Page 6 of 10 FirstFirst 12345678910 LastLast
Results 101 to 120 of 192
  1. #101  
    Imported my self generated root cert into my phone when I got it, and my EAS sync has been flawless. I do mess the EAS sync schedule from my WinMo 6.1 phone and hope it's a feature that Palm adds in a future release. I used to have my phone only sync M-F 6am-6pm, and now I get sync whenever my phone is turned on, unless I manually turn it off.
  2. #102  
    Am I correct in thinking that the certificate does not remove the PIN requirement? Sprint tried to get me to add a cert.
  3. #103  
    Before I added the cert, I couldn't even connect. Now I get a message about unsupported policies...
  4. #104  
    Quote Originally Posted by bruceindfw View Post
    After working on the EAS SSL issue for hours today, I finally figured out that the self-signed certificate that SBS 2003 was creating had multiple Common Names (CN=). The first CN was the public hostname of the Exchange server and the last was the internal/private hostname. When I browsed to Outlook Web Access with the Pre and Trusted the certificate, I noticed that the Pre listed the certificate with the last CN - the private hostname (i.e. server.domain.local). Finally, I downloaded a utility and created a another self-signed certificate with only one CN - which pointed to the public FQDN. After adding that certificate to our server, I deleted the first certificate from the Pre and browsed back to OWA - and Trusted the new certificate. Then, I was able to successfully setup the Exchange account.
    Bruce, that is pretty much what I've seen as well (I have another post on here about that, I think on one of the other many threads on this issue). However, I haven't gotten mine working yet. What utility did you use?
  5. #105  
    Quote Originally Posted by lexart View Post
    ...
    It appears that Palm knows about the Pre lacking the EAS device system lock feature and either chose not to implemented it or somehow 'missed' this feature in their QA cycle. Quite unbelievable really, considering that this is such commonly enabled security feature on enterprise EAS servers.

    Someone at Palm QA should be smacked for this . . . and hard.
    This was documented to Sprint employees, and the information posted on this (and other sites) more than a week before the device was released.
  6. #106  
    Quote Originally Posted by pavvento View Post
    ...
    Who didn't recommend it for enterprise? Was it Palm/Spring by advertising EAS?
    It does use EAS. EAS is a suite of protocols and applications. It does not implement all of them. The fact that the security features were not implemented was made clear to Sprint employees in their internal documents. As I said in my previous post, that information was posted here, and on many other Pre-related web sites.
  7. #107  
    When I received the error about the certificate I just browsed to the exchange site and when prompted if I wanted to accept the certificate I said trust then I went back to the email setup and it worked.
  8. #108  
    ...18 hours past when Palm "promised" a Level 2 Tech to call me!

    (6/6/09 3pm)
    Palm Tech support: Sir, we are aware and working on this issue. We will have a level 2 support technician contact you within 24 hours.
    Me: That will be great-are you sure they will call?
    Palm: Yes, I promise you.

    HA!
    NO CALL! NOT ABLE TO GET COMPANY EMAILS/CALENDAR/CONTACTS...bye bye Palm-it's over Sprint! iPhone here I come....this will go down as the beginning of the end for Palm. They will never be considered a real player in the world of high-tech...just wanna-bes....sad-very sad.
  9. #109  
    Quote Originally Posted by wbsaz View Post
    ...18 hours past when Palm "promised" a Level 2 Tech to call me!

    (6/6/09 3pm)
    Palm Tech support: Sir, we are aware and working on this issue. We will have a level 2 support technician contact you within 24 hours.
    Me: That will be great-are you sure they will call?
    Palm: Yes, I promise you.

    HA!
    NO CALL! NOT ABLE TO GET COMPANY EMAILS/CALENDAR/CONTACTS...bye bye Palm-it's over Sprint! iPhone here I come....this will go down as the beginning of the end for Palm. They will never be considered a real player in the world of high-tech...just wanna-bes....sad-very sad.
    Have you tried going to your OWA site on your Pre, trusting your certificate and then attept to setup your email? This is what I did and it worked just fine. Now I receive contacts, tasks, calendar, and email from my exchange.
  10. #110  
    Quote Originally Posted by Sparkomatic View Post
    Here's my question...I'm the secondary IT guy for our SoCal office and the main IT guy is at our HQ in NorCal. Anyway, we do not have SSL on our Exchange.

    If we were to get a certificate, would people still be able to access EAS (through their iphones, OWA, WinMo devices, etc) using http:// instead of https:// or will everyone have to change their settings to https:// ?

    It would be a royal pain to tell everyone they have to change their bookmarks for OWA, their settings on their devices so that I can get my Pre to work...all because there's not checkbox for SSL.

