I have the following problem:
I have an SGS2 with the latest ICS release (rooted). I work with two companies supporting sync with the exchange server (2010) on a smartphone.
I can set up both exchange servers at the same time. The first day the both work, but on the second day one of the two (so far always the same) start giving me connection errors, and will no longer sync emails.
I am almost sure that the problem is that for security reasons, both want to have their security policy (admin privileges etc) enforced over my phone, and when they re-check daily they find that the policy is not as they want it.
Can anyone suggest a way to overcome this?
Thanks,
Geza
It could possibly be the Certificate of said company that's configured incorrectly.
Speak to the IT department to check this for you.
I've set the client to accept all certificates, furthermore it works on day 1, stops working on day 2.
Would the certificate problem still be a viable explanation?
Related
Hey Everyone -
I hate the sprint stock ROM but it is the only one that will work with Exchange 2007.
Is there any cool cooked ROM/Build that works with Exchange 2007?
Thank you
DCD 3.2.6 syncs with my exchange 2007
All of DCD's
I have used all of DCD's roms and Scott Rosler Reloaded roms with exchange 07 no issues with any of them...
owa works fine for me
I am an Exchange Administrator and I have never had a problem with new WinMo builds syncing with my Exchange 2k7 clusters. Going forward, I anticipate WinMo to drop support for Exchange 2k3 syncing. It's just not as neat, tidy, secure, fast, etc as Exchange 2k7. But that thought is very far fetched, just my thoughts.
Anyway, I have run every Titan ROM put out through XDA and never had an issue with Exchange 2k7. Of course, I use nothing by secure activesync and have full "Autodiscovery" setup with the proper exchange certificates on all the domains, matching the domain names properly, etc. So that could be part of everyone's issue with with Autodiscovery not working or the certificates not matching the domains they were issued for, etc.
djbeames said:
I am an Exchange Administrator and I have never had a problem with new WinMo builds syncing with my Exchange 2k7 clusters. Going forward, I anticipate WinMo to drop support for Exchange 2k3 syncing. It's just not as neat, tidy, secure, fast, etc as Exchange 2k7. But that thought is very far fetched, just my thoughts.
Anyway, I have run every Titan ROM put out through XDA and never had an issue with Exchange 2k7. Of course, I use nothing by secure activesync and have full "Autodiscovery" setup with the proper exchange certificates on all the domains, matching the domain names properly, etc. So that could be part of everyone's issue with with Autodiscovery not working or the certificates not matching the domains they were issued for, etc.
Click to expand...
Click to collapse
I can second everything djbeames said.
Precisely accurate. I too administer 2k7, and agree that the autodiscovery component is key.
djbeames said:
I am an Exchange Administrator and I have never had a problem with new WinMo builds syncing with my Exchange 2k7 clusters. Going forward, I anticipate WinMo to drop support for Exchange 2k3 syncing. It's just not as neat, tidy, secure, fast, etc as Exchange 2k7. But that thought is very far fetched, just my thoughts.
Anyway, I have run every Titan ROM put out through XDA and never had an issue with Exchange 2k7. Of course, I use nothing by secure activesync and have full "Autodiscovery" setup with the proper exchange certificates on all the domains, matching the domain names properly, etc. So that could be part of everyone's issue with with Autodiscovery not working or the certificates not matching the domains they were issued for, etc.
Click to expand...
Click to collapse
Two questions:
1. Do you have the setting "Allow Non-provisionable" devices checked?
2. Do you have the "remote wipe" capability enabled?
It works when they allow non-provisionable devices. Our Exchange admin tested it with me. But when he unchecks then it stops working.
Something to do with the newer ROMs not setup to allow provisioning.
And I have tried full automatic, manual and any other way you think of to test.
Thanks guys!
arifiano said:
Two questions:
1. Do you have the setting "Allow Non-provisionable" devices checked?
2. Do you have the "remote wipe" capability enabled?
It works when they allow non-provisionable devices. Our Exchange admin tested it with me. But when he unchecks then it stops working.
Something to do with the newer ROMs not setup to allow provisioning.
And I have tried full automatic, manual and any other way you think of to test.
Thanks guys!
Click to expand...
Click to collapse
I don't think it has anything to do with that. What "non-provisionable devices" refers to is: A device is considered "non-provisionable" if it cannot apply ALL security policies set by Exchange 2k7. In Exchange 2k7 SP1 Enterprise, there are a TON of settings that are NOT supported by WM 6.1, or even 6.5 (at this time). So if you are wanting to use Exchange 2k7 with ANY device at this time and provision over half the settings, you will HAVE to enable non-provisionable devices.
Here is a link to a matrix of what versions of WM support what:
http://blogs.msdn.com/jasonlan/archive/2007/12/04/exchange-activesync-policies-summary.aspx
And a technet article directly referring to what "is compatible" and what "isn't":
http://technet.microsoft.com/en-us/library/bb232162.aspx
Now. To answer your questions:
1) Yes, I have non-provisionable enabled. You have to.
2) Remote wipe is enabled on all devices. It's an integral part of Exchange 2007. I, on my personal OWN activesync profile, do not require a password. This makes it much easier for me to unlock my phone.. however, I can still do a Remote Wipe. Everyone can.
