ActiveSync problem - MDA, XDA, 1010 General

I upgraded to the new a.30.07 and I can not do a wireless Activesync, I get "Synchronization failed. Try again, and if the condition persists, reset your device. Erroe code 0x80004005" I have done a hard reset and retried with out any apps installed and I still get this error message. Has anybody had this probelm and fixed it, or can someone point me in a direction?
TIA
Trub

Did it work before you did the upgrade, if so check your VPN connection settings.
FYI I've never been able to get it to work!
HTH

Qman said:
Did it work before you did the upgrade, if so check your VPN connection settings.
FYI I've never been able to get it to work!
HTH
Click to expand...
Click to collapse
Yeah I got it to work again. I did another hard reset and it started working again. It doesn't use a VPN connection, rather SSL and you have to tell your XDA to accept any SSL certificate, unless you can afford to buy a cert from Verisign.

Great! 8)
I'm interested in seeing your configuration / settings if you're will to post them. :wink:

Qman said:
Great! 8)
I'm interested in seeing your configuration / settings if you're will to post them. :wink:
Click to expand...
Click to collapse
I'm running Exchange 2003 on Windows 2003, by default under the user properities, all Mobile Services are enabled under the Exchange Features tab. Also, your Windows box has to be able to dish out SSL certificates so enable Certificate Services, create a certificate and install it into your default web site. Then you need to install a cab file on your XDA called AS_Cert_OFF.CAB, just Google it. Then in Activesync on the XDA, under options, server enter the server IP and your username, password and domain and then try to sync. Things are different if you are using MIS 2002 with Exchange 2000, as MIS can not reside on the same box as Exchange, and I've never gone down that road.

Here is some good information about troubleshooting the Always-Up-To-Date Notification feature of Exchange 2003.
http://support.microsoft.com/default.aspx?scid=kb;en-us;822176&Product=exch2003

Related

HELP: Sync over the internet ???

