Hi,
I once tried a Hero and wanted to connect it to our companie's exchange server. This forces mobile devices to accept a security certificate which activates a device lock with at least a four digit PIN. This works perfect on windows mobile devices and iPhones. But I gues it was the gesture method of device locking which was not accepted as an appropriate device lock.
Did anybody experience the same and is there a solution for this issue?
I think you can get some help from HTC this time, either by contacting an custom service or by reading their online guide. Because hero use an exchange program from HTC, instead of google's.
Edit: I think when you setup your exchange service, there is a place for you to enter your password, try it and see what would happen.
You might need to get touchdown that is the only thing that works for me.
@jokies: I contacted HTC and they reaplied that there is no solution as this is an Android issue.
@Oofki: Touchdown just seems to be another mail/cal/etc client software for android. I don't think that this is the solution as the issue seems to be with the security certificate which goes for a device lock. This has nothing to do with the email client as such. (Even if I can't try it out as I don't have an android device availabe.)
I can't believe that there is no solution as this kind of security implementation is quite common in big enterprises. Anybody out there with the same experiences and potentially with a solution?
Its works on the current crop of 2.1 roms, I don't use gesture lock but I could setup a alphanumerical password.
aaah, very good news. Hopefully I get a Desire in April and will then be able to connect. thx a lot for the info.
Related
Hi all,
My HD2 has been setup to receive mails from my work via Microsoft Exchange, but now I can't get my Wlan working... Does anyone know what the problem is and how to solve it?
I have tried search the forums but can't seem to find the answer.
Thanks in advance
Michael
sounds like you have an unrelated problem or the exchange server has enforced a policy to disable the wifi on your device. I would ask your IT department exactly what configuraion they have on the exchange server with regards device policies.
I personally have the same setup as you do and i have no wifi issues but i also know i have no device policies configured on the exchange server because i configured it
M3PH said:
sounds like you have an unrelated problem or the exchange server has enforced a policy to disable the wifi on your device. I would ask your IT department exactly what configuraion they have on the exchange server with regards device policies.
I personally have the same setup as you do and i have no wifi issues but i also know i have no device policies configured on the exchange server because i configured it
Click to expand...
Click to collapse
Maybe you are right about the policy. I didn't know that could be the problem. Is it possible to "disable" the exchange options when I don't use it, or is it only possible if I delete the settings again?
No. you need to talk to your IT people about it. Simple as that. If they say there is no policies then the problem lies else where. If they say there is a policy that is causing your problem then your screwed
One of the corner cases it seems HP did not design into webOS is the ability to auto negotiate a full 802.11X connection. I managed to fix this though and my touchpad is happily connected to our office wi-fi and I figure anyone else trying this might want to check out the workaround I managed.
When I attempted to configure my touchpad to connect to an office/enterprise access point, I hit a brick wall where after completing all the required steps. It was able to use the current user credentials and get to the access point itself, but failed out with a "warning, no certificate is found for this network, please contact your network administrator" type of message.
Well of course no one in our IT group had ever so much as seen WebOS and ultimately I was left to fend for myself.
The goal here is to successfully transfer the (normally auto-retrieved) 802.11X signing certificate to the touchpad so that it can properly connect to your corporate/enterprise wireless network. On other devices such as android this seems to all be automated, but on the touchpad a significant amount of manual arm-wringing was needed to get it to all work together.
Step 1: Getting a root security certificate for your company.
There are a few guides out there for various operating systems/devices which you can use. Since my office machine was windows 7, thats what I have direct experience with.
Win7 Has a built in certificate management tool, but it is not listed in any of the menus. To get to it, enter certmgr.msc into the run panel and it will open up this handy dandy little tool.
Once you have that tool open, look into the root certificate authority folder and find your company's enterprise certificate. Hopefully it will be fairly easy to spot, i.e. if you work at company with domain X, you should see something like "X Enterprise CA".
Right click this certificate and select "All Tasks->Export" which will bring up a wizard with a few different certificate formats. After much trial and error, I found that the only one the touchpad seemed to natively understand was the "Base-64 encoded X.509". Finish the export with a file name and you can find it in your default user folder.
