xda-developers.com/showthread.php?p=1451613#post1451613
Click to expand...
Click to collapse
Joannaex,
thank you for the forum pointers. Alas, they did not help. I did try to load the cab file from one of the threads, but it loaded the same version of Remote Desktop Mobile that I already had. I still get the same errors encountered with the previous version. Maybe this behavior is due to the "unofficial" ROM not being fully functional in some way? I don't know. It would be interesting to hear from someone that actually got this to work.
Cheers
idyllic
PS: in occurs to me that this might be a routing issue in the 10.x.x.x/192.x.x.x space. I could verify this if there were a command prompt where I could run things like ipconfig, tracert, netstat, etc. Or a log file that could be viewed. Just wishful thoughts I suppose
PPS: Just found two great progs, one called VXIPCONFIG which give you the info you would get in you did an ipconfig /all. The other is called VXUTIL which you can do PING, TRACERT, WHOIS and a lot more. The utilities are available from http://www.cam.com/windowdsce.html.
I have been able to connect to remote desktop. What has been successful for me has been to already initiate my 3G connection then connect using remote desktop. It doesn't seem to be able to start up the connection itself.
andokai said:
I have been able to connect to remote desktop. What has been successful for me has been to already initiate my 3G connection then connect using remote desktop. It doesn't seem to be able to start up the connection itself.
Click to expand...
Click to collapse
andokia,
I am doing the exact same thing: starting my 3G connection, then my VPN connection, and lastly Remote Desktop Mobile. The RDN ALWAYS times out with one of these two errors: "Connection Status - Cannot Connect. Likely reasons are: 1. Specified computer name or IP does not exist, 2. A network error occurred while establishing a connection." So, I'm kind of at a loss here as the troubleshooting tools available are not great. Thank you for the response!
Cheers,
idyllic
Hi idyllic,
Can you access a remote desktop when a VPN session isn't active? I have used the two separately without problems but haven't tried them together.
andokai said:
Hi idyllic,
Can you access a remote desktop when a VPN session isn't active? I have used the two separately without problems but haven't tried them together.
Click to expand...
Click to collapse
andokia,
no, I cannot access any system. I have tried my home system (firewalls turned off and on). I have tried my work systems (VPN on and off). Nothing seems to work. It's really frustrating to have a tool that you know can help you, but it doesn't work: aaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhh!
Cheers,
idyllic
I'm assuming you're trying to use a local address because you are connecting with vpn first. Did you put the local address in the exceptions list? If not the vpn connection will disconnect anytime you try to use an address that is not in the exceptions list.
Exceptions list: start\settings\connections\connections\advanced\exceptions
then add the local url
Hope this helps. Used to be the problem I had when trying to use VPN.
chris44gw said:
I'm assuming you're trying to use a local address because you are connecting with vpn first. Did you put the local address in the exceptions list? If not the vpn connection will disconnect anytime you try to use an address that is not in the exceptions list.
Exceptions list: start\settings\connections\connections\advanced\exceptions
then add the local url
Hope this helps. Used to be the problem I had when trying to use VPN.
Click to expand...
Click to collapse
chris44gw,
yes, I'm trying to connect to a local addres, but that address isn't a URL. The address I'm entering is an IP address of the machine for which I want to get a desktop. Now maybe I'm wrong, but my understanding is that I can use Remote Desktop Mobile to get, say, a desktop/console of one of my servers.
I've been able to surf the web on the phone, I've been able to use the phone as a Bluetooth modem, I've been able to connect to each of my companies VPN servers. Still now desktop. Whether I enter a fully qualified domain name or an IP address it never works.
Now, I have a little more information. If I just connect to the AT&T 3G network I can do a traceroute to the VPN servers. If I then connect to the VPN (PPTP connection verfied and active) I CANNOT ping anything on the corp. net. It has to be a routing issue I'm thinking. It seems that it needs to be fixed on the phone side, but I can't seem to figure out where to do this.