Is it possible to sync using activesync over the internet without running an exchange server? I'd like to be able to sync my XDA while I'm out and about to my PC at home.
:shock: :?: :?:
been trying to do the same for ages , but never found out how to do it
It can be done, under a few conditions:
1. You need to have a static IP address for you PC
2. You need to install Pocket Hosts or a similar free utility to map the WINS host name to your PC's IP address.
3. Your carrier / ISP must not have a firewall that blocks ports 5678 or 5679 (T-mobile seems to block this)
Remote active sync was designed with a local area network in mind and it is configured to connect to you computer by using the WINS name and not using an internet based DNS name. When you connect over an internet connection from your XDA, it is not able to find you PC.
If you install a free utility such as Pocket Hosts (http://zimac.de/cestuff.htm) you can configure the Pocket PC to be able to find you PC. This utility will allow you to configure you Pocket PC to map your PC Name to an IP address (similar to the HOST file on a Windows based PC)
Before I had the unlimited GPRS plan, I created a dial up connection to an ISP on my PocketPC Phone and it works perfectly. However, when I try the same thing over the GPRS connection, it does not work. From my end, it looks like T-Mobile blocks ports 5678 or 5679 on their firewall, which are the ports that remote active sync uses to complete the connection. (It looks like it is about to work, but then fails to complete the connection)
I have tried to convince t-mobile to fix this, but they keep claiming that it will not work out of the box, they don't know how to make it work, and they won't support it. They try to "upsell" me the sidekick or other device. I can't seem to get through to the right people. It seems crazy that a setting on their end blocks us from being able to sync over the air. After all, what is the point of a data connection if you are still restricted to using a cradle to sync. I understand that they don't want to support this and walk people through setting this up, but blocking the functionality seems pointless.
Anyone tested this on ATT? With number portability starting, I may have to explore other options. Anyone have an in at T-mobile that can get them to open up these ports on the firewall?
try www.yahoo.com
get an account (if you don't have one already)
login -- click on mail
the click the tab for addresses
on the next line to the right you will see the word "sync"
this will take you to download intellisync for yahoo
then follow instructions
sync you pda and your good to go, you will have your info on the internet and sync from anywhere
one more thing if youown a palm os and a pocket pc pda and you want to have both devices with same info (contacts, mail, notes etc. etc.)
the change the settings on your intellisync for your other device and resync
hope this helps it did for me...
Hi, I'm from the Philippines and my Network is SMART Communications. I tried synching with my active sync via GPRS but it seems it can't find my PC eventhough I used Pocket Hosts utility. It seems they block the port too. Anybody from Smart to please open the gate for us.
I've setup up my Win2k PC as dial-up server. And with the help of the Pocket Hosts utility, I can now be able to sync my Outlook over the air. But the call charges is killing me.
Jose
I've been investigating this myself too - and have to say T-Mobile's attitude is also alive and well here in the UK on O2 (via crapphone-whorehouse data support team).
I was actually shouted at by one of their 'tech' guys when I tried to persuade them that it could technically be done, but I needed to find out whether they were blocking the relevant ports. He eventually hung up on me! Fantastic service, eh!
I've been trying to get ActiveSync working over the Internet for the past few days and have finally managed to get it to work reliably. There are a couple of things that I have found...
Firstly, at least one of the ports required for ActiveSync does seem to be blocked when using GPRS (Vodadone UK in my case). Setting up a normal dial-up ISP connection results in first time connections to ActiveSync every time. It would be nice to know why there is problem over GPRS.
Secondly, my device was still connecting as Guest. Whilst reading through various other forums I found a fix that seem to work for this but it involves deleting a registry key. I wouldn't recommend it as I have know idea what else this key might be used for but it certainly solved the problem for me. The key I removed is HKLM/Ident/Username value is guest. The key is replaced automatically at some point (maybe after a reset) so if it stops working, you have to go and delete it again! There must be a better way....
That's great information, thanks.
I now have my device remote synching!
Just to summarise my steps to get things working on my XDA II:
1) XDA: Set up new work connection (don't you just hate the organisation of conenctions...) to a dial-up ISP over GSM, as O2 UK also block the ports required for activesync.
2) PC: Open sockets 990, 999, 5678, 5679 on my firewall
3) XDA: Use pockethosts to set up the IP address for my PC name
4) XDA: Change HKLM\Ident\User from guest to my normal PC logon user id
5) PC: Set allow network connections in activesync
6) XDA: Manually Connect to the ISP connection
7) XDA: Open activesync and click synch - away we go!
As an update to this, I had to do a full restore at the weekend after loosing all my data on the XDAII. The problem was not related to these changes but it made me look again at the Ident key. There are two keys normally like...
HKLM/Ident/Name Value<Your chosen PDA Name>
HKLM/Ident/OrigName Value<Pocket_PC>
This time I changed only HKLM/Ident/OrigName to the same value as in HKLM/Ident/Name and it connected first time. Also, this value does not seem to be reset unless you do a hard reset on the device. This may be better than changing the Username value though I have yet to try either on another computer where my preferred connection should actually be as a Guest.
Got it working
Thanks to andyclap's suggestions I finally got it working. It looks like T-mobile does not block any ports, but without the registry hack the error I got was the same as when I tested this over a dial up connection and blocked the ports on my firewall.
The other change since my last post is that I am using WM2003 and it requires you to set up a VPN connection to the PC instead of just using PocketHosts for the name resolution.