So to sum it up, you, or your exchange admin (I forgot who you said it was), have created an ActiveSync Profile with some of the settings enabled that current windows mobile (including latest 6.5 builds) do not support yet. You will have to uncheck those options, OR, simply allow non-provisionable devices. ActiveSync will still apply the policies it can, but will just skip the ones it can't apply.
Understand?
djbeames said:
I don't think it has anything to do with that. What "non-provisionable devices" refers to is: A device is considered "non-provisionable" if it cannot apply ALL security policies set by Exchange 2k7. In Exchange 2k7 SP1 Enterprise, there are a TON of settings that are NOT supported by WM 6.1, or even 6.5 (at this time). So if you are wanting to use Exchange 2k7 with ANY device at this time and provision over half the settings, you will HAVE to enable non-provisionable devices.
Here is a link to a matrix of what versions of WM support what:
http://blogs.msdn.com/jasonlan/archive/2007/12/04/exchange-activesync-policies-summary.aspx
And a technet article directly referring to what "is compatible" and what "isn't":
http://technet.microsoft.com/en-us/library/bb232162.aspx
Now. To answer your questions:
1) Yes, I have non-provisionable enabled. You have to.
2) Remote wipe is enabled on all devices. It's an integral part of Exchange 2007. I, on my personal OWN activesync profile, do not require a password. This makes it much easier for me to unlock my phone.. however, I can still do a Remote Wipe. Everyone can.
So to sum it up, you, or your exchange admin (I forgot who you said it was), have created an ActiveSync Profile with some of the settings enabled that current windows mobile (including latest 6.5 builds) do not support yet. You will have to uncheck those options, OR, simply allow non-provisionable devices. ActiveSync will still apply the policies it can, but will just skip the ones it can't apply.
Understand?
Click to expand...
Click to collapse
Yes I completely understand now. It makes complete sense. I talked to our Exchange Admin via email and he said it was corporate policy to not allow non-provisionable devices. We are a 80,000 employee company and according to him, I was the only one having the problem. So they wont change the policy just for me.
But it still makes no sense as to why my stock Sprint ROM works fine with exchange 2007. And the cooked ROMs dont. I think it has to be some sort of a registry fix on the Windows Mobile side that allows it to become provisionable. So even though Exchange 2007 has tighter security settings, it does work fine with the sprint stock WIM 6.1 ROM.
So ive tried a bunch of different email clients and they all experience the same issue when connecting to a corporate exchange server. About once a day, at random times, they will crash and i have to force stop them and reopen the app to get it to receive exchange push email updates.
Clients I have tried are: Improved Email, Enhanced Email, K-9 and the Moxie trial. I cant find any common link as to why they all end up non-responsive. At first i thought it happened when i lose signal (such as when im in the subway) but I havent taken the subway the past few days and it still happens.
Is there something included with the atrix that kills these processes after a certain amount of time?
I manage our corporate exchange servers (2003 and 2010) and have had really good success with the built in Corporate Sync app for the atrix.
Is there something you are syncing that it can't hanfle? The calendar and contacts work great. I haven't tried tasks as I don't use them.
Aside from that, make sure on task manager that the mail clients aren't set to auto kill.
Sent from my MB860 using XDA Premium App
I wish I could get email from our exchange server, but unfortunately my company isn't going to allow that until Android becomes more secure.
beatphreek said:
I manage our corporate exchange servers (2003 and 2010) and have had really good success with the built in Corporate Sync app for the atrix.
Is there something you are syncing that it can't hanfle? The calendar and contacts work great. I haven't tried tasks as I don't use them.
Aside from that, make sure on task manager that the mail clients aren't set to auto kill.
Sent from my MB860 using XDA Premium App
Click to expand...
Click to collapse
I didnt think i had corporate sync, but i just took a look now and it seems like I do. I didnt think about trying to set it up as a new "account" in the phone.
On the bright side, enhanced email hasnt crashed in a while. I think one of the other email apps processes was killing it. I have uninstalled them all. If it crashes again, I will try the built in Corporate Sync.
Caelan, what doesnt your company like about android? All the exchange clients ive tried allow remote management which i know was a sticking point for a lot of companies when android was newer. Though I'll admit im not really up on the security issues of android... Im kind of lucky because my company lets us bring any device onto the network, and we get to admin our own computers. The benefits of working at a tech company staffed completely with geeks
albinojoe said:
Caelan, what doesnt your company like about android? All the exchange clients ive tried allow remote management which i know was a sticking point for a lot of companies when android was newer. Though I'll admit im not really up on the security issues of android... Im kind of lucky because my company lets us bring any device onto the network, and we get to admin our own computers. The benefits of working at a tech company staffed completely with geeks
Click to expand...
Click to collapse
I am not sure exactly what it is that is a security problem, but I work for a big R&D company. All our laptops, thumb drives, etc. are encrypted, and we use RSA secure tokens to connect to our network externally when OOO. As an example, if you want email access on your iPhone, the company installs security software requiring a lengthy password to even get past the lock screen, and also remote wipe ability so they can wipe your iPhone if you lose it. We have a lot of proprietary R&D documentation which they do not want to lose.