Anyway, I appreciate the pointer about the URL exception list.
Cheers,
idyllic
That's what mine looks like. Once I'm connected vpn wise into my 2003 server I can RDP into it and another XP machine on the network through the local IP. Only thing I can think of is if you have activesync connecting to an exchange server. It might disconnect the vpn. I think you've said you're verifying the vpn connections so I might look into the firewall on the computer or make sure RDP is on for the computer (although you've probably done that). Good luck though.
chris44gw said:
That's what mine looks like. Once I'm connected vpn wise into my 2003 server I can RDP into it and another XP machine on the network through the local IP. Only thing I can think of is if you have activesync connecting to an exchange server. It might disconnect the vpn. I think you've said you're verifying the vpn connections so I might look into the firewall on the computer or make sure RDP is on for the computer (although you've probably done that). Good luck though.
Click to expand...
Click to collapse
chris44gw,
thank you for the screen-shot. I gave this a try, but no luck. We don't use exchange servers at work and I've verified that no active sync is active during the connect process. Having downloaded a couple of tools to help troubleshoot, I've noticed that I CANNOT ping anything on the internal network: this after verify that the VPN connection active and viable. I have also verified that each system that I am connecting to has RDP turned on. I guess I'll just keep experimenting. I just can't help but think that there is ONE LITTLE THING that is keeping this from working.
Cheers,
idyllic
PS: What encryption level does the Treo 750 VPN app use? 56bit? 128?
PPS: Upon further testing... when I connect to the RRAS server (and connecting to the RRAS server has NEVER been the problem) on the West Coast (Windows 2000 Server std. SP4) I cannot ping the "inside" network. When I connect to the East coast RRAS server (Windows Server 2003 SP2) I CAN ping "inside" network. In either case I still cannot get a remote desktop.
Have the same problem on Diamond
Hi all,
After upgrading to wm6.1 on O2 Diamond unable connect to Remote Desktop.
When manually connected to Internet it works perfect, but from RD Client there is always an error (dial up or Proxy settings). All other programmes can always correctly initiate internet connection via GPRS/UMTS. Via Active sync RD works always.
MFG
Sorry, never got it to work. Call me a traitor, but I now have an iPhone and everything works the way I expect it... with two major exceptions: 1. no cut-and-paste, 2. can't be used as a tethered modem without jail-breaking the phone (which I'm not willing to do).
--idyllic
Similar problem HTC Touch HD
Hi all, sorry in advance if my problem ends up being because I've missed something basic; I'm trying to setup RDC on my HTC Touch HD with no luck. Computer name is right, password is right, IP is right. Fail message:
"connection status. cannot connect. likely reasons are: 1. specified computer name or ip does not exist. 2. A network error occurred while establishing the connection."
I'm connected to my WiFi network which also has the machine i'm trying to connect to on it. I've also tried when out of network range, connecting via 3G/HSDPA. Steps I've taken:
-Enabled remote desktop in system properties on target machine. Haven't added any remote users as it already allows me (admin on target machine) and I'm using those login details to access.
-Allowed RD in the packet settings of Kaspersky antivirus, using the address as the ip of my mobile, found by going to whatsmyip.com, and name as the name I've set on the device.
-Probably unrelatedly, I've also allowed the HTC to access the wifi through the MAC address access list
I can connect via a standard windows machine on the same router (which just needs the computer name, not the IP). Have found this useful as I had the details around the wrong way, but even now it's not working. Based on the tips in the link above, I'm under the impression that I should set things up thus:
Computer: the ip address of target machine
User name: EITHER my username OR MACHINENAME/User Name, e.g. John Smith OR JOHNSPC\John Smith
Password: pw
Domain: either machinename or blank.
Anyone know if this is right / which of the options for username and domain is right?
Cheers
Dez