BlackBerry Connect

Hi
My company has recently introduced blackberry in our organisation... I have been trying to find out if there isany option of getting Blackberry connect for the Prophet.... No luck so far.....
Any help would be appreciated n this.... i love my Prophet dont want to move to non WM device...
Have a look here - I hope it helps
http://forum.xda-developers.com/showthread.php?t=327661&highlight=BlackBerry
chavdar said:
Have a look here - I hope it helps
http://forum.xda-developers.com/showthread.php?t=327661&highlight=BlackBerry
Click to expand...
Click to collapse
This version of black berry doesn't match with prophet WM6, i have been trying with different ROM and the result is always the same ...... My PDA got freeze and need to hard reset
I had the same problem, what worked for me was that I installed it directly to the main memory not the SD card. Unfortunately it is not generating a PIN. Does anybody know how to solve this problem?
Why Blackberry Connect? Activ Sync work better and is cheaper!
Install a OWA Server in the DMZ of your Firewall. Install URL Scanner on the OWA and set it only for Exchange OWA. Make a IP Rule on your Firewall that only HTTPS and the IP Adressrange from your Mobilephone Provider works. Setup a Certificat to Protect it ... finish ... high secure and faster! If you use Lotus ... OK Blackberry is the only way :-> If you think OWA Server isnt Secure enough ... OpenVPN ... Mobile Securemote for Checkpoint ... IPSEC ... its hard core but MI6 doesnt read your Mails :->²
NetrunnerAT said:
Why Blackberry Connect? Activ Sync work better and is cheaper!
Click to expand...
Click to collapse
Because some companies use it, because you can sync wireless everywhere, because you can avoid rooming costs by having BB contract with mobile operator and because it works.

Any get VPN working with DCD 3.2.5?

Has anyone got VPN connectivity working with DCD 3.2.5? I have been trying for hours with no luck. Every time I try to connect I just get the generic unable to connect message (VPN Server problems. Verify your username and password..... I do know its not a user name / password issue. I set the VPN up and administer it. Its a ClarkConnect Community Edition Firewall Router 4.3.
I can however use the phone with Internet Sharing and connect to the same VPN end point with my laptop. I know the VPN is working.
Any one have any experience with this?
scrosler said:
Has anyone got VPN connectivity working with DCD 3.2.5? I have been trying for hours with no luck. Every time I try to connect I just get the generic unable to connect message (VPN Server problems. Verify your username and password..... I do know its not a user name / password issue. I set the VPN up and administer it. Its a ClarkConnect Community Edition Firewall Router 4.3.
I can however use the phone with Internet Sharing and connect to the same VPN end point with my laptop. I know the VPN is working.
Any one have any experience with this?
Click to expand...
Click to collapse
I'll be honest. I haven't really tried yet, but I am interested in getting this working myself, as I need to set it up; in addition to somehow getting this damn thing to connect to my school's network - which it has refused to for many weeks now.
scrosler said:
