Printable Version of Topic

Posted by: Slacker

Nobody had the answer on how to set up activesync over the air on a Motorola MPx200 using T-mobile GPRS connectivity. So here it is for those poor souls lost in the wilderness of misinformation, missing information, and a general lack of comprehendable documentation from Microsoft...

This information is provided as-is, with no warranty of any kind. Use at your OWN RISK!

This REQUIRES the T-Mobile VPN/Internet package (Now available for $19.99 a month). It ABSOLUTELY WILL NOT WORK with the free WAP or $4.99 WAP plans or the $9.99 T-Zones Pro plan so don't bother trying. While you might get it to work once in a while, the only supported and guaranteed plan is the VPN/Internet plan.

1) Install Exchange 2003 (Small Business Server is the best option for a single server implementation)
2) Install a certificate (self-signed, purchased, whatever)
3) Configure Outlook Web Access to use "Forms Based Authentication" (you can Google this if you don't know how)
4) Open port 443 (HTTPS) and direct it to your Exchange server
5) MAKE SURE OWA WORKS from OUTSIDE your network!

That is ALL you need to do for Exchange. The tough part is the phone.

1) I am assuming you have deleted your data connections for AT&T. Even better if you have flashed the phone with the original firmware
2) Press PROGRAMS -> SETTINGS -> DATA CONNECTIONS
3) Press MENU -> EDIT CONNECTIONS -> PROXY CONNECTIONS
4) Press MENU -> ADD

DESCRIPTION: T-Zones WAP Proxy
CONNECTS FROM: The Internet
CONNECTS TO: WAP Network
PROXY: 216.155.165.50
TYPE: WAP
USER NAME: <blank>
PASSWORD: <blank>

5) Press DONE
6) Press MENU -> ADD

DESCRIPTION: T-Zones SWAP Proxy
CONNECTS FROM: The Internet
CONNECTS TO: Secure WAP Network
PROXY: 216.155.165.50
TYPE: WAP
USER NAME: <blank>
PASSWORD: <blank>

7) Press DONE
8) Press DONE
9) Press GPRS CONNECTIONS
10) Press MENU -> ADD

DESCRIPTION: T-Zones GPRS
CONNECTS TO: The Internet
ACCESS POINT: internet3.voicestream.com
USER NAME: <blank>
PASSWORD: <blank>
PRIMARY DNS: 216.155.165.50
SECONDARY DNS: 216.155.165.51
IP ADDRESS: <blank>

11) Press DONE
12) Press MENU -> ADD

DESCRIPTION: T-Zones WAP
CONNECTS TO: The Internet
ACCESS POINT: internet3.voicestream.com
USER NAME: <blank>
PASSWORD: <blank>
PRIMARY DNS: 0.0.0.0
SECONDARY DNS: 0.0.0.0
IP ADDRESS: <blank>

13) Press DONE
14) Press DONE
15) Press DONE
16) Setting for the DATA CONNECTIONS page:

INTERNET CONNECTION: Automatic
WORK CONNECTION: Automatic
WAP CONNECTION: Automatic
SECURE WAP CONNECTION: Automatic

17) Press DONE
18) Press DONE
19) Press PROGRAMS
20) Open INBOX
21) Press MENU -> OPTIONS
22) Press E-MAIL SETUP
23) Press CONNECTION

USERNAME: Your Windows domain login name
PASSWORD: Your Windows domain password
DOMAIN: The NETBIOS name of your Windows Domain
SERVER NAME: The external FQDN (Fully Qualified Domain Name) name of your Exchange server
SAVE PASSWORD: Your call. If you don't you have to enter it every time.
LOGGING: DO NOT SET THIS TO NONE! It won't sync if this is none. I recommend VERBOSE.

