Exhange Server 2003 Synchronisation

[Guest gtwibell]

I'm wondering if anyone's managed to get an XDA Exec (or equivalent) to sync with Exchange 2003 yet? I've tried USB, WiFi and GPRS all to no avail. Can't get OWA to work either. I suspect a root certificate problem and - as someone hereabouts has already observed - it's not possible to place a root cert in the Universal's store.

I recall eventually getting an MPX200 (Smartphone O/S) to sync fine after making some changes to the server and using an MS program called 'nocert' or similar to remove the certificate requirement from the phone. But I guess it's early days yet for the Universal and WM5 and no such fixes exist. There doesn't seem to be a TechNet newsgroup for WM5 yet either.

I've got SP2 for Exchange which includes enhancements to work with WM5 but am reluctant to deploy it on a production server unless I can be confident it'll fix the problem. Don't suppose it will make any difference until the same enhancements appear for mobile devices anyway.....

GeoffT.

[Guest dazza12]

I believe there is a way to set the server to sync 'in the clear'. I don't have the exact details, but I had to do this to my server running SBS 2003 - even though it's a WM2003SE device it should work fine for WM5 as it's a server setting. As far as I can remember, I didn't have to change any settings on the phone - it was listed as an alternative for those who didn't have access to their server. I recall finding a lot of useful information regarding this on Experts Exchange.

I did find an informative website that gave plenty of details on sync problems, I think this may have been msexchange.org, or similar. Normally there's an error code - doing a search on the exact error code may yield similar sites.

Have you tried creating a dummy certificate on the server? If I remember correctly as soon as you set up a succesful partnership, it copies this certificate across to the device, this is why you can't import them manually.

I don't yet have my Universal, but I'll be in the same boat as you so it'll be interesting to note your findings.

[Guest gtwibell]

Many thanks for your comments.

I'm reluctant to mess too much with the server since I have an Outlook remote user who connects with RCP over HTTP and this requires SSL to work at all.

The problems are not consistent. If I connect with Explorer on the Universal to the normal (what MS calls 'rich Web experience') address at https://xxx.xxx.xxx.xxx/exchange/ I get a full rendering of Web Outlook, albeit unusable as it doesn't fit on the small(er) screen. No error messages.

If I try to use https://xxx.xxx.xxx.xxx/OMA/ (pukka mobile Web access) I get 'A system error has occurred while processing your request. Please try again.....'

Using https://xxx.xxx.xxx.xxx/OWA/ gets an HTTP 404 error.

Running Activesync (set to sync with the server) gets an error code 0x80072F17 with the text 'synchronisation could not be completed'.

I'll do as you suggest and try a search on msexchange.org (and maybe slipstick.com too) and see where that gets me.

GeoffT.

[Guest Will]

check permissions in IIS,

If you have any issues Server Activesync'ing after the update, check integrated auth is enabled on your IIS directory used for SA... the update seems to change that setting

These seem to get reset in some instances when the sp2 is applied.. doing 2 test installs tonight, will report back!

Will

[Guest lrowland]

Hi,

Don't know if you've fixed your problem, but the main problems I've seen with oma errors normally have something to do with you not having your SSL certificate matching the name of your frontend server exactly.

ie. Your frontend servers internal host name is exch-fe

your frontend servers external DNS name AND SSL certificate must be

'exch-fe.company.com'

I know that it would still work for OWA if your external DNS name was mail.company.com and you had an SSL with that too, but ActiveSync will only work if that ment you INTERNAL host name was 'mail'.

You can get a valid SSL certificate cheaply from 'www.instantssl.co.uk' (they also do free 30day test ones) which works with ActiveSync no problem 2years £66.

I hope this helps,

Lee

xda exec / m500 / c500

[Guest gtwibell]

Hi Lee and thanks for the suggestions.

There's a number of problems happening here I think:

1) Can't install the certificate into the root store on the Exec.

2) Can't disable certificate checking on the Exec as I did previously with my MPX200 Smartphone.

3) The certificate naming does match the server (it's a single Exch2003 server so acts as a front end too) but the server's IP address is not published. We get round this by having the server's public IP address and FQDN in the clients' hosts files. There is no hosts file (that I know of) on the Exec so it has to be pointed direct to the IP address without using the FQDN. The server FQDN is servername.companyname.com

Strangely full blown OWA does work on the Exec after asking for approval of the certificate, but WM5's version of IE simply cannot render the 'rich experience' UI properly, making it unusable. Opera would probably make a better fist of it (as it doesn't use the 'rich' experience, but a cut down version) but it's not yet here for WM5.

I have now at least got OMA to work so I can get mail remotely after a fashion. But it comes in small chunks with multiple prompts for 'more', and appears in a very large font on screen making for a less than perfect user experience.

Maybe there's a way (on the server presumably) that I can hack OMA to deliver whole messages and in a smaller font.

Oh how I long for the simple two-way Activesync synchronisation I used to get with my old MPX200.......

