• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2462
  • Last Modified:

Sync Exchange mail with Palm Treo 700W - SBS2003 w/sonicwall firewall

Treo 700w unable to check email over the web:  Carriers SPRINT / VERIZON  versions Windows Mobile 5 / PALM.

They devices seem to connect to the server but are unable to authenticate.  They are trying to sync using activesync exchange sync and they popup with DOMAIN\USER  then a password field.  Were entering the UN/PW correctly, they fail with ERROR.
0
breynolds01
Asked:
breynolds01
  • 9
  • 8
3 Solutions
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Did you completely follow the documentation on how to install the certificate as described in http://sbsurl.com/mobile?

Jeff
TechSoEasy
0
 
breynolds01Author Commented:
Jeff,
After importing the certificate in the device and setting up the active sync connection I receive the following error on the device.
RESULT:
You have an incorrect SSL certificate common name in the Host Name field.  For example, you may have entered www.tailspintoys.com when the common name on the certificate is actually www.wingtiptoys.com.  Make sure the server name is entered correctly.  View Support code: 0x80072F06
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Okay... what certificate did you import?  Where did you get it from?

Jeff
TechSoEasy
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
breynolds01Author Commented:
Ok the certificate I was using was servername.domain.com and the DNS record was set to mail.domain.com, I've since created a new server certificate with the correct dns of mail.domain.com and import it into the hand held.  I'm past that part in the sync process now, however I'm receiving the following error now.

Your account in Microsoft Exchange Server does not have permissioun to synchronize with your current settings.  Contact your Exchange Server administrator.  Support Code: 0x85010004
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Forgive me for being blunt, but something tells me that you did not follow the exact steps outlined in http://sbsurl.com/mobile but instead you perhaps just glanced over the document and said, "yeah, I did that".

I say this because if you had followed the steps exactly you wouldn't have had the certificate problem.  And with the above error which is most likely caused by skipping "STEP 2".  I don't see in your response that you checked everything that's listed in the document under Troubleshooting -- Some Users Cannot Synchronize:

If some users cannot synchronize their devices, but others can, check the following:

" On the Exchange Features tab of the user account properties dialog, ensure that all mobile services are set to Enabled.
 
" Ensure that the device has Internet access by browsing to a Web site from the device.
 
" Some carriers require a SIM update to use data service. Check with your mobile operator for any such requirements.
 
" Ensure that the time and time zone is set properly on the device.
 
" Some devices cache the IP address of DNS names. If your server uses a dynamic IP address in conjunction with Internet services such as DynDNS.org, you may need to reset the device if your IP address changes.
 
" If you are using Smartphones, you may have to use a third-party certificate from a trusted CA. Many Smartphones cannot use a self-signed certificate. However, all Pocket PC devices can use a self-signed certificate, so they can work without a third-party certificate.
 

If you have checked all these things, then forgive me, but please advise if this is the case.

Jeff
TechSoEasy
0
 
breynolds01Author Commented:
Actually I print the document out and went through it line by line.  I also verified that all mobile services are enabled.  I did run into a problem with installing active sync 4.2 on the desktops, after installing the Palm TREO's wouldn't sync to the computers.  After calling Palm and the phone service carrier it was brough to my attention that I needed to have the most recent version of 4.5.  They wouldn't support version 4.2 so I installed version 4.5 and the device was able to sync.  At that point I was able to transfer the certificate to the mobile device and install it there.

Only one of the users currently has the ability to sync his device and he has a Black Berry that connects via the cell carriers supplied website that pulls the data from OWA.  The other devices Palm Treo 600(w) (p), 700(w)(P), and iphones are not able to sync at all.

Sprint tells me that the 700P's don't support importing self generated certificates, however they have a special utility that sometimes works.  I'm in the process of trying that.  The user who was able to get past the certificate issue was then blocked by a message the the exchange account didn't have the proper rights to sync, which led to my last post.  I have checked all the above info, I've read the entire article again you sent and I've checked the work that was completed yesterday.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Have you updated Exchange to Service Pack 2 yet?

Jeff
TechSoEasy
0
 
breynolds01Author Commented:
Yes, that was completed lastnight.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
So it was done AFTER you had first tried to sync with the device?  If that's the case, you need to hard reset the device and re-establish the relationship.

Jeff
TechSoEasy
0
 
breynolds01Author Commented:
I've hard reset two devices.  Palm 700P (palm os) and Palm 700W (Windows) both are at factory default.  I was able to establish a connection with the server with the 700W however it looks like a SSL issue.