24) Press DONE
25) Press DONE
26) Press DONE
27) Press your HOME key
28) If you already have a partnership on your desktop for the phone, DELETE IT.
29) Drop the phone in the cradle
30) Create a new partnership. You WILL GET AN ERROR if you are using a self-signed cert. The next step fixes this
31) Once the sync operation ends you need to tell the phone NOT to verify the server's digital certificate. Download the MS program to disable certificate checking (http://www.microsoft.com/downloads/details.aspx?FamilyId=D88753B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en)
32) Run the program which extracts three files. PAY ATTENTION to where you export the files!
33) Click START -> RUN and type CMD in the box and press <ENTER>
34) In the command window type the drive letter where you extracted the files (C:, D:. etc) and press <ENTER>
35) Type CDPATH TO THE EXTRACTED FILES and press <ENTER>
36) Type "CERTCHK OFF" without the quotes and press <ENTER>
37) Take the phone out of the cradle again
38) Power cycle the phone (Turn it off then back on)
39) Put the phone in the cradle and ActiveSync should complete without any errors
40) Remove the phone from the cradle
41) Press PROGRAMS
42) Open INBOX
43) Press MENU -> OPTIONS
44) Press E-MAIL SETUP
45) Press CONNECTION and change the SERVER NAME. Everything else remains unchanged.

SERVER NAME: The FQDN (Fully Qualified Domain Name) of your Exchange server as seen from the outside world

46) Press DONE
47) Press DONE
48) Press DONE
49) Press your HOME key
50) Press PROGRAMS
51) Press ACTIVESYNC
52) Press SYNC

If all goes well you are now connecting to your internal Exchange server over GPRS and syncronizing changes with your Exchange account.

Good luck!

Posted by: abatis

Fanatastic work.

Posted by: Slacker

If someone else uses these instructions and has a problem please provide some feedback. I might have missed a step or something that will prevent it from working for you. And these are as much for me as anyone else, cause I know I will nuke my phone and have to set all this up again...

Posted by: padawan

i just tried the settings and get an CONNMGR_33 error ... i have signed up for the Pro plan and have waited for over 24hrs but still the same problem. i know that OMA works ... other employees at the company are using it with ATTWS. any ideas on what i could try?

Posted by: Slacker

I think you pasted the wrong error. Check out this site:

http://www.cewindows.net/faqs/activesync/mis.htm

Posted by: bradyr

I can't make this work on my mpx200 with t-mobile - I have signed up for the pro tzones, but that isn't helping.

however, last week I was out of town and roamed to the cingular network and it worked there. Back on my home t-mobile, it's back to not working.

I called t-mobile and they seem to have no idea what activesync over the internet is - they claim they don't support it.

is there anything that I can do to find help somewhere?

Posted by: Slacker

Mine stopped working last week. Not sure why but I will be on the phone tomorrow with T-Mobile.

Posted by: benschwartz42

I am having the same issue. Was working fine last week...

Posted by: bradyr

Does anyone have this working with T-mobile right now?

Posted by: Slacker

I got it. It seems that T-Mobile changed their internet3.voicestream.com connection to block port 443. I revised my instructions http://www.mpx200.org/index.php?name=PNphpBB2&file=viewtopic&p=13158#13158 to reflect the change.

To change it if you already configured your phone:

1) Press PROGRAMS -> SETTINGS -> DATA CONNECTIONS
2) Press MENU -> EDIT CONNECTIONS
3) Select GPRS CONNECTIONS and press the blue action button
4) Select T-ZONES WAP and press the blue action button
5) Change the entry in the ACCESS POINT field from wap.voicestream.com to internet3.voicestream.com
6) Press DONE
7) Press DONE
8) Press DONE
9) Press DONE
10) Press DONE
11) Press the HOME key

Now try to sync again. I set mine up this morning and have been able to sync about 15 times today so far. Did I mention I love unlimited internet?

Posted by: benschwartz42

This was working great for a few days, but stopped working for me today.

Anyone else?

Posted by: mohanram

I upgraded to TZones Pro with the hope of being able to access Exchange over Active Sync. But I am unable to perform Exchange Active Sync.

