Have to unlock cell phone after it goes to sleep

SBS 2008 using a self-signed certificate. I have 3 users with HTC phones (different carriers)running Windows Mobile 6.1. I installed the certificate on each phone and they are able to access/sync to the Exchange server.

The problem is - now when the phone goes to sleep, you have to enter the Exchange password to unlock the phone.

The users don't want to have to unlock the phones each time it goes to sleep. How can I remove this requirement?

Thanks.
LVL 13
notacomputergeekAsked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Sure - the Policy settings can be changed in Exchange Management Console> Organization Configuration> Client Access> Exchange Activesync Mailbox Policies
On the Password tab you can either require or not require a password (plus other password settings) - recommendation is to require a password.
The other tabs contro the default settings for Activesync, so if you set a setting, this will be picked up as default e.g., Sync Settings Tab> nclude Past Calendar Items.  If you set this to Two weeks - this is all the phones will be able to sync, because they won't see any other choices.
You can setup multiple Activesync Policies with different settings and then assign one Activesync Policy to one group of users and then another Activesync Policy to another group of users.  It is totally flexible.
0
 
Alan HardistyCo-OwnerCommented:
Which HTC handsets do you have?

I have the same issue with the HD2 and it is a bug that HTC are 'looking into'.

This is the first HTC handset that I have seen with this problem and it may not affect the HD2 alone.
0
 
notacomputergeekAuthor Commented:
(1) is Verizon Incredible
(2) are US Cellular Desire
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Alan HardistyCo-OwnerCommented:
You should be able to set the inactivity timeout on the handset assuming it does not ignore the setting like mine does : |

Start, settings, Lock, "Prompt if phone unused for" - set to x hours e.g., 2 hours, 12 hours etc
0
 
notacomputergeekAuthor Commented:
Wouldn't this wear down the battery faster?

Thanks for the work-around, but I'm still hoping to find a solution.

Would purchasing a SSL Certificate make a difference?
0
 
Alan HardistyCo-OwnerCommented:
You can remove the facility to require a password from Exchange via the Activesync policy, but this then means you can't remote wipe it if it gets lost.

You can set the interval between times the password is prompted as described above, and this won't effect the battery as there is the turn off device timeout and the prompt for PIN timeout.  They are completely different.

If you set the device timeout period to 2 minutes, the phone will switch off after 2 minutes, then when you switch it on, you should not be asked for the Exchange PIN.  If you set the Prompt for PIN timeout to 2 hours, then only if the device is left unused for 2 hours should you get asked for the Exchange PIN.
0
 
Alan HardistyCo-OwnerCommented:
An SSL certificate would not make any difference.
0
 
notacomputergeekAuthor Commented:
If I decided to change the Activesync policy, can you give me more specific steps to do that?

Thanks for the further explanation regarding the phone settings.
0
 
notacomputergeekAuthor Commented:
"If you set the device timeout period to 2 minutes, the phone will switch off after 2 minutes, then when you switch it on, you should not be asked for the Exchange PIN.  If you set the Prompt for PIN timeout to 2 hours, then only if the device is left unused for 2 hours should you get asked for the Exchange PIN."

I want to be clear about this. What it's prompting the user for on the phone is their AD password. Is that what you're referring to as the PIN?
0
 
Alan HardistyCo-OwnerCommented:
Ah - they should not be prompted for their AD password.  It should remember the password.
You would be better off with a 3rd party SAN / UCC SSL certificate and this should get rid of the AD password requirement.
I have an Exchange 2010 server and a 3rd Party SSL cert (from GoDaddy) and I never get asked for my AD password.  I just get asked for the 4-digit PIN EVERY TIME I TURN MY PHONE ON!!!!!!!  Still waiting for HTC to fix that particular bug : #
0
 
notacomputergeekAuthor Commented:
"On the Password tab you can either require or not require a password (plus other password settings) - recommendation is to require a password."

This setting doesn't effect OWA users at all does it? Isn't it just for mobile devices?
0
 
Alan HardistyCo-OwnerCommented:
No - no effect on OWA at all - purely for Activesync and nothing else.
0
 
notacomputergeekAuthor Commented:
After I change the Password setting in Exchange, do I need to restart anything for it to take effect?
0
 
Alan HardistyCo-OwnerCommented:
No - it should take immediate effect but a restart of the Transport Service won't hurt.
0
 
notacomputergeekAuthor Commented:
alanhardisty: Thanks for all your help. After unchecking the password option, the user had to delete/re-add the Exchange account on the phone. It hasn't asked for the password after that.

Good luck on your PIN problem.
0
 
Alan HardistyCo-OwnerCommented:
You are welcome.  Glad it has stopped prompting you, but please make sure you can remote wipe the phone via OWA should the device / other devices get lost.  As far as I am aware, you won't be able to.Looking forward to my fix, as and when!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.