[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1575
  • Last Modified:

Samsung Galaxy S 2 Exchange sync

I am having a nightmare of a time with the new Samsung Galaxy S 2, on AT&T. Initially it would not connect to Exchange 2010 using the built in account connector. A week later that now works, having changed nothing on my end. Now it connects OK, but will only allow me to set up a complex password on the device to unlock it [no PIN / swipe etc.] despite using the same policy as everyone else. On another Android I have [Atrix 4G] I can use the finger print reader, pin code & swipe pattern and switch between them fine. Our older WinMo 6.5 phones are working fine with pin numbers only. I am using the same Active Sync policy. The phone is set to lock after 10 minutes of inactivity, and I don’t want to leave it much longer than that if I can avoid it.

Ultimately I need to be able to set it up to do the swipe pattern, or at least the PIN number, some of our users need to make phone calls in the car & a complex password is not going to fly. I need the phone to sync with exchange for email, contacts, calendar & tasks, as well as the security features like full encryption & remote wipe [a must] and the recover lost password & failed logins functionality.

Any recommendations?
0
WJPR_IT
Asked:
WJPR_IT
  • 11
  • 10
2 Solutions
 
e_aravindCommented:
Can you try creating another EAS policy @ the E2010 server

ON this new EAS policy, Regarding the Password-policy setting
Toggle the policy --> Alphanumeric password required

Then assign this new-EAS-Policy to some\few users who got to use the finger print reader
0
 
WJPR_ITAuthor Commented:
OK, created separate policy. Enabled AN passwords and allow simple passwords. Rebooted devices & sysnc'd. Both were required to enter complex passwords. On the GS2 the only option was the complex password. On the Atrix the only options were the complex password & the fingerprint reader [though a complex password was required as the backup in case fingerprint was not available].

Removed requirement for AN password, still allowing simple passwords. Rebooted devices & sync'd. Now the Atrix will allow for a PIN, password & fingerprint. The SG2 will still only allow for a password.

Removed requirement for AN password and removed simple passwords. Rebooted devices & sync'd. Atrix will still allow for a PIN, password & fingerprint. The SG2 will still only allow for a password.

Removed password requirement completely [no Encryption or anything]. Rebooted devices & sync'd. Now both devices will allow for a PIN, password & nothing as well as the fingerprint on the atrix.

Turned encryption & simple password back on & now it requires a password on GS2, pin, password or fingerprint on the Atrix.

It seams that to enable encryption on the galaxy s 2 you must also use a complex password. :-(

any ideas how to get around this?
0
 
WJPR_ITAuthor Commented:
I still do not have any solution to this issue. It appears to be a wide spread problem with no known solution. Similar issues have been reported with some phones, but the SGS2 seems to be a primary culprit.

The only potential solution that seemed to work for some people was to remove the corporate account, set the password to PIN / Swipe / Nothing & then on re-adding the account it would not ask you to change it / use what you had already set up. This did not work for me, even with allow simple password selected.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Alan HardistyCommented:
I have personally avoided Android Phones like the plague as they simply don't work with Exchange (in my experience).  I have worked with iPhones and Windows Mobile phones for years and they work happily.  So far I have not managed to get anything Android working out of the box without having to resort to some sort of 3rd party App to make the phone do what it should do without the App.

I, my business partner and our employee have spent countless hours trying to get my business partners and employees Android phones working without a 3rd party App and I simply gave up as it was wasting too much time.

I got an iPhone 4S the Monday after launch day (no weekend delivery :( ) and had it up and running with Exchange in 2 minutes.

Alan
0
 
WJPR_ITAuthor Commented:
Thanks for that Alan. As I said in my OP the Atrix 4G worked perfectly out of the box. As for my actual issue, do you have any suggestions of how I can get my SGS2 to work?
0
 
Alan HardistyCommented:
I don't as yet - but I think my business partners' wife just got a Galaxy S today, so no doubt I will hear from him tomorrow for details of what he had to do to get it working.

I'm out installing a new Virtual SBS 2011 server but will enquire.
0
 
Alan HardistyCommented:
Spoke to my business partner and he managed to get the Galaxy S II up and running quite quickly (once he had provided the right credentials), so doesn't seem to be something with the phone.

How many Activesync policies do you have configured on your server?
0
 
WJPR_ITAuthor Commented:
I can connect fine, my issue is with the phone requiring a complex password if encryption is selected. While I would normally be a fan of that, it is not suitable for a cell phone which may need to be used while driving to make phone calls etc. and is not being required by Active Sync policy.