Raj

Posted by: Slacker

How long did you wait after adding the Pro to your plan? They tell you 2 - 3 hours on the phone for it to work. LIES! LIES I TELL YOU! It took mine just shy of 24 hours.

If you are having problems you should be getting specific error messages. What are they?

Posted by: bradyr

The told me 24 hours - it's been over a week and I haven't been able to get it to work - I believe I have the data communications settings set as specificed above. In my case i'm getting Internet_29 - synchronization failed. informaiton cannot be synchronized becase a connection to the network was not detected. Check you device connection settings and try again.

Posted by: mohanram

Its been more than 4 days since I was upgraded. The error I get is

"The server could not be reached. This can be caused by temporary network conditions or because an incorrect name was entered"

Posted by: Slacker

So you dont get an error like "INTERNET_29"?

Try this: from an outside network connect your phone as a GUEST with ActiveSync. Will it sync with your Exchange server using the computer as a proxy?

Posted by: Slacker

Ok I think I have got it now. I have a trouble ticket open with Tier 2 Data at T-Mobile to figure out the issue and it seems one of my settings was wrong above. I have edited both of my posts so they contain the correct information. Basically you need to change everywhere that you have "wap.voicestream.com" to "internet3.voicestream.com" and it REQUIRES their VPN and Internet access plan (19.99) to be guaranteed to work. It will occasionally work even with their free WAP service but they only way they actually support is with the VPN and Internet plan.

Let me know if you are still having issues or if it works for you.

Posted by: bradyr

nope - still not working - is the VPN and internet access plan different than the T-zones pro plan?

Posted by: bradyr

I just upgraded to the vpn plan - I'll try this in 4 hours and see if it works and let everyone know

Posted by: Slacker

Please do. Every time I talk to those folks I get a different answer. You should see the 3 pages of the trouble ticket I opened. Can you say "clueless"? Sure you can.

Posted by: Slacker

But for the record, mine has been working since my VPN/Internet plan kicked in.

Posted by: bradyr

I tried it last night and it works fine now - thanks a bunch for the help

I had tried to get to someone in tech support to help me and was told I was escallated as high as I could go and no one knew how to configure this. I even saw the T-mobile guys at Tech-Ed and asked them - they said that T-mobile hadn't decided yet when they would support a smartphone and couldn't help me.

too bad - great service otherwise, just a bit of a pain if they can't help you configure your phone.

Posted by: nickpoore

Just to add a couple of things...

2. Thawte certificates are one of the cheapest public certs around, but you can use the MS Cert if you choose.

3. Forms based authentication can cause some functionality problem on OWA (eg the inability to click on a URL link in an email.) For that reason I am unable to run Forms Based Authentication.

When using a single-server system, with HTTPS being forced on the /exchage server (which is always a good idea.), you need to bypass some security for the OMA & Active Sync tools.
This MS article describes the problem and gives step-by-step instructions.
http://support.microsoft.com/default.aspx?scid=kb;en-us;817379

Also, Exchange 2003 SP1 is now out, which give some help with RPC over HTTPS. If you use Outlook 2003 / Exchange 2003 you NEED to run RPC over HTTPS in order to allow your remote users to sync.. But that is a whole other topic.

Hope the MS link helps.

-=Nick=-

Posted by: Slacker

The article you linked refers to OMA (Outlook Mobile Access). This is not what is used for ActiveSync and therefore doesn't apply. And so far I have had no issues with OWA (Outlook Web Access) since setting it up 2 months ago.

Thawte does provide cheap certs. Unfortunately they are not free.

Posted by: nickpoore

Slacker.
The article refers to both.
"When you try to access a Microsoft Exchange Server 2003 computer by using Microsoft Outlook Mobile Access or Microsoft ActiveSync, you may experience one of the following symptoms..."
Since ActiveSync uses the OMA conduit, this is understandable.

You provided a great article, and I just wanted to add to it.