Geoff.

[Guest Tauqeery]

Many thanks for your comments.

I'm reluctant to mess too much with the server since I have an Outlook remote user who connects with RCP over HTTP and this requires SSL to work at all.

The problems are not consistent. If I connect with Explorer on the Universal to the normal (what MS calls 'rich Web experience') address at https://xxx.xxx.xxx.xxx/exchange/ I get a full rendering of Web Outlook, albeit unusable as it doesn't fit on the small(er) screen. No error messages.

If I try to use https://xxx.xxx.xxx.xxx/OMA/ (pukka mobile Web access) I get 'A system error has occurred while processing your request. Please try again.....'

Using https://xxx.xxx.xxx.xxx/OWA/ gets an HTTP 404 error.

Running Activesync (set to sync with the server) gets an error code 0x80072F17 with the text 'synchronisation could not be completed'.

I'll do as you suggest and try a search on msexchange.org (and maybe slipstick.com too) and see where that gets me.

GeoffT.

<{POST_SNAPBACK}>

[Guest Tauqeery]

Hi Folks

Did you find how to disable the certificate on XDA Exec? Please let me know as I am stuck to disable the certificate.

Urgent help will be appriciated.

regards

Tauqeer

[Guest dazza12]

I was getting the same problem as you after getting my M5000 last week.

I managed to get this to work by exporting the certificate from the server, copying the certificate file using Explorer in Activesync to the Storage card, and clicking on the certificate file using File Explorer. It then installs the certificate on the Exec.

After doing this and performing a soft reset, I can now sync everything.

[Guest forss]

I was getting the same problem as you after getting my M5000 last week.

I managed to get this to work by exporting the certificate from the server, copying the certificate file using Explorer in Activesync to the Storage card, and clicking on the certificate file using File Explorer. It then installs the certificate on the Exec.

After doing this and performing a soft reset, I can now sync everything.

<{POST_SNAPBACK}>

I have no problems using activesync over GPRS/3G to my MS Exchange 2003 (SP2) server. The first thing to do is download and install the certificate. I do this from my exchange server using "http://xxx.xxx.com/certsrv/", but that is because my exchange server is also my certificate server.

Being able to sync tasks is great. Can't wait to be able to setup proper push email when the new messaging pack is launched. It seems O2 does not support AUTD.

Hope this helps. But basically you need to install the certificate first.

[Guest airborne]

I have no problems using activesync over GPRS/3G to my MS Exchange 2003 (SP2) server. The first thing to do is download and install the certificate. I do this from my exchange server using "http://xxx.xxx.com/certsrv/", but that is because my exchange server is also my certificate server.

Being able to sync tasks is great. Can't wait to be able to setup proper push email when the new messaging pack is launched. It seems O2 does not support AUTD.

Hope this helps. But basically you need to install the certificate first.

<{POST_SNAPBACK}>

Have to confess I'm a bit puzzled why there is such a problem, maybe it's just down to the configuration of the server. I have my mail account on FastHosts hosted Exchange server and have had no problems connecting with my old C500 or my M5000.

I haven't had to muck around with certificates or anything like that - maybe FastHosts have done something to avoid this.

All I did was setup the account in Outlook 2003, then created the account in the Options section of ActiveSync and it did all the rest for me on the phone. I now have Emails, Contacts, Calendar syncing remotely over 3G or Wifi if available, and then Notes and Tasks syncing when connected directly to my PC.

The only problem I did have was seemingly a common one and that was an error saying it couldn't get an object - which turned out to be the Offline Address Book which I don't use anyway. I set that not to be synced and the error went away.

Hope you guys get it sorted out, 'cos it's a fabulous system when it works! 8)

[Guest Wizard]

I've little understanding of how certificates work, but is it possible that your email hoster is using a certificate from an issuing authority for which the phone already has a matching root certificate?

Wizard

[Guest airborne]

I've little understanding of how certificates work, but is it possible that your email hoster is using a certificate from an issuing authority for which the phone already has a matching root certificate?

Wizard

<{POST_SNAPBACK}>

If you're asking me, I have absolutely no idea!!

[Guest forss]

If you're asking me, I have absolutely no idea!!

<{POST_SNAPBACK}>

That is probably the case - Fasthosts have create a cert based on a widely available root certificate. The reason I have to install my own certificate is because I used my server to create it. In effect I am my own issuing authority and as such have to install the certificate into the device. I did this using the browser on my XDA Exec, the whole process is quite easy.

Its a shame Fasthosts have not upgraded to SP2 of Exchange. Then you could sync Tasks as well.

[Guest airborne]

That is probably the case - Fasthosts have create a cert based on a widely available root certificate. The reason I have to install my own certificate is because I used my server to create it. In effect I am my own issuing authority and as such have to install the certificate into the device. I did this using the browser on my XDA Exec, the whole process is quite easy.

Ah! Right, that explains it then!