Kaiser and VPN

Hello,
does someone use a VPN software on the Kaiser ?
Wich one ?
I tried several but none worked.
My Kaiser is using the built in VPN client, to VPN into two different Microsoft RRAS networks using PPTP and IPSec/L2TP.
What problems are you experiencing? What type of networks are you trying to VPN into?
Thanks a lot for your answer !
I didn't know the Kaiser had a VPN client included ...
Where is the application ? What's its name ?
Is there a documentation I can find somewhere to help me to configure it ?
The other thing is that I use a SecurID password to connect to my corporate network, I don't know if this can work also with the Kaiser VPN.
In fact I would like to connect to my corporate network wich accepts both IPSec/UDP and IPSec/TCP. All I know is that I need a Cisco compatible VPN application.
I tried "AnthaVPN", it connects to our Cisco server, but then it disconnects after a few "Time Out" errors.
Thanks again for your help !
I would be interested in this too... we use Cisco at work using Cisco ipsec/udp but no idea how to set this up on the phone
Finally I've found how to use the buit in VPN, but it still does not work for me, because of the SecurID password I think (it says my login/password may be incorrect).
Here is how to access to the built in VPN (my device is french, I translate it to english but I'm not sure the names will be the same on english devices):
parameters/connections -> choose the "Connections" icon.
Then choose "Modify/Configure my VPN servers"
After you filled everything there, choose "Manage existing connections".
At the bottom of the screen, choose "VPN". The VPN connection you made should appear here.
Put your stylus on it until the options "delete" and "connect to" appears.
Select "connect to" and then you should be connected to your network.
I hope this helped.
So finally, I am still searching for a VPN application wich would work with SECURID passwords.
Does someone know one ?
Cisco VPN Help Required
Even my office uses a Cisco PIX Firewall with VPN. Even i have tried many softwares, but nothing seems to work. I thik it is because of the 2 phase authentication of the Cisco VPN.
Also just for info, we use IPSec over UDP (NAT/PAT)
How to set this up in my KAISER?
Hello to all
Im using AnthaVPN and it's work great with Cisco VPN Concentrator System in my KAISER. There must be also a way to connect to a pix.
http://forum.ppcwarez.org/viewtopic.php?f=41&t=32009&hilit=AnthaVPN
Greets
Haija
Like I said, I tried this one, but it did not work with SecurID keys.
I also had a problem with it related to the WIFI :
when I tried to use it with WIFI enabled, if I wanted then to disable the WIFI, it was impossible, even after a soft reset. I had to deinstall AnthaVPN to be able to disable the WIFI.
So finally I think the built-in VPN is better than AnthaVPN because I had no WIFI issue with it.
I have read the manual from the Homepage AnthaVPN and for me its OK. But i haven't testet over wifi. Over GPRS works great.
i'm using the Bluefire VPN CLient (www.bluefiresecurity.com) to connect to my university's vpn (cisco) and it's working great.
with AnthaVPN i was not able to disconnect wifi anymore (phone would hang up -> soft reset -> wifi on again), don't know if they fixed this till now
So I was not alone to have wifi problems with AnthaVPN !
Finally I tried Bluefire VPN, it works a lot better than AnthaVPN (no more wifi problems !), I can go upto the SecurID login, but after that, at "Phase 2", I have an error code talking about IPSec parameters...
So I still have problems but now I know that Bluefire is working with securid keys.

A networking problem: possibly complicated

I'm running wm6.1 on a tytn, and have been trying to connect to my uni's wireless network. their system is tailored to laptops and for authentication, requires SecureW2. Since there's an identical version of SecureW2 for WM, i've downloaded an installed it. My phone connects to the wireless network and I can browse the INTRANET.
now, the problem lies in browsing the internet. the instruction sheet provided by the IT division specifies that the internet is accessed through a proxy. for laptops, there's an automatic configuration script (a link on the server). tytn cant browse the internet without this script, and i can't seem to find a place in my network settings the enter the script address. my question is is there a third party app to solve this problem or am i just doing it wrong?
Cheers!
aravinda said:
I'm running wm6.1 on a tytn, and have been trying to connect to my uni's wireless network. their system is tailored to laptops and for authentication, requires SecureW2. Since there's an identical version of SecureW2 for WM, i've downloaded an installed it. My phone connects to the wireless network and I can browse the INTRANET.
now, the problem lies in browsing the internet. the instruction sheet provided by the IT division specifies that the internet is accessed through a proxy. for laptops, there's an automatic configuration script (a link on the server). tytn cant browse the internet without this script, and i can't seem to find a place in my network settings the enter the script address. my question is is there a third party app to solve this problem or am i just doing it wrong?
Cheers!
Click to expand...
Click to collapse
Hi There.
Try using the proxy settings in windows mobile instead, you will find an option under network connections, click on "the internet" or what ever your connection is called, and enable "this connection requires a proxy server" and enter in the IP address and Port number of the proxy server.
That should get you online. Schools and Uni's are a pain when they use 3rd party software on their network, tell them they should have gone to cisco!
I tried the proxy settings. First i downloaded the autoconfig script from their server, and went through every single proxy they had on it (they had alternatives). still nothing. but the intranet still works fine!
i'm not willing to giveup because basically, wifi on the tilt should be able to identify itself as a desktop/mobile device.
any other suggestions anyone? i'm banking on there being some obsolete third party addon that might work.
well your not alone..
i can only say proxy cant be used with tytn ii
http://forum.xda-developers.com/showthread.php?t=343309&highlight=proxy
if you got a solution, feel free to post here.. my school also uses proxy. cheers

