Results 1 to 11 of 11
  1.    #1  
    I've been waiting patiently for the update as my IT people will not allow me to use the phone without the advanced security policies which were described as being present in the update. We ran into a little problem today, which is pretty obscure, but may keep this phone from being acceptable to many enterprise users. I'm wondering if anyone else has tried the policies today and can address this.

    My IT person set up an Exchange Server Mailbox for the Pre and made it require a password, then set up the phone to connect to the Exchange server. With ordinary policies (both the iPhone and WM devices), when you turn on the phone, you get a message requiring you to enter a PIN (usually just a 4 digit number). This is done so that if someone steals your phone or if you lose it, they cannot have access to your email. It is a function of the phone and how it relates to Exchange security policies. The description of the update states that it allows the IT people to require a PIN on each phone.

    On the Pre, when I go to "Screen and lock", there is the option to require a simple PIN (or a password, but nobody usually bothers with that). I can require that on the phone, and indeed I will have to enter the PIN every time I open the phone (but not to answer it). That is expected with Enterprise security. The problem is that when I go back to the settings, there exists a choice that says "Off" and it allows me to turn off the PIN requirement on the phone. That makes no sense from a security standpoint. IT needs to be able to guarantee that your PIN requirement stays on at all times. This works fine on all the iPhones and Windows Mobile machines that are used in our setting. I went through level 2 today, and level 3 techs are supposed to call the IT person on Monday to discuss the problem. If it can't be fixed, the phone will not be acceptable to most enterprise settings. Has anyone else gotten into the security policies in the last 24 hours? If so, is this working for your Exchange server?
    Last edited by davidra; 07/27/2009 at 09:04 AM.
  2. #2  
    I was also waiting for the update to allow pin security for my job email. It has work flawlessly. When i go into screen and lock settings all i see is change pin i am unable to turn it off. Try resetting phone or Remove and readd email account and see if you still get the same issue?
  3.    #3  
    Excellent. I rebooted and now it is locked with no "off" option. Thank you, as I was not looking forward to returning the phone.
  4. #4  
    I can turn the PIN requirement off, too. I also cannot manage the device from Outlook Web Access. Well, I can block it from updating, but I cannot remote wipe it. The big difference here is that we're running the Exchange 2010 beta here.

    I wonder if that could be your problem - you're running Exchange 2010, and not 2007 or 2003. Maybe there's a bug related to Exchange 2010 ActiveSync and the Palm Pre (it's certainly possible) - I also noticed this on the emulator.

    To verify this, I set my EAS mail server to a friend's Exchange 2007 box and the policies worked perfectly. I could even manage it from OWA, however there was no way to display a recovery password in case you forget your PIN - it simply says "no password is avaliable" from OWA. The funny part is - with combined E2K10 and E2K7 EAS accounts, the policies didn't take, but when I removed both, and just put the E2K7 account info in, it asked for a PIN right off the bat.

    So that's probably it - some weird issue between the Pre and E2K10. That's not something to be terribly surprised about, since the Pre has version 1.1 of the system software and E2K10 is still in beta.

    UPDATE: Ah, well. Scratch that. I rebooted my device and the PIN requirement took. However, that is a rather serious bug - these requrements should be enforced as soon as the phone syncs up.
    Last edited by kwbunn; 07/24/2009 at 08:49 PM. Reason: Tried another solution
    Yes, I work for Microsoft. No, I don't drink the Kool-Aid.
  5. jsabo's Avatar
    Posts
    427 Posts
    Global Posts
    479 Global Posts
    #5  
    Anyone see if the "PIN disabled" settings survives a reboot?

    My company's EAS server is set to require the PIN, but if you had a Treo or Blackberry, that's not a requirement. Ergo, they don't *really* care, so I'd love to be able to disable it on my phone but still keep the sync.

