Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

Motorola Community

Older Devices ArchiveRetired Soak Tests
All Forum Topics
Options

164 Posts

07-23-2010

Brazil

0 Signins

0 Page Views

  • Posts: 164
  • Registered: ‎07-23-2010
  • Location: Brazil
  • Views: 0
  • Message 1 of 53

Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-23, 21:05 PM

Let's start with a complete description of the issue:

With TA & MR1 software (1.13.5.10 & 1.13.6.2), a user will not be able to set up their corporate exchange email using ActiveSync on their device ONLY if their exchange server does NOT have SSL or certificates installed.

The correct behavior should be as follows: when a secure connection is not required by the IT organization for that user, the user should uncheck the setting “Use secure connection” in Account setup on the device.  The device should then attempt to connect to the Exchange server via an unsecured connection.  In this case, there is a bug whereby even after un-checking the "Use Secure connection" checkbox, the device will use HTTPS instead of HTTP.

For the majority of exchange users who do have SSL enabled on their servers, there should be no account setup issues.

Here is the work-around we came up with:

1. For      Droid x to connect to an exchange server, it needs to use SSL and have a      certificate installed.       Motorola recommends that exchange servers use SSL with known 3rd party certificates (Verisign, etc).       Here are links to details on SSL and certificates for Exchange:

Exchange 2003:

How to Set Up SSL on a Server

http://technet.microsoft.com/en-us/library/bb124484%28EXCHG.65%29.aspx

How to Configure Virtual Directories to Use SSL

http://technet.microsoft.com/en-us/library/aa996185%28EXCHG.65%29.aspx

Exchange 2007:

Managing SSL for a Client Access Server

http://technet.microsoft.com/en-us/library/bb310795%28EXCHG.80%29.aspx

How to Configure SSL for Exchange ActiveSync

http://technet.microsoft.com/en-us/library/bb266938%28EXCHG.80%29.aspx

Exchange 2010:

Managing SSL for a Client Access Server

http://technet.microsoft.com/en-us/library/bb310795.aspx

Configure SSL for Exchange ActiveSync

http://technet.microsoft.com/en-us/library/bb266938.aspx

Having configured the Exchange server to allow an SSL secured connection, you also need to ensure that port 443 is open on your firewall.  This will allow the phone on the Internet to make a connection into your Exchange server.

Below are links that provide information and some examples of how others have configured their Exchange server to use SSL on port 443, in this case for Outlook Web Access, using Microsoft self -signed certificates.  Motorola has confirmed that Droid X will connect to exchange servers that have been configured similarly.

Exchange 2003:
http://www.msexchange.org/tutorials/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html
- Section starts about 25% down the page under the heading: Enabling SSL on OWA

Exchange 2007:
http://www.isaserver.org/tutorials/Generating-SSL-Certificates-Exchange-2007-ISA-Server-2006.html

The assumption is that their server isn’t already using port 443 for non SSL connections.  Their server would still operate without SSL on port 80 so this should not affect their other users.

2. On the      device, the user should go to Accounts, tap on “Add account”, select.      “Corporate Sync” and add his/her account information.

After      tapping on the “Next” button, the user will see an error message "Error      adding account" with 2 options "Cancel" / "Disable      Verification". This error occurs when the self-signed certificate is      used as the phone does not recognize it as one of the known 3rd

party certificates.  The user      should select “Disable Verification option”

Can you try the above and provide feedback?

Reply
Options

58 Posts

07-26-2010

0 Signins

0 Page Views

  • Posts: 58
  • Registered: ‎07-26-2010
  • Location:
  • Views: 0
  • Message 2 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-26, 21:43 PM

Francois,

So if I'm understanding this correctly, the proposed work around is to install an unsigned certificate to the Exchange server, enable that certificate for ActiveSync, and then add the account to Corporate Sync. 

Using the steps/documentation you've provided in the your post, will the end user who access OWA via a browser (from home or in the field) be presented with a prompt that signals an unsigned certificate?  I'm willing to test for testing purposes, but if additional prompts and/or complications are added to the majority of our end users who access OWA, I don't think this can even be considered a short term solution.

Reply
Options

164 Posts

07-23-2010

Brazil

0 Signins

0 Page Views

  • Posts: 164
  • Registered: ‎07-23-2010
  • Location: Brazil
  • Views: 0
  • Message 3 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-26, 23:43 PM

Hi Davbak

I don't think adding the unsigned cert for ActiveSync will effect the OWA experience, but I'll try to confirm.

Francois

Reply
Options

58 Posts

07-26-2010

0 Signins

0 Page Views

  • Posts: 58
  • Registered: ‎07-26-2010
  • Location:
  • Views: 0
  • Message 4 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-27, 1:56 AM

Thanks.  I should have time to try this out tomorrow.

