Solved

Have to unlock cell phone after it goes to sleep

Posted on 2010-08-26
17
927 Views
Last Modified: 2012-05-10
SBS 2008 using a self-signed certificate. I have 3 users with HTC phones (different carriers)running Windows Mobile 6.1. I installed the certificate on each phone and they are able to access/sync to the Exchange server.

The problem is - now when the phone goes to sleep, you have to enter the Exchange password to unlock the phone.

The users don't want to have to unlock the phones each time it goes to sleep. How can I remove this requirement?

Thanks.
0
Comment
Question by:notacomputergeek
  • 10
  • 7
17 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33535544
Which HTC handsets do you have?

I have the same issue with the HD2 and it is a bug that HTC are 'looking into'.

This is the first HTC handset that I have seen with this problem and it may not affect the HD2 alone.
0
 
LVL 13

Author Comment

by:notacomputergeek
ID: 33535868
(1) is Verizon Incredible
(2) are US Cellular Desire
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33536028
You should be able to set the inactivity timeout on the handset assuming it does not ignore the setting like mine does : |

Start, settings, Lock, "Prompt if phone unused for" - set to x hours e.g., 2 hours, 12 hours etc
0
 
LVL 13

Author Comment

by:notacomputergeek
ID: 33536697
Wouldn't this wear down the battery faster?

Thanks for the work-around, but I'm still hoping to find a solution.

Would purchasing a SSL Certificate make a difference?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33536773
You can remove the facility to require a password from Exchange via the Activesync policy, but this then means you can't remote wipe it if it gets lost.

You can set the interval between times the password is prompted as described above, and this won't effect the battery as there is the turn off device timeout and the prompt for PIN timeout.  They are completely different.

If you set the device timeout period to 2 minutes, the phone will switch off after 2 minutes, then when you switch it on, you should not be asked for the Exchange PIN.  If you set the Prompt for PIN timeout to 2 hours, then only if the device is left unused for 2 hours should you get asked for the Exchange PIN.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33536781
An SSL certificate would not make any difference.
0
 
LVL 13

Author Comment

by:notacomputergeek
ID: 33536895
If I decided to change the Activesync policy, can you give me more specific steps to do that?

Thanks for the further explanation regarding the phone settings.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 33537013
Sure - the Policy settings can be changed in Exchange Management Console> Organization Configuration> Client Access> Exchange Activesync Mailbox Policies
On the Password tab you can either require or not require a password (plus other password settings) - recommendation is to require a password.
The other tabs contro the default settings for Activesync, so if you set a setting, this will be picked up as default e.g., Sync Settings Tab> nclude Past Calendar Items.  If you set this to Two weeks - this is all the phones will be able to sync, because they won't see any other choices.
You can setup multiple Activesync Policies with different settings and then assign one Activesync Policy to one group of users and then another Activesync Policy to another group of users.  It is totally flexible.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 13

Author Comment

by:notacomputergeek
ID: 33537075
"If you set the device timeout period to 2 minutes, the phone will switch off after 2 minutes, then when you switch it on, you should not be asked for the Exchange PIN.  If you set the Prompt for PIN timeout to 2 hours, then only if the device is left unused for 2 hours should you get asked for the Exchange PIN."

I want to be clear about this. What it's prompting the user for on the phone is their AD password. Is that what you're referring to as the PIN?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33537102
Ah - they should not be prompted for their AD password.  It should remember the password.
You would be better off with a 3rd party SAN / UCC SSL certificate and this should get rid of the AD password requirement.
I have an Exchange 2010 server and a 3rd Party SSL cert (from GoDaddy) and I never get asked for my AD password.  I just get asked for the 4-digit PIN EVERY TIME I TURN MY PHONE ON!!!!!!!  Still waiting for HTC to fix that particular bug : #
0
 
LVL 13

Author Comment

by:notacomputergeek
ID: 33537157
"On the Password tab you can either require or not require a password (plus other password settings) - recommendation is to require a password."

This setting doesn't effect OWA users at all does it? Isn't it just for mobile devices?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33537204
No - no effect on OWA at all - purely for Activesync and nothing else.
0
 
LVL 13

Author Comment

by:notacomputergeek
ID: 33541926
After I change the Password setting in Exchange, do I need to restart anything for it to take effect?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33541981
No - it should take immediate effect but a restart of the Transport Service won't hurt.
0
 
LVL 13

Author Closing Comment

by:notacomputergeek
ID: 33543999
alanhardisty: Thanks for all your help. After unchecking the password option, the user had to delete/re-add the Exchange account on the phone. It hasn't asked for the password after that.

Good luck on your PIN problem.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33544499
You are welcome.  Glad it has stopped prompting you, but please make sure you can remote wipe the phone via OWA should the device / other devices get lost.  As far as I am aware, you won't be able to.Looking forward to my fix, as and when!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33899920
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now