I have at home 8Mb ADSL with static IP (x5), firewall and exchange 2003 sp2 server. I've had this running now for 4 years + and its worked brilliantly. I use OWA (via SSL) I host my own DNS and to cut a long story short, it all works.
Finally last week I got my hands (via ebay) on an M3100. I had it unlocked (as I'm with T-mobile with the WnW package for £7.50) and it has worked fine since on the t-mobile network.
3G/GPRS/MMS all is working fine without issue.
Now, bearing in mind I used to own a T-mobile MDA Compact, I had activesync running on it, syncing with my server activesync (EAS) via SSL using a self-signed cert from my local CA authority on another of my servers. As you can imagine, I was longing to try DirectPush but lacked the WM5 with MSFP device I needed.
So, I got my M3100 and unlocked it. I then installed the latest HTC Tytn Rom (22.214.171.124) and again, all is well and has been since it was installed.
Unfortunately due to "restrictions" in the rom/wm5, self-signed certs that aren't 'trusted' were causing my activesync to fail. I spent a lot of time on Microsoft Knowledge base, google and groups trying to find out why it wasnt possible and if it could be fixed. The old solution on WM2003 devices was to use the DisableCertChk tool which lo and behold now does not work with WM5.
Ok, I'm dragging here, I did some more research and ended up buying a trusted cert from GoDaddy.com for $19.99 on my credit card (TurboSSL) for a single domain name. Fine for my needs of activesync and OWA/OMA. The root CA for this is www.valicert.com and this is already trusted on the device.
Once I got my cert, updated my IIS on my Exchange server with the new certificate and installed it on my device, activesync magically started working.... using a manual sync. Excellent I thought, step 1 complete. Activesync (via SSL - Port 443) works with my new certificate.
Ok, onto DirectPush.
I enabled mobile services in ESM (Exchange System Manager) and the direct push via Http(s) option. I even configured a password enforcement policy. I also made sure up-to date notifications was enabled on my 'user' in active directory. So far so good.
A couple of activesyncs later and my phone had acknowledged the password enforcement policy (excellent) and forced me to set a password to my phone and the timeout on locking the device was set to what I set in Exchange System Manager (ESM).
However, and you can prob see where this is going... DirectPush just seems to not work. I'm currently typing this to you on my laptop at work with my phone in front of me on the activesync screen with a valid 3G connection. I sent an email to my exchange server account from my work email and I checked via OWA that it has been received (though I havent 'read' it yet).
... that was 20 minutes ago.
DirectPush is definitely enabled in CommManager, and activesync is set (for peak and off peak) to "As items arrive"...
..please remember, forcing a manual sync works every time.
Now.. onto some more techie stuff.
This article: http://support.micro...om/?kbid=905013 explains about increasing the timeout on the SSL port on your firewall which I have checked.
I have also tried the registry keys its listed on my exchange server (and restarted the IIS admin service each time), but again, Direct push just seems to be a no go.
This article: http://msexchangetea.../03/424028.aspx explains the technical side of DirectPush and the only funny part I can find is that I dont have this in my event log on my exchange server this:
Event Source: Server ActiveSync
Event Category: None
Event ID: 3025
Time: 12:44:19 PM
IP-based AUTD has been initialized.
...I'm pointing my finger towards this, but I cant think why its not 'initializing' or at least logging that in my eventlog. I've increased diagnostic logging in my Exchange environment on the activesync parts but its still not logged. Right now, all I can think of doing is re-applying SP2.
Can anyone confirm they receive this 'informational' notification in the Application log on their exchange server? (normally as the server boots up...)
So... I'm just wondering what others had done, if anything, to get there direct push to work using their own exchange servers. I appreciate that people with hosted exchange accounts can't comment on the exchange server configuration they use.
Anyway, thats about it.. it boils down to directpush not working, but the phone receiving the password enforcements from my Exchange server.
Thankyou for reading, and if anyone has any thoughts or comments on the above, they are greatly appreciated.