Mobility Site - View Single Post - Exchange, Evolution and the Happy ActiveSync

SevenRains · 08-05-06, 08:24 AM

This second post will hopefully resolve some hardcore trouble with M$ Exchange 2003, the Linux Evolution Sync and our lovely ActiveSync we all adore.

First thing's first and we should clarify from the start that the opensource project syncml, the opensource counterpart for M$ ActiveSync, does not support Windows Mobile 5 devices and as far as I know this is nested deep into the linux kernel which, at it's current version, does not support WM5 devices. So what are we gonna do? I asked myself this question since I prefer a free OS contrary to a commercial operating system. Because? Well... We're not going to start the OS bashing and flame posts at this time.

The solution I've found, is to run a M$ Exchange server. What happens is, the Axim will sync with the Exchange server (even wireless) and then my email client will sync with the M$ Exchange server. That way, my Axim and my email client will be kept up to date with all my callendar, notes, contacts and so on and so forward.

In the past few days, I've almost been kicked out of the house by my lovely girlfriend who stated that she feels like puking when she sees the export certificate wizzard of Internet Explorer and that she goes nuts when she hears the "mouse like"-sounds of the ActiveSync program. Lucky for me, she still loves me... But let's boil down to the dough...

First of all, if you have a torrentful personality, you will know what to do so I'll skip the foreplay.

M$ Exchange is a very nice program with thousands of checkboxes (boy, I haven't ticked so many in my life up to now) which allows you to syn your mobile device. Second, though, there are a couple of glitches which you'll have to fix in order for activesync to work and I'll provide a full list of troubleshooting tricks to get that Axim of yours synced.

On the server:

1.) Going back to the first point: Once you get yourself M$ Exchange, browse the net and get yourself the SP2 update from M$! This will solve most your problems with Exchange!

2.) After you've installed M$ Exchange, open the IIS Manager (Start -> Programs -> Administrative Tools -> Internet Information Services) and expand "Web Sites" and right click the "Default Website". There, go to "Directory Security" and make sure you have only [x] Integrated Windows authentication and [x] Basic authentication (password is sent in clear text). Disable the "anonymous access" for now although you'll need it if you have a browsable site on the root...

3.) Certificates: You'll need to set up a server certificate to use SSL syncing. But you probably are a poor mortal who doesn't want to heat up your credit card to get a 100$ certificate from verisign. If you are immortal, then the article isn't for you and please bug verisign, m$ and all other mamouths with your problem...

On the same properties page as point (2), at "Directory Secutiry" you'll see "Secure communications". Click "Server Certificate" and follow the steps to make a certificate request and save the file to C:\certnew.txt

Then, install the certificate authority windows component. From Add/Remove Programs, go to Add/Remove Windows Components and install "Certificate Server".

Then go to http://localhost/certsrv in IE, choose "Request a certificate" then "advanced certificate request" then "Submit a certificate request by using a base64 [...]". Copy the contents of C:\certnew.txt in "Saved Request", choose "Web Server" from Certificate Template and click Submit.

Save the file in Base64 encoding to a file. Say C:\certnew.cer. After doing this, go to IIS again, click Server Certificates and complete the wizzard by choosing your C:\certnew.cer file.

4. ) Make sure you have Required SSL disabled on Default Web Site! Don't be an ass, let the people pick their poison!

5. ) Now go to your website OWA using the https protocol: https://somesite.com/exchange. IE will probably will put a padlock in your status bar indicating that you are browsing a secured site. Click on the padlock and choose "Install Certificate". Then go to Internet Option -> Security -> Certificates and Export the certificate as a DER format certificate. Save it somewhere, if not IN the Axim itself.

On the Axim:

1. ) Open File Explorer and double click your saved certificate and install it on your Axim.

2. ) In the ActiveSync program, while you're NOT connected by USB, choose "Menu" on the right and choose "Configure Server". Type your server name, tick [x] Use SSL, your username and password, the objects you wish to sync and finish the configuration.

You're done now! You can try to sync... If you get errors, follow the pitfalls section comming up next.

Pitfalls:

1. ) Certificate erros on Axim. Ugh... Nasty! Verify if your certificate doesn't give any warning when browsing your Exchange site with IE or a similar browser except the "You're a browsing a site with a certificate you have not chosen to trust". Make sure you have M$ Exchange SP2. Still not working?

1.1 ) Use a registry editor on your Axim and go to "Hkey_current_user/Software/Microsoft/ActiveSync/Partners/[the folder with your M$ Exchange server, there should be to CLISDs] and ass the following DWORD: Secure with the value 0.

2. ) Server could not be reached. Check your firewall. You need to forward port 443 to your Exchange Server. Check if your computer has a valid, reachable hostname.

3. ) You get: "Your account does not allow you to sync...". Go back to (1) and check all those steps again. Check if in the Exchange Manager on "Mobile Services"->Properties you have [x] Enable Outlook Mobile Access AND [x] Enable unsupported devices.

Post here if you have some trouble and I'll try to debug you to my best. May be some time before I check the forum again but when I'll check back here I'll do my best to help.

Cheers,
r.

Edit 1. ) Be careful: Each time you choose to remove the current server from your list by using the desktop program ActiveSync the registry setting at point 1.1 gets deleted. This is normal and quite good because the whole Exchange partnership gets deleted from your PDA's hive. The setting at point 1.1 is very important in case you use, like we've described above, a third party or a self signed certificate. Your Axim comes with a good arsenal of certificates but it still won't trust your own even if you import it like we've mentioned at point 1 on the Axim. You'll have to manually add the DWORD Secure with the value 0 to the registry every time you sync with an Exchange server with a self-signed certificate.