    Okay, sorry for the little rant but the above question is a serious one. Thanks!
    Same here. I believe it will just redirect them to the SSL page. So there bookmarks will be ok. Im heading into my office soon and Im going to try and get a cert. We were going to buy one awhile back but had so problems with godaddy verifying me as a worker for my company.
  11. #111  
    I wonder if I can get to my OWA page by using my SecurID token... hrm...
  12. #112  
    Alright, so I though everything was working fine on my Pre until I got in the office this morning. I just realized that my Pre did a onetime sync on Saturday when I bought the pre but I didn't realize that it hasn't actually be syncing since. I have tons of unread emails in my office but my Pre does not sync. I manually sync and it says it synced fine but it doesn't. I will look more into this but if I can't get it to work i'm afraid I need to take it back.
  13. #113  
    Quote Originally Posted by hchavarria View Post
    Alright, so I though everything was working fine on my Pre until I got in the office this morning. I just realized that my Pre did a onetime sync on Saturday when I bought the pre but I didn't realize that it hasn't actually be syncing since. I have tons of unread emails in my office but my Pre does not sync. I manually sync and it says it synced fine but it doesn't. I will look more into this but if I can't get it to work i'm afraid I need to take it back.
    Your Exchange server might require policies that the Pre does not offer. Who knows if/when we will ever get these basic features.

    I cannot even connect to the WIFI at work, because it is WPA2, and for whatever reason, when I click on the connection, I can't even enter a freaking username. The network here requires a username, password, domain, and SSL certificate. The iPhone works--all they have to do is accept the certificate, both for EAS, as well as WIFI.

    Kind of disappointing, but I am hopeful that Palm will release some fixes/upgrades soon...

    There seem to be some extremely basic/essential stuff that Palm left out of WebOS--like changing text sound, leaving BT discoverable/more profiles, having the screen follow as you type on web sites, the list goes on.

    Still keeping it though, because my dang HTC Touch was too slow.
  14. #114  
    Being VP of Systems/Security for a Fortune 1000 company, I think I can FYI some things about Exchange 2007 and ActiveSync. This doesn't exactly guide the end user to get his/her Pre in sync with Exchange, but it does explain how complicated Ex2007 and EAS is to setup CORRECLTY so you DO NOT have all of these problems at the end user level.


    Using a self signed certificate with Ex2007 would ONLY be used if you are LAZY and most likely, out of your league when it comes to configuring the server. Furthermore, if you don't know EXACTLY how to use powershell commands, applying the cert will only apply it to certain areas. Self signed certificated should ONLY be used server side if the box never touches the Internet. The whole point of using a cert is to verify the identity of the server against a repository on the Internet. Simply copying a server cert to the client is like putting on a blind fold. Sure you saw who gave it to you, but going forward, you have no idea who you are talking to becuase you cannot verify the idenity.

    Depending on how you built your EAS policy on your Ex2007 server, that would determine if you even need a CLIENT SIDE certificate for your handheld device. I see a lot of you saying you need to get a cert for your device. NOT THE CASE UNLESS YOUR SERVER REQUIRES IT!

    Furthermore, just because you get a cert for your device, it DOES NOT mean that the devices license for ActiveSync even supports CLIENT SIDE certificates for authentication! Apple, for whatever reason, does NOT support client side certs for authentication! So if an IT guy wants to super secure his EAS policy by requiring client side certs to prove identity, it becomes device dependant. I can put a cert on my WinMo phone and authenticate with that cert, however, one of my employee's iPhone cannot. Apple simply decided not to utilize that part of the suite. Why? Who knows.

    Do we have confirmation anywhere that the Pre supports client side certificates for authentication in EAS? Just becuase it has a "certificate store" it doesn't mean that apps on it are tuned to actually make use of the certs available.

    Any IT guy running their Ex2007 server WITHOUT using HTTPS should be fired and turn in their stripes. You are the reason IT people get a bad rap. People steal information and eavesdrop simply becuase they CAN and thinks its fun. Do yourself and your employees a favor and get a new profession.

    One of the requirements of the Ex2007 is to have multiple hostnames for the box and the certificate in order to get Outlook Anywhere, Outlook Web Access, and Autodiscover to work from the Internet as well as the Intranet. You need the FQDN for outside contact (mail.domain.com), EAS (mobile.domain.com), autodiscover free/busy scheduling (autodiscover.domain.com) as well as all the FQDN for you inside Active Directory (mail.domain.local), and also your simple host name (mail). This requires multiple hostnames applied to your certicate generation when submitting it to Verisign, GoDaddy, etc. I use GoDaddy and you can get a 3 year cert for about $600. If you want to use Ex2007 correctly, this is price of doing business. Get use to it.

    When you get that cert, you need to apply it to ALL of these apps CORRECTLY from the power shell AND edit the URLS correclty so Ex2007 knows what URLS inside or outside users will need in order to reach the server. Otherwise end users get the dreaded "SSL mismatch" and in most cases, end the connection process.