Step 2: Transfer this file to your touchpad
This one is a no brainer, just connect the touchpad via usb to your machine where you have this file, and drag it over.
Step 3: Importing the new certificate
All you need here is any webos file manager capable of opening a file. I used Gemini File Manager, but several free ones are also available and should work.
Open the file manager app on your touchpad, and run that certificate file. This will open a certificate manager tool on the touchpad and prompt you to trust this new certificate. Once you select to trust it, it will be brought into the system and available to use for 802.11x authentication.
Step 4: Connecting to the network
At this point all you should have to do is connect to the office wireless that was giving you trouble before, and now after giving all your authentication info it should successfully connect and offer full connectivity
It seems a little convoluted but it is awfully nice to have the touchpad be fully on-line and available around the office and you only have to do it the one time, successive connections should all just work.
I've tried this at my University, but it doesn't work for my exact situation. Hopefully it will work for others too. Kudos for figuring it out! As for me, apparently WPA2 Enterprise PEAP MSCHAPV2 is a no go until the WebOS team will update/fix it....
I managed to get connected to my MS corp wireless, but will actually see if I have network connectivity a bit later (and update this thread).
its given me full connectivity here (I'm writing this on my touchpad on the enterprise WiFi right now). Its also worked for several other people here lucky enough to score one as well.
the biggest sticking point was getting the right certificate in the right (touchpad working ) format. Once I managed to get that file simply sending it around helped everyone else here get going in a couple minutes vs a couple hours it took when I was trying to sort it all out.
We use 802.1x at work without server certs. Just peap and mschap v2. I haven't had any luck connecting though. Anyone else been able to?
Looks like PEAP support is a major sticking point.
There's a tutorial here: http://www.webos-internals.org/wiki/Advanced_Wifi
(I changed some of the script as per the thread I got the link from here: http://forums.precentral.net/hp-touchpad/288229-wifi-enterprise-802-1x.html)
I tracked down the ARM wpa_supplicant package here: http://packages.debian.org/squeeze/armel/wpasupplicant/download
And the libreadline.so.6 package here:
http://packages.debian.org/squeeze/armel/libreadline6/download
.DEB packages just have .TAR files inside them so I extracted what I needed using 7Zip and used WebOSQuickInstall to copy the files to the TP.
Even after following the other directions though, I consistantly get an error saying:
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Not having much luck...
what's odd is our network looks like it does have peap set but with this certificate its working on the touchpad just fine.
it uses our exchange login info with a slightly off domain but even that has not thrown it.
The exact network configuration visible in the windows properties for the wireless link here is as follows:
Security: WPA2-Enterprise
Encryption: AES
Network Authentication: PEAP
Validate Server Certificate
Secured Password (EAP-MSCHAPv2) (Automatically use windows login/pass/domain)
Fast Reconnect
I haven't had luck with anything so far.
Is anyone willing to make a patch to fix the MSCHAPv2 problems? I'm willing to donate to your cause if I can my TouchPad to connect to my school's wireless, as it's essentially useless right now.
The network here uses WPA-Enterprise (not WPA2), and PEAP with password authentication only (no cert needed - as far as I'm aware it doesn't issue one to the phone).
I managed to get the TP to say "no network with that name and security method" found when I had the protocol set to IEEE801X, it doesn't do it when I set it to WPA-EAP though.
Essentially, using (what I believe to be) the exact same settings that work with my SGS2, doesn't work with the TouchPad.
It looks like at best the enterprise stuff is kinda half baked. If you need a certificate, webos is capable of *using* one, but not generating it. If its non certificate based, it seems to just fail out entirely.
Have you guys who are having the failures had luck with other devices like laptops etc? if so, what are the settings used to establish that successful connection? It seems like the touchpads are *capable* of mantaining peap/mschapv2 connections, as that is the setup my office uses, but for some reason without the certificate requirement it just is glitching out and won't establish the connection in the first place
eltee said:
It looks like at best the enterprise stuff is kinda half baked. If you need a certificate, webos is capable of *using* one, but not generating it. If its non certificate based, it seems to just fail out entirely.