Reply
Options

23 Posts

07-19-2010

0 Signins

0 Page Views

  • Posts: 23
  • Registered: ‎07-19-2010
  • Location:
  • Views: 0
  • Message 5 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-27, 19:53 PM

Will installing the SSL affect other users of our Exchange?  We have a mix of iPhones, old Droids and my Droid X.  From a cost standpoint, having our IT guys install a cert would cost more than taking the phone back for a new phone...

Reply
Options

164 Posts

07-23-2010

Brazil

0 Signins

0 Page Views

  • Posts: 164
  • Registered: ‎07-23-2010
  • Location: Brazil
  • Views: 0
  • Message 6 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-27, 21:40 PM

Hi,

I got confirmation from our internal expert that installing a self signed ssl certificate by following the instructions we have should fix the issue and not cause any problems with existing users.

Thanks,

Francois

Reply
Options

58 Posts

07-26-2010

0 Signins

0 Page Views

  • Posts: 58
  • Registered: ‎07-26-2010
  • Location:
  • Views: 0
  • Message 7 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-27, 21:44 PM

Francois,

Thanks for the follow up.  I have installed the certificate but I haven't enabled it yet because I still need to open the appropriate ports on our outward facing firewall.

Also, once the certificate is installed, it's important to note that a redirect MUST be implemented to force all traffic going to http://mail.servername.com (generic URL obviously) to https://, other wise users will get a 403 error when accessing the old URL (in the event users have that URL bookmarked).  This applies to anyone using OWA.

Thanks,
Dave

Reply
Options

1028 Posts

07-16-2010

United States

0 Signins

0 Page Views

  • Posts: 1028
  • Registered: ‎07-16-2010
  • Location: United States
  • Views: 0
  • Message 8 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-28, 11:16 AM

I work for a global company.  I can not contact my server administrator and ask them to make changes on the server side so that Motorola can do testing.  Any changes that I make MUST be done from the phone side only.  If the phone works with Touchdown and the old email client from the Droid 1 then it is obviously a problem with the phone settings.

Please advise what can be done from the phone side.  Server changes are NOT an option here.

Thank you.

Reply
Options

6 Posts

07-27-2010

0 Signins

0 Page Views

  • Posts: 6
  • Registered: ‎07-27-2010
  • Location:
  • Views: 0
  • Message 9 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-28, 14:25 PM

Questions for everyone who HAS gotten this to work.

Background:

When people have connected to our front end server using OWA, it has always been to an https:// site. We have a certificate from GoDaddy Class II Certification Authority.  The part that is confusing me (I didn't set this server up initially) is that when I look at the actual settings on the server it says that certificate services is not installed.

Questions:

1) On which of our servers (One Front-End, and Two Back-Ends) do certificate services need to be installed?  Just on the FE?  Just one the BE servers? Both of the BE servers? All three?

2) I am probably missing something very important, but how the heck do I install the certificate on the DroidX device?

3) Does anyone know if installing Certificate services is going to screw up the installation of our purchased cert, or can a machine have two certificates, one self signed and one purchased that both identify the machine?

I am still kind of new to learning how SSL works and how to configure it, so please have some patience with me!

Reply
Options

107 Posts

07-19-2010

0 Signins

0 Page Views

  • Posts: 107
  • Registered: ‎07-19-2010
  • Location:
  • Views: 0
  • Message 10 of 53

Re: Exchange setup issue when no SSL required - Please read, test and provide feedback

2010-07-28, 16:31 PM

We got Droid X working on Exchange 2007 and this how from our network admin:

The goal here is for the droid x to build the initial trust relationship between the server and the phone.  For some reason the droid x in particular has a problem doing so with our servers.  One of my theories is that we use a godaddy certificate as opposed to Verisign.  Motorola, in particular, has some outrageous security requirements that reject a lot of 3rd party certificates.

I believe the reason this process worked for us is because internally we use a self assigned security certificate.

So here is what I did to create the trust relationship:

Connect the phone to our wifi

Shutdown the phone and restart it.

Before it can fully connect to the VZ network, put it into airplane mode.

Enable wifi.

Configured CorporateSync but used a local server name, accepted any certificate issues that came up.

Sync started working. Trust relationship established!

Synced up the phone fully, clicked through calendar, email, and contacts.

Changed the server name under corporate sync to the external netbios host name.

Restarted the phone.

Connected to VZ network and turned off wifi.

Sync working.

(The reason for all the restarts is to clear the domain name resolution as our local domain, on the world web, is another company's website.)

Now that I have Corporate Sync working, there are quite a few glaring issues:

Notifications are haphazard.

Can't select and copy/paste text.

Push email is also hit or miss, maybe it has something to do with the power saving mode, not sure yet.

Can't search your emails either in the program or via the global search on the phone (This seems f*ing rediculous as my 3-year blackberry could and if we played a word association game and I said "Google" you would say "SEARCH!!!!"  I don't think this is an option in Android 2.2 either.  This is basic functionallity!!!!

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms