Results 1 to 15 of 15
  1.    #1  
    I have been trying to connect with my works Exchange 2003 server since I got my Pre in June. I still get an error that I have a bad login/password when I know they are right. The Palm level 3 tech said the problem is with our server configuration. My IT guy has done everything they suggested except turn off forms based authentication. Any ideas?
  2. 808rides's Avatar
    Posts
    22 Posts
    Global Posts
    38 Global Posts
    #2  
    Your IT guymight have to jump through a few hoops to get it working. But before you have him try everything make sure you have the following done:

    copied and installed the correct root certificates to your pre
    (when you login to your Outlook Webaccess Email - click on the certificate and also any root certificates above it. Usually you only need the root, but I've seen some strange issues where you need both, transfer them both to your pc in .cer format and then to your pre)

    setup your email on your pre correctly
    1. check the domain, it's not necessarily the @yourcompany.com - its the internal domain you have when you login to you computer at work, ie. the field at the bottom under your password

    2. of course check your email address, username, password and make sure the webaddress is correct - also check to see if when you login to your webmail, if it's https or just http (no s) - your pre assumes its https

    If all that checks out, time to work on the exchange server.
    1. Get a cert - self signed or bought - dont matter
    2. Enable SSL
    3. Turn of FBA - forms based authentication
    3. Make sure he has EAS on and unsupported devices enabled!
    4. If that fails - re-install service pack 2, it's quick and painless and can really keep you from banging your head on a desk for the night trying to figure out why it doesn't work. I've seen mainly flaky things go away on the sp2 reinstall

    I've got servers that support blackberries, iphones and the pre. Believe me supporting the pre is the easiest by far. EAS on the Pre is much much better than what the iphone requires you to do. Blackberries needed a separate machine just to host their BES software...An no I'm not a bb or an iphone hater, I've had both and really liked them both. The pre is just simply easier to setup EAS support for. If the pre was really the perfect combination of them both like I wanted it would be my favorite phone ever. But for being out for less than 6 months...I've got hope for this puppy.

    I'm taking off on a trip for 2 weeks come Monday and will have spotty cell and internet connection, but will check this thread when and if I can, in case your IT guy wants to ask any questions. But there are tons of resources on the internet to help him setup a correct EAS server with SSL using a self signed cert, and still keep his OWA intact.

    And yes unfortunately Sprint doesn't catch well where I'm going, but At&T and T-Mobile doesn't catch at all But when you're fishing on the beach, you don't necessarily want to get phone calls either!

    Aloha!
    Last edited by 808rides; 10/12/2009 at 01:13 AM.
  3. #3  
    Can you please elaborate?

    Quote Originally Posted by 808rides View Post

    (when you login to your Outlook Webaccess Email - click on the certificate and also any root certificates above it. Usually you only need the root, but I've seen some strange issues where you need both, transfer them both to your pc in .cer format and then to your pre)

    Aloha!
    Thank you
  4.    #4  
    Thanks for your help. My IT guy says he configured the server the way you suggested and still no luck. I can make it connect with if I leave the domain field blank, but I only get an outbox. If put the domain in I get the bad username/password error. Any other ideas? Thanks so much.
  5.    #5  
    I just read your post again. I found the internal domain name. When I put that in I am able to connect, but I get the outbox only (I get the same thing if I leave the domain field blank). Any ideas? Thanks again.
  6. 808rides's Avatar
    Posts
    22 Posts
    Global Posts
    38 Global Posts
    #6  
    Mungo - here's a little more descriptive post on the certification install.

    Open internet explorer
    Login to your Outlook Web Access Email
    The website should be something like "https://webmail. domain. com"
    A little lock should appear on the right next to the address bar
    Click on the lock, a pop up should appear and then click on the "view certificates" tab
    A box should pop up, then click on the "certification path" tab at the top
    Click on the root authority (the top most name on the tree)
    Then click on the "view certificate" button
    A new box should pop up, click on the "details" tab
    Click on the button "copy to file"
    Click next, then make sure "DER" is selected and click next
    Then save the file somewhere you can find it
    Then transfer that to your Pre via USB mode, don't put it in any folder

    Now on your Pre
    Go to "device info"
    Scroll down and click on "more info"
    Then click on the "preferences" menu button at the top
    Then click on "certificate manager"
    Hit the "+" sign and it should find the certificate you just copied to your pre
    Click on the certificate, and then click "trust certificate"

    It should be good to go. Hope that helps! Sorry working remotely, didn't want to post pictures (takes to long to load via my cell card) hope you can follow.
  7. 808rides's Avatar
    Posts
    22 Posts
    Global Posts
    38 Global Posts
    #7  
    Quote Originally Posted by ebrax12 View Post
    I just read your post again. I found the internal domain name. When I put that in I am able to connect, but I get the outbox only (I get the same thing if I leave the domain field blank). Any ideas? Thanks again.
    Make sure the certs are installed.
    Then your IT guy is going to probably have to make a few changes.
    Have him go to IIS
    Then go to the Exchange virtual directory propperties
    Then Directory Security
    Then edit the Authentication and Access Control
    Make sure everything is unchecked, except for Basic Authentication
    Also make sure a "\" is in the default domain text field - no quotes
    Click ok and then restart the IIS service

    Try to check your Pre again, it might take 10-15 minutes for your Pre to pick up the changes as well as a bit to sync up all your folders, contacts and calendars. I would set it to sync only a few days so that it goes faster until you get it working, then you can have it sync more email after you know everything is ok.

    Also everything above is still highly dependant on how the infrastructure of your email server etc...if he doesn't have a front end and back end setup, things are a little different, he will probably have to setup a virtual directory to use the SSL etc...but there are many more forums for Exchange help But the settings above and that SSL is on (you don't need it on, but I wouldn't use OWA without it, clear text password are VERY insecure) is pretty much all you need for your Pre to sync.

    Aloha and hope that helps!
  8. #8  
    Thank you 808.

    A couple of issues.
    (#1) I copied the cert as you instructed, but get a password valdation error. (How can this be?)

    I noticed that when clicking on the Lock to copy the DER cert, the format does not copy any of the other certs in the path. Is this accurate?

    I have tried everything including adding each of the certs in the path but get SSL errors.
    Thank you
  9. #9  
    Quote Originally Posted by 808rides View Post
    If all that checks out, time to work on the exchange server.
    1. Get a cert - self signed or bought - dont matter
    2. Enable SSL
    3. Turn of FBA - forms based authentication
    3. Make sure he has EAS on and unsupported devices enabled!
    4. If that fails - re-install service pack 2, it's quick and painless and can really keep you from banging your head on a desk for the night trying to figure out why it doesn't work. I've seen mainly flaky things go away on the sp2 reinstall
    If my company currently uses the FBA, is there a workaround for it? I will try to see if we can disable it but my hopes aren't high.
  10. 808rides's Avatar
    Posts
    22 Posts
    Global Posts
    38 Global Posts
    #10  
    Mungo,

    Including all the certs is a good idea, but usually the root cert is all you need. As for getting the password validation error, can you reply with exactly where you get this and exactly what it says and I'll try and replicate the problem.

    Make sure you are using the same username you use when you login to your computer at work or on webmail. Also are they the same usernames and passwords? Some people use virtual exchange hosts and they might be different. Also you might want to ask your network admin if mobile device support is enabled on your OWA/Exchange server.

    Aloha,
    808
  11. 808rides's Avatar
    Posts
    22 Posts
    Global Posts
    38 Global Posts
    #11  
    Trim333,

    The only workaround I can think of off the top of my head is creating a 2nd HTTP virtual server in the Exchange system manager. In looking into it it does seem possible, but I'm afraid I've never tried this setup before myself and can't vouch for whether this will work with the Pre. But have your IT guy read the following if he's willing to try and support it. It's worthwhile in my opinion as an IT guy myself, it allows for changes to support smartphones without affecting your regular webmail users. Like I said earlier, we support Blackberries, iPhones and now the Pre, and I don't get people calling me about phone issues once it's setup correctly like I get about their laptops locking up and getting viruses etc...it gives people mobility and also, for fear of losing control, you can always implement remote wipe and pin lock of a smartphone if necessary. Here's the link:

    HOWTO Create OWA outside Default Website/Enable SSL/Enable FBA/Redirect HTTP to HTTPS

    Aloha,
    808

    And sorry for the late reply guys, I'm still on a work trip and don't get back to my computer too often...to much fishing to do after work I'll be back in my office next Tuesday and will check this thread again.
  12. 808rides's Avatar
    Posts
    22 Posts
    Global Posts
    38 Global Posts
    #12  
    Ebrax12 - I just re-read your post, your IT guy is going to have to turn off Forms based Authentication for this to work, but if he doesn't want to change it for everyone because of one phone, I understand where he comes from, it's hard to please everyone. But in the post above to Trim333 there's a link to adding a 2nd virtual server and making one have FBA and the other not, and I've also listed posts on why he might want to try this. I'm very concerned with network security and having FBA enabled doesn't allow for any more security than without.
  13. #13  
    I'm an Exhcange admin. I had to install our private root CA web certificate on the Pre to make it work. Please look at the permissions in IIS on the Exchange server (search in google on OWA Exchange IIS permissions to find the proper settings). I had to disable Windows Authentication on one back end server's IIS web site's folder to get it working. PM me if you need more help. We also support Blackberries (BES server), WM phones (Treo) and Pre.

    Oh yeah, I'm also from the 808 state! :-P
  14. 808rides's Avatar
    Posts
    22 Posts
    Global Posts
    38 Global Posts
    #14  
    Nice to meet you! Hopefully when I get back to my desk I'll be able to post up more helpful info as well.
  15. #15  
    Quote Originally Posted by 808rides View Post
    Mungo,

    can you reply with exactly where you get this and exactly what it says and I'll try and replicate the problem.

    Also you might want to ask your network admin if mobile device support is enabled on your OWA/Exchange server.

    Aloha,
    808
    I create the account with or without the domain but only the outbox displays. Then, I get a notification that says "Login Credentials Rejected".

    I know the IT dept supports mobile devices we have Palm OS and Blackberry's.

    Thanks
    Thank you

Posting Permissions