WLAN Problem Diamond

ok, first of all, i checked every single thread on this page hoping to get a solution for my problem.
HTC Diamond, D-Link DWL-900AP+ Access Point.
My Diamond can "see" the Access Point, but is unable to connect with it.
Authentification WPA-PSK
Encryption TKIP
Networkkey Manually inserted and 100% correct.
Hook set at IEEE802.1x
EAP Typ = Smartcard or security certificate (but it's greyed out)
Network Card connects to Internet
From Server given IP Adress (hook set) DHCP on Access Point enabled
MAC Filters disabled
I also played around with the available network tabs.
I have vodafone DE, vodafone internet, company network or ISP
The the slider of the energy saving modus ist set to best performance.
What the hell is going wrong????
I also owe a HTC Touch Elfin and have no problems to access my network/internet.
Any suggestions would be highly appreciated
thank you
try deleting your network saved setting from list, make sure network card connects to internet, not work, find access point, and enter your password again.
this works for me in similar situations.
works if you start fresh, and not trying to connect with the same settings. i dont know why but has saved my ass a few times.
Also, try changing the encryption from TKIP to AES and see if that works....
I have the same problem! It's something about DHCP. My Diamond connects to my home wifi onli if I set the IP (which belongs to my phone on access point) address in the properties of network adapter.
HI did you try to put the host address of a site?
write 64.233.167.99 instead of google.it in case you can see the page the problem is the dns not resolved and insert manually in your phone connection
Marcellus_pnz said:
I have the same problem! It's something about DHCP. My Diamond connects to my home wifi onli if I set the IP (which belongs to my phone on access point) address in the properties of network adapter.
Click to expand...
Click to collapse
Same here, it looks like a DHCP time-out or routing problem. I've set up a DHCP server with a small pool of adresses on the acces point itself and now my Diamond always connects correctly. Before that, my Diamond would state that i had entered a invalid security key.
diamond connects but i cannot visit any website
Hi,
I have a similar problem. My diamond gets an ip address from dhcp, connects to dwl-900ap+ but i am not able to open any website (I tried to open some web with url and with its ip address too) - tried opera and IE too. In opera i get a "could not locate remote server" error. (Looks like a DNS problem?) I am not even able to open the AP's configuration web with diamond. Every other wifi enabled equipment I tried (1 notebook with win vista, 1 with XP, 1 with debian linux, nokia n95 with symbian and e-ten m700 with win mobile 5) works without a single problem. I also tried to reset the AP and my diamond - without success.
I didn't change any setting on the AP except for setting up a WEP encryption (i know, i know, it's not a strong encryption ), the SSID and the AP's ip address. Everything else is default. My dhcp server is not the access point. DHCP runs on a similarly configured router with wifi AP (diamond connects without problem).
Any idea/solution? thanks