Have you guys who are having the failures had luck with other devices like laptops etc? if so, what are the settings used to establish that successful connection? It seems like the touchpads are *capable* of mantaining peap/mschapv2 connections, as that is the setup my office uses, but for some reason without the certificate requirement it just is glitching out and won't establish the connection in the first place
Click to expand...
Click to collapse
My Windows7 laptop and my WP7 Samsung Focus both securely connect to the network fine. My TouchPad is the first device I've ever heard of having issues connecting.
Hell, my roommate even has his PS3 and XBOX connected.
Thanks OP! Method works on Swansea University Eduroam.
bump now that we have a 3.03/04 update
anyone know if it worked?
Installed the WiFi Certificate but still no luck.
Any other workarounds out there?
Just updated (manually) to the leaked 3.0.3 version and it's resolved the Enterprise Wifi connection issue.
Confirmed, my WiFi works. Enterprise mschapv2 PEAP without certificate. 3.0.3. Now I can leave my laptop at home and use splashtop if I need anything.. *rock on*
I can also confirm that the certificate issue has been solved in 3.03, but now I can't set a proxy, has anyone been able to?
PEAP/MSCHAPv2 fixed with "official" 3.04 OTA too
PEAP/MSCHAPv2 authentication has stayed fixed with the official 3.04 OTA update.
I've just checked that I can connect to an eduroam connection configured this way at a UK university, which the TouchPad couldn't do before.
professordes said:
PEAP/MSCHAPv2 authentication has stayed fixed with the official 3.04 OTA update.
I've just checked that I can connect to an eduroam connection configured this way at a UK university, which the TouchPad couldn't do before.
Click to expand...
Click to collapse
awesome news, I will be testing mine out today when I get to school.
update: I was able to connect at my school, but I had to uncheck the cert box to get it to work.
Yup, i removed my custom certificate on 3.04 and re-joined the access point. It had some new options about authentication built in and sure enough just worked, no issues.
Looks like the little crazy work-around won't be needed anymore
Hello Dear,s
How can i mack vpn automatic connection way in android cell phone?
best regards!
Well, this question can be related into two different ways. Either you are looking for some sort of application that when you starts your android phone vpn automatically gets connected, or something other than this. I think you should elaborate it a bit further. What i know about it is that if you want to avoid putting password every time you wants to connect to vpn then you can simply use some password application manager which ease down your effort for doing the same. Further, i have heard that Hidemyass is going to launch such service which automatically connects user with android version. So i will recommend you to contact them. They will surely help you in this matter.
Not sure if anyone else has run into this but here goes....
My work has an Exchange 2013 server and I activate my phone using ActiveSync on it. As you may know you can assign device policies in Exchange to require a password (or not) among a few other things. I have admin access to the exchange server and long ago had set my policy to not require a password. I still used one but in order to use certain things like Smart Lock the password requirement had to be disabled on the Exchange side. This all worked fine up until Android 6.0. Now no matter what the policy is my phone always requires me to have a PIN and disables Smart Lock. I'm guessing this may require an update on Microsoft's end? Anyone else experience this?
Hi,
Can someone help me with this problem.
Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.
WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.
Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?
PURPOSE OF DOMAIN FIELD WHEN CONNECTING TO WIFI 802.1X (PEAP) ANDROID 11 PIXEL - Google Pixel Community
Does this help? I just googled abit so Im not too sure about your issue. You can also show this to ur IT admin maybe he will understand it better.
hotcakes_shinku said:
PURPOSE OF DOMAIN FIELD WHEN CONNECTING TO WIFI 802.1X (PEAP) ANDROID 11 PIXEL - Google Pixel Community
Does this help? I just googled abit so Im not too sure about your issue. You can also show this to ur IT admin maybe he will understand it better.
Click to expand...
Click to collapse
Thank you for your answer.
Unfortunately this can't help me, because my company isn't using "freeradius".