Its a shame Fasthosts have not upgraded to SP2 of Exchange. Then you could sync Tasks as well.

<{POST_SNAPBACK}>

Apparently, they will be adding it soon, then we'll have the option of push email too!

[Guest Wizard]

Ah! Right, that explains it then!

Apparently, they will be adding it soon, then we'll have the option of push email too!

<{POST_SNAPBACK}>

It's good to hear that Exchange SP2 provides the ability to sync tasks over the air.

I now have my device syncing over the air with my provider's Exchange Server (www.lanlogic.net - great service, $10 a month with strong spam protection and great customer service). The fix was for them to email me the certificates (I don't know why there are two) and for me to install them into the handset. It took 2mins and was very easy.

All I want now is push email for that extra bit of usability ;) Talking of which here's a bit of info from a chap at Microsoft in his blog:

http://blogs.msdn.com/jasonlan/archive/200.../05/489475.aspx

Let's hope Orange pull their thumb out and release it fairly quickly. It seems like January though which is a shame.

Wizard

[Guest zarquon]

This may lead you up the garden path because as yet I have not got my grubby mitts on a M5000 (contract expires at end of month) but the following is how I got my M2000 to sync with Exchange 2003 with only about 5 hours to get it sorted (including charging) before going away for a few days.

Don’t tell Bill, but I didn’t use SSL. I decided that was one complication to many.

I connected the M2000 to my pc and synced via outlook at first. Having got that to work I added the same name that I access OWA from the internet (owa.domain.co.uk) to the DNS server on the Network Domain controller. I then changed the setting in Active-Sync to use the Exchange server using the same name that is in the DNS server for Mail, contacts and calendar. At this point it asked if I wanted to combine or overwrite the M2000, I choose overwrite.

I then tested it by disconnecting the M2000 from active-sync, deleted a few delivery receipts in my inbox and tried to sync over GPRS… it seamed to work and a couple of minutes later the read receipts disappeared from my inbox in Outlook.

When I get a M5000 I will probably sort SSL out as I have a couple of clients who are now getting interested in this and I had better do it properly for them to justify the exorbitant fees. ;)

[Guest gtwibell]

Just to close the loop on this one - I've finally got GPRS/3G syncing on the Exec. How I did it is testament to the value of message boards like this.

First off I did the place certificate in root store thing as suggested in one of the messages above (export from server, copy to storage card, select in file explorer). That then enabled Exchange 2003 server syncing over USB since the server's FQDN is translated to an IP address on my internal network.

But of course it didn't work for GPRS/3G because while the certificate bears the FQDN, the only way to find the server on the Internet is to use its full public IP address. If the cert. name and the adress used in Activesync don't tally, no connection is allowed.

You'll recall I get around this on XP clients by entering the server's FQDN and IP address into the hosts file on each machine. But there's no such thing as a hosts file in Windows Mobile 5.0. So I was bu**ered again.

Enter Pocket Hosts - an invaluable (and free) program from Marc Zimmermann at www.zimac.de. Although written for WM2002 it works like a trooper in WM5.0 too, and does the same job as the hosts file (telling TC/IP connections where to go if they cant find out from DNS). Result - instant server connection and syncing at 3G speeds.

Hope someone else can benefit from this. It's been a bit of a flog.

GeoffT.

[Guest funkynerd]

OK - I have after a fashion...

If you don't have a third party cert installed on your web (OWA server) then you need to export your own internally issued certificate to a *.cert file.

Put a copy of this file onto your device and then run it on your device.

This should (if I had a lawyer, he'd ensure I emphasise this) add your own cert server name to teh root store of your device. Viola - no more cert prompts.

Please let me know if this helps.

Regards and salutations,

FunkyNerd

I'm wondering if anyone's managed to get an XDA Exec (or equivalent) to sync with Exchange 2003 yet? I've tried USB, WiFi and GPRS all to no avail. Can't get OWA to work either. I suspect a root certificate problem and - as someone hereabouts has already observed - it's not possible to place a root cert in the Universal's store.

I recall eventually getting an MPX200 (Smartphone O/S) to sync fine after making some changes to the server and using an MS program called 'nocert' or similar to remove the certificate requirement from the phone. But I guess it's early days yet for the Universal and WM5 and no such fixes exist. There doesn't seem to be a TechNet newsgroup for WM5 yet either.

I've got SP2 for Exchange which includes enhancements to work with WM5 but am reluctant to deploy it on a production server unless I can be confident it'll fix the problem. Don't suppose it will make any difference until the same enhancements appear for mobile devices anyway.....

GeoffT.

<{POST_SNAPBACK}>

[Guest Confucious]

I have just got SBS 2003 and don't really know what I'm doing but have got it working and am getting my ms changed to point to it but I have created a cert with the wrong name and I have no idea how I did it!

Can I create a new one with the correct name? If so can you talk me through how to do it? And how do I export it to a .cert file I managed to export mine to a .pfx but can't install it on my Universal.

Any help would be greatly appreciated.