I currently have 3 different policies, the default that most current users use & a couple of test ones modelled off the default one.
0
 
Alan HardistyCommented:
Okay - not setup encryption before.

Do you have other encrypted devices that are happy with a Simple PIN?
0
 
WJPR_ITAuthor Commented:
Yes. See my first comment, a side by side with an Atrix 4G. Also running Gingerbread Android 2.3 [.4 I think]
0
 
Alan HardistyCommented:
Quote from their website:

"Play it safe with a security solution that enables the protection of mobile data without the need to sacrifice speed and functionality. Samsung GALAXY S II is the first Android smartphone to adapt powerful encrypted hardware, minimising the use of security software and applying encryption technology to the hardware itself, accelerating security protection and achieving superior performance. Sybase® Afaria® Mobile Device Management and Exchange ActiveSync complements the encryption support with its own mechanisms to secure important corporate and personal information."

"Optimised to secure access of enterprise resources on the Microsoft® Exchange server that allows receiving of up-to-date business emails and accessing of calender accounts, contacts and synchronisation of tasks. Samsung GALAXY S II boasts the most comprehensive mobile implementation of Exchange ActiveSync which provides the strongest security Mobile Device Management and the latest policies and restrictions support from Android™ ActiveSync clients. It also allows real-time communication, remotely configuration of settings, monitoring of compliancy with policies, safe synchronisation of data and wiping or locking of phone."

Suggests to me that you are stuck with the strong password as it is more secure - although just checked with my business partner and he advised that only a PIN was required by our server.  We don't use encrypted devices - so I am thinking the extra security is encryption related - as you do.
0
 
WJPR_ITAuthor Commented:
That was one of the main reasons we went for the SGS2, since we are required to encrypt anything that leaves the building. I could not even get a call back from anyone at Sybase & our reseller laughed when I told them wee needed it for 5 devices. Their pricing only starts at 75 devices. Either way the Afaria program is part of the Mobile Device Management suite of software, that works alongside the standard software & functionality. The issue is, and it would seem to be a bug / feature specific to that device, that the built in Exchange connection is unable to correctly work with the exchange active sync policies. If it is not set to require a password on the server then it should not require it on the device.
0
 
Alan HardistyCommented:
Exactly - sounds like issues I had with an HTC (Windows Mobile Phone) always prompting me for the PIN every time I used the device, despite the setting to not ask unless the phone had not been used for "2 hours" which is a manual setting that it seemed to ignore.

HTC decided that I was the only one with the issue and that it was a "security feature" - I love iPhones now :)
0
 
WJPR_ITAuthor Commented:
Indeed. As for my issue I am still at a loss & AT&T tech specialists have stopped returning my calls. Interesting way to deal with a problem. :-(
0
 
Alan HardistyCommented:
Ah yes - the bury your head in the sand approach - always helpful.

Want me to setup an account on my server for you to test?  See if you get the same issue?
0
 
WJPR_ITAuthor Commented:
Its worth a shot. As long as you dont decide to do a remote wipe of my phone while it is connected!! It would need to have Encryption enabled for the device, no SD card used, though you can set that u as well if you want.

Cheers
0
 
Alan HardistyCommented:
Okay - I'll setup a policy with Encryption for you - wouldn't dare remote wipe it.  I'll disable the account after we know if it works or not.

Hold fire.
0
 
Alan HardistyCommented:
Okay - please ping me an email to alan @ it-eye.co.uk and I'll divulge the details.
0
 
Alan HardistyCommented:
Email received - details emailed back to you.

Fingers crossed.  Tension mounting :)
0
 
WJPR_ITAuthor Commented:
After MANY hours on the phone with Samsung's technical support at the highest level & them trying various iterations of the AT&T versions of the Galaxy S 2 & S 2 SkyRocket on my server they confirmed that it is a bug, not a feature. It was handed off to their developers to possibly be fixed in the future.
Shame, other than this it is an awesome phone.
0
 
WJPR_ITAuthor Commented:
I would have loved to have fixed this without voiding the phones warranty, but it is a big with Samsung / AT&T's setup so out of my hands.
0
 
Alan HardistyCommented:
Well - can't say that I am surprised.

Glad you at least know now - sorry you were the one to discover the bug :(
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 11
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now