When I apply the SLL Cert sent from Comodo using the CEICW I get a message stating:

     The specified certificate file is not properly formatted.  Ensure that the correct file was specified.  If the problem persists, contact your certificate provider.

Comodo's since resent three other certificate formats all with .crt as the extension.  I've removed the certificate from the default website, created a new certificate request from IIS (exactly the same as the previous one created) and I'm now attempting to apply the certificate using the CEICW.  Here's the error I'm now receiving:

     No certificate has been requested for the default web site in IIS.  to use the Web server certificate from a trusted authority, you must first create a request for a certificate by using the Web Server Certificate Wizard in IIS.  You can then run this wizard again to configure the default Web site to use the trusted certificate.The specified certificate file is not properly formatted.  Ensure that the correct file was specified.  If the problem persists, contact your certificate provider.

0
 
breynolds01Author Commented:
In what format does the certificate need to be issued so you can apply the certificate using the CEICW?  Should you apply the certificate using the CEICW, or apply the certificate to the default website using IIS?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Have you made sure that ALL other certificates have been removed from your server?

Also, when using the CEICW, it will always ask for a .cer file extension.  You can just change the extension on your 3rd party certificate to .cer from .crt in order for the CEICW to work properly.

Also, we were never discussing how this would work with the 700P, which is a completely different issue than synching with the 700W.

Jeff
TechSoEasy

0
 
breynolds01Author Commented:
I was able to work with Comodo this morning to get the certificates installed correctly.  It was a three part process first being the CEICW then using the MMC cetificate snaping and importing two other .crt files.

When syncing from the Treo 700W I receive the result:

Your account in Microsoft Exhcnag Server does not have permission to synchronize with your current settings.  Contact your exchange Server administrator.

Support Code: 0x85010004

Last Synchronized:
None

The account I'm testing with is in the following groups:
RWW Users
Mobile Users
Domain Users
Domain Power Users

Another possible symptom:  When navigating to https://secure.domain.com/oma a windows authentication window pops up, I enter the username and password I receive the following:

From as external computer:
-=======================================================-

https://secure.domain.com/oma/(0odwfv2ac5axq045viy2zw55)/oma.aspx

  A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
Home


From the server or internal computer:
-=======================================================-

http://server/oma/(aux4znzmnlyiunuu04aamm55)/oma.aspx

  A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
Home
0
 
breynolds01Author Commented:
I found this link:  http://www.tek-tips.com/viewthread.cfm?qid=1295584

This lists the following security settings for several virtual sites.  Would you verify these are correct?  I've compared the listed settings to the security settings on the virtual directories and found several discrepancies based on what was posted.  Before I make any changes, I would like a second opinion.

Security Listed in link above:

Also check all of your permissions in IIS.

 Default Web site
    Enable Anonymous access
    Integrated Windows Authentication
Exadmin
    Integrated Windows Authentication
    Require SSL
        Require 128 bit
Exchange
    Basic Authentication
        Default Domain \
Exchange-oma
    Integrated Windows Authentication
    Basic Authentication
ExchWeb
    Enable Anonymous access
    Require SSL
        Require 128 bit
Microsoft-Server-ActiveSync
    Scripts and Executables
    Exchange Application Pool
    Basic Authentication
        Default Domain DomainName
OMA
    Scripts Only
    ExchangeMobileBrowseApplicationPool
    Basic Authentication
        Default Domain DomainName
Public
    Basic Authentication
        Default Domain \
    Require SSL
        Require 128 bit
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
If you've got everything in order, and you're getting that code, then you need to call MS Support and get this hotfix:
http://support.microsoft.com/kb/919864

One thing though... make sure that you've enabled Outlook Mobile Access, User Initiated Synchronization and Up-to-date Notifications for the user's account.  These are normally enabled by default when you apply the "Mobile User Template" but you can reapply that just to be sure by running the Change User Permissions wizard from the Users Snap-In of the Server Management Console.

The settings can also be manually checked on the "Exchange Features" tab of the User Account Properties.

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
P. S.  You should never need to manually change ANY of the permissions in IIS, and I recommend that you DON'T.  All of these settings are configured with the CEICW and once you start messing with them individually you are asking for trouble.  

Jeff
TechSoEasy
0
 
breynolds01Author Commented:
Turns out the issue was with the security on the devices.  After calling MS, they had us turn off the deivce security and we were able to connect each device and sync each account.
0
 
dkieslingCommented:
How did you change the security on the devices?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now