    In essence, anything you knew about how Exchange 2000/2003 worked is pretty much useless in configuring 2007.
    Last edited by Major.Malfunction; 06/08/2009 at 10:42 AM.
  15. #115  
    Quote Originally Posted by jkade View Post
    Am I correct in thinking that the certificate does not remove the PIN requirement? Sprint tried to get me to add a cert.
    You're correct. The SSL cert has to do with data *transport* security, namely establishing secure SSL session between the Pre's email client and EAS server. Once the SSL session is up, the EAS server will attempt to impose end device security, is this case, device pin lock. If the device can not satisfy EAS pin policy directive, EAS server steps out and your device can not proceed with activesync . . . On the Pre, the email client has no capability to enforce device pin lock directive from EAS, and it all falls apart . . . arghh!
    Pilot 1000=>Pilot 5000=>Palm IIIx=>Palm Vx=>Palm 505m=>Treo 600=>Treo 650=>Treo 700wx=>Treo 755p=>Palm Pre=>Palm Pre 2
  16. #116  
    Quote Originally Posted by Major.Malfunction View Post
    Any IT guy running their Ex2007 server WITHOUT using HTTPS should be fired and turn in their stripes. You are the reason IT people get a bad rap. People steal information and eavesdrop simply becuase they CAN and thinks its fun. Do yourself and your employees a favor and get a new profession.
    Finally, a voice of reason . . . Thank you!
    Pilot 1000=>Pilot 5000=>Palm IIIx=>Palm Vx=>Palm 505m=>Treo 600=>Treo 650=>Treo 700wx=>Treo 755p=>Palm Pre=>Palm Pre 2
  17. #117  
    Quote Originally Posted by Major.Malfunction View Post
    Do we have confirmation anywhere that the Pre supports client side certificates for authentication in EAS? Just becuase it has a "certificate store" it doesn't mean that apps on it are tuned to actually make use of the certs available.

    Any IT guy running their Ex2007 server WITHOUT using HTTPS should be fired and turn in their stripes. You are the reason IT people get a bad rap. People steal information and eavesdrop simply becuase they CAN and thinks its fun. Do yourself and your employees a favor and get a new profession.
    I seem to have confirmed it on my own. I tried for about 20 minutes to get my Pre on my 2007 Exchange at work, which requires client-side certificates to work on WM, and iPhone (but somehow the damn iPhone can just download it from the autodiscover page,) but the Pre would simply not update the mailbox. This is similar to when I would set up Exchange on my WM phone without the cert. It would appear to connect, but nothing would sync. That's when I could normally open up activesync on the device, and see that I am missing a certificate. The Pre does not appear to have a status area like that--for ANY account on the device. (Feels very unpolished in this area, along with settings/configuration, but that's for another thread.)

    Anyways, after I emailed myself a copy of my trusted root cert, that I had to specifically request via our internal network... I log in with credentials and request the file. -- emailed to my phone, and installed it.

    Now when I try to sync, I get:

    "Error

    The mail server requires security policies that are not supported"

    So I'm pretty sure I'm up against a brick wall here. Maybe if enough people get the Pre here at AMD I can request a work-around... OWA sucks, because I have to keep re-entering my securID token every few minutes... no thanks.
  18. #118  
    Had the same problem for the past 2 days. Just go to your webmail site via a computer. Let the root cert install there.
    Go to tools;Options;content;certificates.
    Then go to trusted root certificates and export the one for your exchange server.
    Next download it to the Pre's downloads folder.
    Go into cert manager on the Pre (which is in device info) and install it that way.
    I worked for me so hopefully it does for you. Its nice to have contacts now.
  19. #119  
    Quote Originally Posted by ScrapMaker View Post
    I seem to have confirmed it on my own. I tried for about 20 minutes to get my Pre on my 2007 Exchange at work, which requires client-side certificates to work on WM, and iPhone (but somehow the damn iPhone can just download it from the autodiscover page,) but the Pre would simply not update the mailbox. This is similar to when I would set up Exchange on my WM phone without the cert. It would appear to connect, but nothing would sync. That's when I could normally open up activesync on the device, and see that I am missing a certificate. The Pre does not appear to have a status area like that--for ANY account on the device. (Feels very unpolished in this area, along with settings/configuration, but that's for another thread.)

    Anyways, after I emailed myself a copy of my trusted root cert, that I had to specifically request via our internal network... I log in with credentials and request the file. -- emailed to my phone, and installed it.

    Now when I try to sync, I get:

    "Error

    The mail server requires security policies that are not supported"

    So I'm pretty sure I'm up against a brick wall here. Maybe if enough people get the Pre here at AMD I can request a work-around... OWA sucks, because I have to keep re-entering my securID token every few minutes... no thanks.
    I think you are confusing client-side certificates with simply adding a private CA to the trusted root store on the phone, or simply overriding the certificate's invalid status, which is what you'll want to do if you're using self-signed certs. The purpose of the certificate in the case of self-signed certs is to provide encryption, so that data is not passing through the internet in clear text, but it doesn't provide any proof of identity, since the certificates were not issued by a proper CA. Client side certs work the same but in reverse, the point being that your handset is proving who it is via the certificate that was issued by a proper CA. You most probably don't need client side certificates and should probably not worry about them.
  20. #120  
    Quote Originally Posted by Major.Malfunction View Post
    The whole point of using a cert is to verify the identity of the server against a repository on the Internet.
    Isn't encryption of traffic a major point of using SSL, so that emails and passwords are not flowing through the Internet/wifi in cleartext?

Posting Permissions