Apparently there are some security holes which should be fixed with 2.3.4, and they may already be testing this at corporate IT.
We also have full admin rights to our laptops, but they are also very secure with full HDD encryption.
Android does meet all the security requirements that Microsoft has in place for Activesync licensing, it forces a passcode to unlock, it encrypts the exchange data, and it does remote wipe.
The only thing I can think would be that due to the ability to easily root the device there are programs that get around the lock screen requirements. They may have other reasons though.
SGH-i777 running CM 7.1.0 on Android 2.3.7. Carrier is obviously AT&T.
I can't for the life of me figure out how to add my Exchange account to the stock e-mail program. I've tried:
* Countless variations of server, domain, and username settings. I've followed this guide **can't post link** and several other guides. I do have access to my company's server information, and while I'm not sure which server is actually being used, I've tried them *all*, several times, and gotten nowhere. With a WiFI connection (no firewall) and just 3G data, signed in or signed out of Outlook Anywhere. No luck, just "Unable to open connection to server".
* K-9 connected to my account, but I was unable to see any e-mails - none would load, even when I had it force check. So I uninstalled it (would rather use the stock app anyway).
Is this a problem with my signal? I read that someone got help from their carrier - they made a custom APN, but that was in another country so I'm a bit skeptical. Can't call Samsung (it's Sunday) and their website offers no help. It's possible my IT doesn't allow phones to read mail, but that's highly unlikely - we've got lots of employees in the field, so this seems like common sense.
I did a lot of digging and this might be an old issue, but it gets pretty technical and I'm obviously a n00b.
What am I missing here???? PLEASE fill me in - I've put hours into this!!
It's quite possible that your IT group who manages your Exchange environment isn't allowing non-approved devices to connect. Typically these are security-certificate based and/or mandatory VPN requirements. I would suggest asking your Exchange administrator in your IT department about this policy.
Under Domain/username, did you try putting the "\" in front of your username? To configure mine I did this and had to use the host name as the Exchange server. Some things to try anyway if you haven't already.
Also ran into issues setting up under a public wifi at work, had to use the ATT network to make it connect for some reason.
I have my work exchange account set up.
Are you making sure to connect to the external exchange server (sometimes different from internal)?
Have you asked your administrator for exchange login details (my IT dept sent out a company-wide email once with those details)?
You might have to type the server name in manually if it doesn't auto-detect (the case with my work email).
Now, my work isn't as strict, but as the previous poster said; you're exchange server might not allow unauthorized devices to connect. In which case you'll have to contact your IT dept.
They may have simply blocked all android devices (until recently didn't support hardware encryption, and spoofed exchange permissions). If that's true, educate them.
The server name may be a link rather than a server name. Ours is mibile.XXXXX.com for example.
probably related to your company's settings. I run my own exchange server and got it sync'd fine with the current cyanogen nightly
I had problems with the stock email and our ms exchange server. I could set it up, but after a while it stopped syncing and I could never really get it back to work. I switched to Touchdown, and after a little trial and error with setup, it's working fine for me. There is a trial version for 30 days or so that you could give a shot. Happy to give you some pointers.
AtlanM87 said:
I had problems with the stock email and our ms exchange server. I could set it up, but after a while it stopped syncing and I could never really get it back to work. I switched to Touchdown, and after a little trial and error with setup, it's working fine for me. There is a trial version for 30 days or so that you could give a shot. Happy to give you some pointers.
Click to expand...
Click to collapse
+1 for touchdown. I've been using it for about a year. It's far superior to any exchange solution the Google offers. I only wish it would populate Google calendar as it does the Google contacts. The UI is getting dated as well. I wish they would come out with a cosmetic update or theme capability.
Sent from my SGH-I777 using xda premium
My company recently updated their exchange server and when I attempt to add the account my phone tells me that some security settings will be changed to be in alignment with the exchange server policy. I'd rather not do that because I don't want my company administering the phone I bought myself.
My question is if any of the alternative Exchange applications (for example, Touchdown) would allow me to add the account without enforcing that device policy. My thought is that the application could implement it's own security (like a PIN, which is part of what is required for me to add this account) without affecting the rest of the device.
Sorry if this is the wrong place but I wasn't sure where else to post it.
Hi all,
I'm trying to figure out if it is possible to get around the new security requirements by our company regarding smartphone usage.
Previously, if we wanted to use exchange on our devices, I had three possibilities:
1. Add the exchange account to the default email client, accept all the security setting being pushed with the device administrator functionality
2. Add the exchange account to the default email client, and get around the security using Xposed
3. Add the exchange account to the Nine, and let it handle the security setting.
On my Nex5 however the second option vanished with Android 5. So I was using Nine for a while now without any problems.
Now the company is making new security requirements.
The problem is that they want us to install this app from vodafone:
https://play.google.com/store/apps/details?id=com.mobileiron.vodafone.MIClient
to handle all device security settings and device registration.
I don't mind having a device administrator managed by the company on the phone, I do however dislike using a PIN to unlock my device.
Anyone having any experience getting around this?