    Would test myself, but I actually can only hit the EAS server from the work wifi right now. Yet another reason why I want to make the change; all my server communication is manual at the moment until I convince someone to give me the public IP address.
  6. #6  
    Quote Originally Posted by davidra View Post
    Excellent. I rebooted and now it is locked with no "off" option. Thank you, as I was not looking forward to returning the phone.
    I am glad it helped out it didnt have that problem when i first add work account but another Palm Pre that i setup for coworker had the problem and a simple reset fixed the problem.
  7. #7  
    Quote Originally Posted by kwbunn View Post
    I can turn the PIN requirement off, too. I also cannot manage the device from Outlook Web Access. Well, I can block it from updating, but I cannot remote wipe it. The big difference here is that we're running the Exchange 2010 beta here.

    I wonder if that could be your problem - you're running Exchange 2010, and not 2007 or 2003. Maybe there's a bug related to Exchange 2010 ActiveSync and the Palm Pre (it's certainly possible) - I also noticed this on the emulator.

    To verify this, I set my EAS mail server to a friend's Exchange 2007 box and the policies worked perfectly. I could even manage it from OWA, however there was no way to display a recovery password in case you forget your PIN - it simply says "no password is avaliable" from OWA. The funny part is - with combined E2K10 and E2K7 EAS accounts, the policies didn't take, but when I removed both, and just put the E2K7 account info in, it asked for a PIN right off the bat.

    So that's probably it - some weird issue between the Pre and E2K10. That's not something to be terribly surprised about, since the Pre has version 1.1 of the system software and E2K10 is still in beta.

    UPDATE: Ah, well. Scratch that. I rebooted my device and the PIN requirement took. However, that is a rather serious bug - these requrements should be enforced as soon as the phone syncs up.
    I've been putting off getting the Pre until the 1.1 update because like many people out there our Exchange servers enforce the stronger security policies.

    So after the 1.1 update, are you able to sync email, calendar, contacts with an Exchange 2010 server? I'm in the same boat as you (I'm on an Exchange 2010 server at work) and I really want to get the Pre but the EAS support was holding me back. Sounds like it's fixed but it would help if someone can confirm that it's working?
  8. Fixxxer's Avatar
    Posts
    5 Posts
    Global Posts
    6 Global Posts
    #8  
    Quote Originally Posted by sjbhavsar View Post
    I've been putting off getting the Pre until the 1.1 update because like many people out there our Exchange servers enforce the stronger security policies.

    So after the 1.1 update, are you able to sync email, calendar, contacts with an Exchange 2010 server? I'm in the same boat as you (I'm on an Exchange 2010 server at work) and I really want to get the Pre but the EAS support was holding me back. Sounds like it's fixed but it would help if someone can confirm that it's working?
    I was in the situation because of my company's security requirements. Once the update went through I set everything up and created the pin number. It works perfectly now. The contacts, calendar, and corporate e-mail all sync. Now I truly can appreciate the Pre's ablility to manage multiple accounts since I have been able to add all of my work accounts.
  9.    #9  
    Yep, me too. After that reboot, the PIN requirement has held which means I can keep the phone. No problem syncing with email, calendar, contacts and tasks. In fact the notification appears faster on the Pre than on the VPN connection I use at home to the Exchange server.
  10.    #10  
    Well, I spoke too soon. Even after the reboot, there still is the option to turn off the required PIN. When locked, if you touch the "simple PIN" selection, a menu pops up that gives you the "off" option. We are supposed to hear from Level 3 people this morning. Would hate to give it back, but may have to if they can't get this fixed. I imagine many others are in the same boat....if they look hard enough.
  11.    #11  
    OK. We did get it working, thanks to a call from the business folks at Palm and my IT person, who has put in extra time on this. There is a checkbox on the Exchange server mailbox setup that says "allow non-provisional devices". This should NOT be checked. If you are having the same problem I was, have your IT people uncheck the box, remove and reintall the Exchange account on your Pre, and that should fix it. I should say that we had to try and reinstall several times before it held. Luckily the IT people used the SDK emulator and were able to continue to try things even though they didn't have the phone. Be persistant and it will work.

Posting Permissions