Connecting to 802.1x encrypted Wifi

My school has campus-wide wifi that is encrypted using 802.1x enterprise encryption and I can't get my N1 to connect to it. Under the wifi settings the network shows up in range, but it shows up as a WEP wifi connection which isn't the case. I can manually add a connection and choose 802.1x and configure it as it should in order to connect, however when I do that it shows up at the bottom of the list as "Not in range, remembered" despite the fact that the SSID of the same name still shows up as that incorrect WEP encrypted connection.
Has anyone successfully connected to a 802.1x encrypted connection using their N1?
Do you need to install a security cert?
My N1 doesn't arrive until tomorrow, and I haven't tried connecting to my current school's wireless network. My last school had enterprise security, and I had to install a certificate on my laptop, and special software on my Windows mobile.
If no one else gets back to you, I'll see if I can screw around tomorrow evening.
Some googlin' brought up some maybe relevant info:
http://www.google.com/support/forum/p/android/thread?tid=5507f5155591aeda&hl=en
http://www.google.com/support/forum/p/android/thread?tid=4be67146eafe4365&hl=en
ATnTdude said:
Do you need to install a security cert?
My N1 doesn't arrive until tomorrow, and I haven't tried connecting to my current school's wireless network. My last school had enterprise security, and I had to install a certificate on my laptop, and special software on my Windows mobile.
If no one else gets back to you, I'll see if I can screw around tomorrow evening.
Some googlin' brought up some maybe relevant info:
http://www.google.com/support/forum/p/android/thread?tid=5507f5155591aeda&hl=en
http://www.google.com/support/forum/p/android/thread?tid=4be67146eafe4365&hl=en
Click to expand...
Click to collapse
i've tried a few different methods mentioned in the google forums and still no luck...
anyone able to connect using 802.1x?
with 2.1 update 1
i got it to work. not sure if that's what fixed it as my SA gave me the wrong sid the first time ... but it works great post update!
Nexus One -- Android 2.2 and 802.1x WiFi Authentication
flomid said:
My school has campus-wide wifi that is encrypted using 802.1x enterprise encryption and I can't get my N1 to connect to it. Under the wifi settings the network shows up in range, but it shows up as a WEP wifi connection which isn't the case. I can manually add a connection and choose 802.1x and configure it as it should in order to connect, however when I do that it shows up at the bottom of the list as "Not in range, remembered" despite the fact that the SSID of the same name still shows up as that incorrect WEP encrypted connection.
Has anyone successfully connected to a 802.1x encrypted connection using their N1?
Click to expand...
Click to collapse
I am using a stock Nexus One on Android 2.2. I got it running by entering the following (be sure to 'FORGET' the SSID that automatically comes up in favour of manually creating it) at 'Settings' >> WiFI:
EAP method: (I can choose b.w. PEAP, TLS or TTLS) and I choose PEAP
CA certificate: no choice … merely shows in brackets (unspecified)
User certificate: (unspecified)
Identity: (I enter) [MY-USERNAME, e.g., [email protected]]
Anonymous identity: (leave blank)
Password: [MY_PASSWORD]
Our university relies on WPA2/EAP/MS-CHAP .... but in our case putting the entire username did the trick.
I believe the Android 2.1 UI is deficient and will not let you enter the above, and from what I have read those who have 'rooted' their phone (and voided their warranty) have placed something like the following wpa_supplicant.conf file in /etc/wifi :
##### wpa_supplicant configuration file template #####
update_config=1
ctrl_interface=eth0
eapol_version=1
ap_scan=1
fast_reauth=1
Network={
ssid="MY_SSID"
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="MY_USERNAME"
password="MY_PASSWORD"
}
Some have mentioned that any certificate (e.g., Thawte) should be .p12 configuration and placed in the root directory of the SD Card. The best info for those who want to 'root' their Nexus one is Joe Levi's commentary at: http://pocketnow.com/tweaks-hacks/video-flashing-froyo-on-your-nexus-one
But as I stated, I have mine running the Net locally, and just need the proxy turned off by the uni. to get out.
Hope this helps.
I'm having the same issue at work. It appears as a WEP network and adding it as 802.1x says the network is not in range.
I'll give that wpa_supplicant.conf hack a go later.
I solved this issue, with the WiFi Advanced Config Editor (available in the marketplace)
my WIFI is 802.1x, with PEAP,MSCHAP v2
connect to the listed wifi with wep enabled, use any password
then modify the configuration with the WiFi Advanced Config Editor set as 802.1x, PEAP, MSCHAP v2, set user identity and password remove and remove any WAP settings
a enjoy
In my case, i have ICS 4.0, i try all suggestions above, but not work.
Someone can help me? Please

Categories

Resources