08-05-06, 08:24 AM	#1 (permalink)
SevenRains Aximsite Prospect Join Date: Jul 2006 Posts: 2 Thanked 0 Times in 0 Posts	Exchange, Evolution and the Happy ActiveSync This second post will hopefully resolve some hardcore trouble with M$ Exchange 2003, the Linux Evolution Sync and our lovely ActiveSync we all adore. First thing's first and we should clarify from the start that the opensource project syncml, the opensource counterpart for M$ ActiveSync, does not support Windows Mobile 5 devices and as far as I know this is nested deep into the linux kernel which, at it's current version, does not support WM5 devices. So what are we gonna do? I asked myself this question since I prefer a free OS contrary to a commercial operating system. Because? Well... We're not going to start the OS bashing and flame posts at this time. The solution I've found, is to run a M$ Exchange server. What happens is, the Axim will sync with the Exchange server (even wireless) and then my email client will sync with the M$ Exchange server. That way, my Axim and my email client will be kept up to date with all my callendar, notes, contacts and so on and so forward. In the past few days, I've almost been kicked out of the house by my lovely girlfriend who stated that she feels like puking when she sees the export certificate wizzard of Internet Explorer and that she goes nuts when she hears the "mouse like"-sounds of the ActiveSync program. Lucky for me, she still loves me... But let's boil down to the dough... First of all, if you have a torrentful personality, you will know what to do so I'll skip the foreplay. M$ Exchange is a very nice program with thousands of checkboxes (boy, I haven't ticked so many in my life up to now) which allows you to syn your mobile device. Second, though, there are a couple of glitches which you'll have to fix in order for activesync to work and I'll provide a full list of troubleshooting tricks to get that Axim of yours synced. On the server: 1.) Going back to the first point: Once you get yourself M$ Exchange, browse the net and get yourself the SP2 update from M$! This will solve most your problems with Exchange! 2.) After you've installed M$ Exchange, open the IIS Manager (Start -> Programs -> Administrative Tools -> Internet Information Services) and expand "Web Sites" and right click the "Default Website". There, go to "Directory Security" and make sure you have only [x] Integrated Windows authentication and [x] Basic authentication (password is sent in clear text). Disable the "anonymous access" for now although you'll need it if you have a browsable site on the root... 3.) Certificates: You'll need to set up a server certificate to use SSL syncing. But you probably are a poor mortal who doesn't want to heat up your credit card to get a 100$ certificate from verisign. If you are immortal, then the article isn't for you and please bug verisign, m$ and all other mamouths with your problem... On the same properties page as point (2), at "Directory Secutiry" you'll see "Secure communications". Click "Server Certificate" and follow the steps to make a certificate request and save the file to C:\certnew.txt Then, install the certificate authority windows component. From Add/Remove Programs, go to Add/Remove Windows Components and install "Certificate Server". Then go to http://localhost/certsrv in IE, choose "Request a certificate" then "advanced certificate request" then "Submit a certificate request by using a base64 [...]". Copy the contents of C:\certnew.txt in "Saved Request", choose "Web Server" from Certificate Template and click Submit. Save the file in Base64 encoding to a file. Say C:\certnew.cer. After doing this, go to IIS again, click Server Certificates and complete the wizzard by choosing your C:\certnew.cer file. 4. ) Make sure you have Required SSL disabled on Default Web Site! Don't be an ass, let the people pick their poison! 5. ) Now go to your website OWA using the https protocol: https://somesite.com/exchange. IE will probably will put a padlock in your status bar indicating that you are browsing a secured site. Click on the padlock and choose "Install Certificate". Then go to Internet Option -> Security -> Certificates and Export the certificate as a DER format certificate. Save it somewhere, if not IN the Axim itself. On the Axim: 1. ) Open File Explorer and double click your saved certificate and install it on your Axim. 2. ) In the ActiveSync program, while you're NOT connected by USB, choose "Menu" on the right and choose "Configure Server". Type your server name, tick [x] Use SSL, your username and password, the objects you wish to sync and finish the configuration. You're done now! You can try to sync... If you get errors, follow the pitfalls section comming up next. Pitfalls: 1. ) Certificate erros on Axim. Ugh... Nasty! Verify if your certificate doesn't give any warning when browsing your Exchange site with IE or a similar browser except the "You're a browsing a site with a certificate you have not chosen to trust". Make sure you have M$ Exchange SP2. Still not working? 1.1 ) Use a registry editor on your Axim and go to "Hkey_current_user/Software/Microsoft/ActiveSync/Partners/[the folder with your M$ Exchange server, there should be to CLISDs] and ass the following DWORD: Secure with the value 0. 2. ) Server could not be reached. Check your firewall. You need to forward port 443 to your Exchange Server. Check if your computer has a valid, reachable hostname. 3. ) You get: "Your account does not allow you to sync...". Go back to (1) and check all those steps again. Check if in the Exchange Manager on "Mobile Services"->Properties you have [x] Enable Outlook Mobile Access AND [x] Enable unsupported devices. Post here if you have some trouble and I'll try to debug you to my best. May be some time before I check the forum again but when I'll check back here I'll do my best to help. Cheers, r. Edit 1. ) Be careful: Each time you choose to remove the current server from your list by using the desktop program ActiveSync the registry setting at point 1.1 gets deleted. This is normal and quite good because the whole Exchange partnership gets deleted from your PDA's hive. The setting at point 1.1 is very important in case you use, like we've described above, a third party or a self signed certificate. Your Axim comes with a good arsenal of certificates but it still won't trust your own even if you import it like we've mentioned at point 1 on the Axim. You'll have to manually add the DWORD Secure with the value 0 to the registry every time you sync with an Exchange server with a self-signed certificate. Last edited by SevenRains; 08-05-06 at 03:35 PM.