Has anyone got VPN connectivity working with DCD 3.2.5? I have been trying for hours with no luck. Every time I try to connect I just get the generic unable to connect message (VPN Server problems. Verify your username and password..... I do know its not a user name / password issue. I set the VPN up and administer it. Its a ClarkConnect Community Edition Firewall Router 4.3.
I can however use the phone with Internet Sharing and connect to the same VPN end point with my laptop. I know the VPN is working.
Any one have any experience with this?
Click to expand...
Click to collapse
Did you try using the kitchen and enabling the Enterprise IPSEC checkbox? It's the first item on the list. I assumed this was for those who needed VPN connections, so have not used it myself personally.
BTC
BillThyCat said:
Did you try using the kitchen and enabling the Enterprise IPSEC checkbox? It's the first item on the list. I assumed this was for those who needed VPN connections, so have not used it myself personally.
BTC
Click to expand...
Click to collapse
yep you need that for IPSEC vpn, but PPTP vpn would work without it.
BillThyCat said:
Did you try using the kitchen and enabling the Enterprise IPSEC checkbox? It's the first item on the list. I assumed this was for those who needed VPN connections, so have not used it myself personally.
BTC
Click to expand...
Click to collapse
Yes. Im going to flash back to a stock ROM later today and test.
I'll post the results.
DCD have you ever got PPTP to work?
scrosler said:
Yes. Im going to flash back to a stock ROM later today and test.
I'll post the results.
DCD have you ever got PPTP to work?
Click to expand...
Click to collapse
Telus ROM can authenticate just fine. Hmmmm. DCD Any thoughts?
PPTP VPN works
Here is what I did:
Configured the VPN connection.
Create a nework exception for a valid DNS name or use wildcards:
*.myvpnconnection.com
Anything you go to in that domain will use the VPN. IE seems to be the only thing that will initiate the connection.
It sounds like you might have something wrong on the server side.
MM
I just setup mine to use the vpn into my office and it worked slick as "stuff"... but we use a MS VPN server with AD...
I'm able to use VPN on 3.2.5 (stock, not cooked in kitchen) It works, but often time I have to soft reset before it will let me connect. Windows even suggests it... I haven't figured out a way around this when it happens, other then to soft reset.
Also I'm having a problem where VPN locks up the phone if I leave it connected, and the phone goes into lower power mode. It won't wake up with power. I have to soft reset.
Lastly, I'm trying to figure out the fastest way to actually launch the connection. It seems horribly buried / inefficent, the way I'm doing it:
I'm going to Start -> Settings -> Connections Tab -> Connections Icon -> Under the VPN Connection hitting "Manage Existing Connections -> VPN Tab -> Selecting the VPN Connection and "right clicking (hold until context menu pops up) and hitting "Connect".
Anyone know of a faster way?
Thanks in advance!!
PPTP and L2TP work fine here. I do have an issue where if I leave the connection live and the device goes to sleep it doesn't wake up and requires a soft reset. It's been like that for a number of revisions. Other than that it works fine.

No 'Use System Certificates' in wifi settings

Hi,
I am connecting to my university's wifi and I am unable to use their settings. From their settings, I am to choose PEAP for EAP Method. MSCHAPV2 for phase 2 authentication and Use System Certificates for CA Certificate however my phone only gives me the options of Select Certificate and Do Not Authenticate.
Is there something I haven't installed or am I missing something.
Thanks
Did you solve this? I'm having the same
No, still haven't figured it out. Been working by using do not authenticate.
I'm monitoring this thread daily - I have to settle for a "guest" connection at my work (College) until a system cert. option becomes available - it is tremendous pain logging in all the time etc... I'm surprised this issue isn't more prevalent. This seems to be the only thread with this issue raised.
I am having the exact same issue with my university wifi login
I've also been having this exact issue trying to login to my Universities wifi really stressing me out. Hopefully a solution is found soon
Problem solved
Hi there,
I encountered exactly the same problem on my S9 and have solved it now. The problem is the system certification is not installed on our devices. The solution is quite simple. Just download and install the App "eduroam CAT", and then it will automatically search for the eduroam of your university. After inputting your user name and password, it will automatically download the required certification and directly connect to the eduroam network. Hope this helps.
doubledou said:
Hi there,
I encountered exactly the same problem on my S9 and have solved it now. The problem is the system certification is not installed on our devices. The solution is quite simple. Just download and install the App "eduroam CAT", and then it will automatically search for the eduroam of your university. After inputting your user name and password, it will automatically download the required certification and directly connect to the eduroam network. Hope this helps.
Click to expand...
Click to collapse
unfortunately i've tried that and its still not working. Glad to hear your wifi is working however
doubledou said:
Hi there,
I encountered exactly the same problem on my S9 and have solved it now. The problem is the system certification is not installed on our devices. The solution is quite simple. Just download and install the App "eduroam CAT", and then it will automatically search for the eduroam of your university. After inputting your user name and password, it will automatically download the required certification and directly connect to the eduroam network. Hope this helps.
Click to expand...
Click to collapse
Thanks! Worked for me on Galaxy A7 2017 on Android 8 (where the option "use system certificates" doesn't exist) when connecting to Eduroam on the University of São Paulo.
ssadtru said:
Hi,
I am connecting to my university's wifi and I am unable to use their settings. From their settings, I am to choose PEAP for EAP Method. MSCHAPV2 for phase 2 authentication and Use System Certificates for CA Certificate however my phone only gives me the options of Select Certificate and Do Not Authenticate.
Is there something I haven't installed or am I missing something.
Thanks
Click to expand...
Click to collapse
Can the IT department for the school provide you with a downloadable certificate file so you can choose that?
This is something they should be able to do (provided they know how)
I have an S9 and the same problem. I solved it as follows:
Since my university doesn't say where to download the CA certificate, I went to my Windows 10 laptop that was logged in to the WiFi of the uni because I think it gets downloaded when I connect with Windows (or maybe Windows asked me to confirm the certificate?).
I exported (using binary format) the CA certificate - "thawte" was the issuer
I emailed it to myself, and from my email on my phone, saved the attached certificate to Android's file system.
I imported/installed the certificate in the Android 8 system.
Finally, I chose it (it appeared in "CA Certificate" drop-down menu) when signing in to WiFi
My theory is that often University IT departments outsource WiFi to third-party companies whose main goal is to make them easy to use on Windows/MacOS. Since many people don't have the latest Android (8), they don't understand what is going on.
Ideally, the IT folks should tell you where to download the certificate (so you won't have to export it from another PC), as in the explanation given at the University of Illinois (Google the text "How to manually set up IllinoisNet on the Android OS" since XDA won't let me post links).
how were you able to find out which certificate was tied to your uni's wifi? i finally got all of the other steps down, but finding out which one is relevant is still hard for me to do.
My university advertises cat.eduroam.org as solution for no certificates. Haven't tried it myself, as I didn't need it, but worth a shot.
After upgrading to Oreo on my S7, I was having the same problem for both my Uni's wifi and with eduroam. I solved it in a similar way as TheFuhrmanator. Make sure you've connected to Uni's wifi on your Windows 10 laptop at least 1 time to make sure the connection works.
Go to the Windows 10 Certificate manager (Start -> type 'certificate' -> Manage Computer Certificates)
Expand the folder Trusted Root Certification Authorities -> Certificates
Right click USERTrust RSA Certification Authority (and maybe AddTrust External CA Root) and export them to DER Encoded Binary format. I found the exact ones to export from https://it.umn.edu/wifi-windows-10-setup-guide
Copy the exported files to phone
On phone, go to Lock Screen and Security -> Other Security Settings -> Install certificates from storage (select the option to use the certificate for WiFi)
Connect to eduroam and select USERTrust RSA Certification Authority or whatever you named it
Process that we have worked out for certificate installation and connection
This isn't eduroam-specific, but our organization created this documentation, at wifi.lihc.on.ca with the installation process. We created a PEM-encoded ".cer" for our particular certificate chain, including the root and the two other required chained certificates.
The process is relatively painless, all things considered, but still an unnecessary step where the device already has the certificate installed.
I don't have "USERTrust RSA Certification Authority" only "AddTrust External CA Root"
Hello there
Just in case anyone still has this problem. I figured it out for my specific case with both the CAMPUS and EDUROAM networks at my university. The wifi network configuration required me to select for both cases:
EAP method: PEAP
Phase 2 Authentication method: MSCHAPV2
CA certificate: Greyed out and set to "Use system certificates"
Online certificate status, Choose : DO NOT VALIDATE
Even after I typed the username and password, the connect button would be disabled and I was always requested to provide a domain address, otherwise I would not be able to connect. So I downloaded the CA certificate configuration provided at https://cat.eduroam.org/# for my school in Canada. The file you download does not do anything in android so "double-click" gives no joy . Now, my aha! moment came when I opened the file on a texteditor, somewhere around all the encrypted gibberish you will see something that says:
</CA><ServerID>xxxx.yyyy.zzz</ServerID>
I suppose that would be the certificate authority address for my school. So, I added this address in the domain address and voilá! Connect button enabled and connection working all good for both cases. I hope this gets helps whomever now. Important to mention, I found this post looking for the problem but now I have a Google Pixel 5, but I'm sure the solution will work with any android phone.
----EDIT----
I just realized something else. I noticed someone said they will just keep using the GUEST network at their school even if it meant logging in everyday which is pretty stupid and annoying at this point in time. IN MY CASE, when tried the GUEST school network as a likewise temporary solution, I would be redirected to the school's wifi portal for authentication. It turns out, this portal has the same address as the CA authority (https://xxxx.yyyy.zzz/WHATEVER?STUFF......).
My point being, if your case does not involve EDUROAM of any form to allow you to get a config file and see the CA authority address, well, it stands to reason that it is the same server for both CAMPUS and GUEST networks used for authentication. At least is worth the try this address if you are out of options.
Cheers!
Flogisto said:
Hello there
Just in case anyone still has this problem. I figured it out for my specific case with both the CAMPUS and EDUROAM networks at my university. The wifi network configuration required me to select for both cases:
EAP method: PEAP
Phase 2 Authentication method: MSCHAPV2
CA certificate: Greyed out and set to "Use system certificates"
Online certificate status, Choose : DO NOT VALIDATE
Even after I typed the username and password, the connect button would be disabled and I was always requested to provide a domain address, otherwise I would not be able to connect. So I downloaded the CA certificate configuration provided at https://cat.eduroam.org/# for my school in Canada. The file you download does not do anything in android so "double-click" gives no joy . Now, my aha! moment came when I opened the file on a texteditor, somewhere around all the encrypted gibberish you will see something that says:
</CA><ServerID>xxxx.yyyy.zzz</ServerID>
I suppose that would be the certificate authority address for my school. So, I added this address in the domain address and voilá! Connect button enabled and connection working all good for both cases. I hope this gets helps whomever now. Important to mention, I found this post looking for the problem but now I have a Google Pixel 5, but I'm sure the solution will work with any android phone.
----EDIT----
I just realized something else. I noticed someone said they will just keep using the GUEST network at their school even if it meant logging in everyday which is pretty stupid and annoying at this point in time. IN MY CASE, when tried the GUEST school network as a likewise temporary solution, I would be redirected to the school's wifi portal for authentication. It turns out, this portal has the same address as the CA authority (https://xxxx.yyyy.zzz/WHATEVER?STUFF......).
My point being, if your case does not involve EDUROAM of any form to allow you to get a config file and see the CA authority address, well, it stands to reason that it is the same server for both CAMPUS and GUEST networks used for authentication. At least is worth the try this address if you are out of options.
Cheers!
Click to expand...
Click to collapse
I'm working to resolve this for my university. What CA file are you referring to, here? The certificate does not contain a ServerID tag, and our university does not issue certificates from this eduroam page.