I spent whole day on Google trying to find fix or temporary solution.
almirsahbaz said:
Thank you for your answer.
Unfortunately this can't help me, because my company isn't using "freeradius".
I spent whole day on Google trying to find fix or temporary solution.
Click to expand...
Click to collapse
Domain issue: the domain is the url name of the SSL Certificate.
Click to expand...
Click to collapse
The "freeradius" here is just an example. You need the url name of the SSL certificate that your company uses. It doesn't need to be freeradius
hotcakes_shinku said:
The "freeradius" here is just an example. You need the url name of the SSL certificate that your company uses. It doesn't need to be freeradius
Click to expand...
Click to collapse
Thank you for answering.
I know that, but my company doesn't know what their domain server is.
almirsahbaz said:
Hi,
Can someone help me with this problem.
Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.
WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.
Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?
Click to expand...
Click to collapse
I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.
Hudrator said:
I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.
Click to expand...
Click to collapse
My Enterprise WiFi network requires PEAP method.
I tried with PWD value, but it won't work.
If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.
When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...
Hudrator said:
If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.
When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...
Click to expand...
Click to collapse
This is what I needed:
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
CA Certificate - Do not validate (this option is now removed, and now asks for domain, which needs to be put in)
Identity: My e-mail address
Anonymous identity: Blank
Password: My password
And that was it, I was successfully connecting to this network for a years.
Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...
Hudrator said:
Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...
Click to expand...
Click to collapse
I'm using public hotspots from my internet provider, so I can't do that, because I'm using my @hotmail.com e-mail to access this network.
I contacted them, but they don't know how to set up a domain.
Okay... now i am a bit stunned.
You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.
Hudrator said:
Okay... now i am a bit stunned.
You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.
Click to expand...
Click to collapse
The thing is, I'm working for that ISP provider, so I asked their IT Admin, but I'm also their user and I'm using my private ISP account to access these hotspot locations
@almirsahbaz
Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:
It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).
So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).
The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.
What you can do is to inform the admins on the changes that google made starting at Android 11
PSA: Android 11 will no longer let you insecurely connect to enterprise WiFi networks
The Android 11 update will break connecting to certain enterprise WiFi networks. Here's why and what you can do to fix it.
www.xda-developers.com
If they want to use PEAP further on with devices running Android 12, they will have to change something!
Hudrator said:
@almirsahbaz
Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:
It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).
So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).
The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.
What you can do is to inform the admins on the changes that google made starting at Android 11
PSA: Android 11 will no longer let you insecurely connect to enterprise WiFi networks
The Android 11 update will break connecting to certain enterprise WiFi networks. Here's why and what you can do to fix it.
www.xda-developers.com
If they want to use PEAP further on with devices running Android 12, they will have to change something!
Click to expand...
Click to collapse
Thank you for your detailed answer.
I found possible solution for them online, and I sent that to them.
I guess this is what they need to do: "Radius server's certificate needs to contain a fully-qualified domain name (FQDN) in the Common Name field."
Basically they will need to implement PEAP as it was intended, yes
Hudrator said:
Basically they will need to implement PEAP as it was intended, yes
Click to expand...
Click to collapse
Thank you once again for all support that you have provided
Hi,
It's me again, I'm still wondering about this issue.
I found online that Android 13 implemented option "Trust on first use" for Enterprise WiFi network, which is available in drop-down menu for CA Certificate, but that feature is completely missing from my Xperia 1 III phone.
Is there some kind of trick to enable this option without rooting my phone?
almirsahbaz said:
Hi,
It's me again, I'm still wondering about this issue.
I found online that Android 13 implemented option "Trust on first use" for Enterprise WiFi network, which is available in drop-down menu for CA Certificate, but that feature is completely missing from my Xperia 1 III phone.
Is there some kind of trick to enable this option without rooting my phone?
Click to expand...
Click to collapse
Hi there,
this works on custom roms (im using alpha droid, its very nice i highly recommend)
Just today was the first time i was able to connect to server wifi but it meant using a custom rom which i am completely happy with. Good luck