Question Problem with Enterprise WiFi - Android 12

Hi,
Can someone help me with this problem.
Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.
WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.
Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?
PURPOSE OF DOMAIN FIELD WHEN CONNECTING TO WIFI 802.1X (PEAP) ANDROID 11 PIXEL - Google Pixel Community
Does this help? I just googled abit so Im not too sure about your issue. You can also show this to ur IT admin maybe he will understand it better.
hotcakes_shinku said:
PURPOSE OF DOMAIN FIELD WHEN CONNECTING TO WIFI 802.1X (PEAP) ANDROID 11 PIXEL - Google Pixel Community
Does this help? I just googled abit so Im not too sure about your issue. You can also show this to ur IT admin maybe he will understand it better.
Click to expand...
Click to collapse
Thank you for your answer.
Unfortunately this can't help me, because my company isn't using "freeradius".
I spent whole day on Google trying to find fix or temporary solution.
almirsahbaz said:
Thank you for your answer.
Unfortunately this can't help me, because my company isn't using "freeradius".
I spent whole day on Google trying to find fix or temporary solution.
Click to expand...
Click to collapse
Domain issue: the domain is the url name of the SSL Certificate.
Click to expand...
Click to collapse
The "freeradius" here is just an example. You need the url name of the SSL certificate that your company uses. It doesn't need to be freeradius
hotcakes_shinku said:
The "freeradius" here is just an example. You need the url name of the SSL certificate that your company uses. It doesn't need to be freeradius
Click to expand...
Click to collapse
Thank you for answering.
I know that, but my company doesn't know what their domain server is.
almirsahbaz said:
Hi,
Can someone help me with this problem.
Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.
WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.
Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?
Click to expand...
Click to collapse
I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.
Hudrator said:
I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.
Click to expand...
Click to collapse
My Enterprise WiFi network requires PEAP method.
I tried with PWD value, but it won't work.
If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.
When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...
Hudrator said:
If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.
When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...
Click to expand...
Click to collapse
This is what I needed:
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
CA Certificate - Do not validate (this option is now removed, and now asks for domain, which needs to be put in)
Identity: My e-mail address
Anonymous identity: Blank
Password: My password
And that was it, I was successfully connecting to this network for a years.
Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...
Hudrator said:
Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...
Click to expand...
Click to collapse
I'm using public hotspots from my internet provider, so I can't do that, because I'm using my @hotmail.com e-mail to access this network.
I contacted them, but they don't know how to set up a domain.
Okay... now i am a bit stunned.
You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.
Hudrator said:
Okay... now i am a bit stunned.
You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.
Click to expand...
Click to collapse
The thing is, I'm working for that ISP provider, so I asked their IT Admin, but I'm also their user and I'm using my private ISP account to access these hotspot locations
@almirsahbaz
Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:
It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).
So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).
The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.
What you can do is to inform the admins on the changes that google made starting at Android 11
PSA: Android 11 will no longer let you insecurely connect to enterprise WiFi networks
The Android 11 update will break connecting to certain enterprise WiFi networks. Here's why and what you can do to fix it.
www.xda-developers.com
If they want to use PEAP further on with devices running Android 12, they will have to change something!
Hudrator said:
@almirsahbaz
Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:
It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).
So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).
The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.
What you can do is to inform the admins on the changes that google made starting at Android 11
PSA: Android 11 will no longer let you insecurely connect to enterprise WiFi networks
The Android 11 update will break connecting to certain enterprise WiFi networks. Here's why and what you can do to fix it.
www.xda-developers.com
If they want to use PEAP further on with devices running Android 12, they will have to change something!
Click to expand...
Click to collapse
Thank you for your detailed answer.
I found possible solution for them online, and I sent that to them.
I guess this is what they need to do: "Radius server's certificate needs to contain a fully-qualified domain name (FQDN) in the Common Name field."
Basically they will need to implement PEAP as it was intended, yes
Hudrator said:
Basically they will need to implement PEAP as it was intended, yes
Click to expand...
Click to collapse
Thank you once again for all support that you have provided
Hi,
It's me again, I'm still wondering about this issue.
I found online that Android 13 implemented option "Trust on first use" for Enterprise WiFi network, which is available in drop-down menu for CA Certificate, but that feature is completely missing from my Xperia 1 III phone.
Is there some kind of trick to enable this option without rooting my phone?
almirsahbaz said:
Hi,
It's me again, I'm still wondering about this issue.
I found online that Android 13 implemented option "Trust on first use" for Enterprise WiFi network, which is available in drop-down menu for CA Certificate, but that feature is completely missing from my Xperia 1 III phone.
Is there some kind of trick to enable this option without rooting my phone?
Click to expand...
Click to collapse
Hi there,
this works on custom roms (im using alpha droid, its very nice i highly recommend)
Just today was the first time i was able to connect to server wifi but it meant using a custom rom which i am completely happy with. Good luck

Categories

Resources