I currently have two live Exchange 2003 implementations, and both are using Server ActiveSync. The users love them.
I'm waiting to get a smartphone myself (mpx220) and already have a PocketPC Phone up and running - but it's too large to carry around all the time so I just have it sitting in the car acting as an email client.

To discribe the problem quickly, when ActiveSync speaks to the server, the front-end server speaks to the client on port 80/443. However the traffic from the front-end server to the back-end server only happens on port 80. If you have a single-server environment (most people probably do) then this front-end to back-end is really happening on the same server, and so you have to configure a custom folder to handle this communication. So, if anyone has a single-server configuration, and has forced SSL on the /exchange folder, and wants to use ActiveSync, then this article is for them.

Thanks again for a great article.

-=Nick=-

Posted by: Slacker

I appreciate the information. I guess I just don't understand. You talk about a custom folder for the front-end / back-end communication to happen on the same box. I am using SBS2k3 and didn't have to set up any type of custom folders. Once I did the basic install of 2k3 and configured the phone it worked fine. Same with my iPaq 5455. So can you explain exactly what you are referring to with this custom folder?

Posted by: nickpoore

The way Microsoft want you to set up Exchange in a large organisation, it to have a "front end" server. This server speaks to the internet and handles all the public traffic. So, inbound/outbound SMTP, as well as OWA, OMA and ActiveSync are all handled by this server. The font end server does not contain any mailboxes or public folders.
Then there is a "back end" server, that is completely private and is not responsible for sending anything to the internet - it just sends it to the front-end server and that server then sends it. Kind of like a proxy thing. The back end server is where the data (ie mailboxes) is stored.
Now, in LARGE organisations, this makes a lot of sense.
In small organisations, this is expensive, and very few small companies will do it.

Now, having said all that, some applications, such as OMA, and RPC Proxy, take the traffic from the front end server, and relay it to the back end server. They're just designed that way.
If you happen to have a single server (which most of use will) then the front end / back end functionality is all happening on one server.

Now, if you read the MSKB article that I posted, you will see that it describes how OMA/ActiveSync traffic is received on the front end server, and sent as a request to the /exchange folder on the back end server. Since a back end server is designed to not be public, the assumption is that the back end server will not be running SSL, and so the traffic is directed to the /exchange folder on the back end server using HTTP (port 80).

If you happen to have a single server environment, and have forced SSL on the /exchange folder (good practice) then the front end request to the back end server will fail, as the back end server will not allow HTTP traffic to the /exchange folder. (ie the OMA folder is making an HTTP request of the /exchange folder, which has security prohibiting such requests.)

The solution here is to make a new virtual directory. Since the /exchange folder already exists, the solution (in the MSKB article) is to COPY the exact settings of this folder, and then to creat a new folder (call it anything you like, they suggest "/exchDev") using the same paramaters as the /exchange folder. You the decrease the security on this new folder, to allow traffic on port 80, while simultaneously increasing the traffic on the folder to only allow traffic from the server's IP address (so only the server can request traffic on this special folder.) Lastly, haveing created the security on this new folder, you edit the registry to redirect the OMA/ActiveSync requests from the front end server to go the new folder, instead of the /exchange folder.

Yes, it sounds kinda complicated.

The simple thing to do is to see if the server activesync is working for you.
Try it with a device such as a PocketPC (wifi models make this easy) and see if you can sync or not.
If you are having problems, then you may need to run through the instructions in the MSKB article.

I hope I have not confused the issue too much.

I don't know about MS SBS, as I have not used a recent version of it. I would not be surprised if they had done a few tweaks in order to make it play nicer with itself.

Okay, this has gone on a LONG time. If anyone has any questions, please just email me directly at npoore _at_ bde3d.com.

Thanks.

-=Nick=-

Posted by: bradyr

it works great now - thanks for all the help

Posted by: Slacker

I guess my server doesn't have the issue, because it has worked with my PocketPC great since day 1, and with my MPx200 most of the time.

Posted by: billz89

Hi Slacker.

I finally got T-Mobile to get my account setup with the proper internet & vpn access. I can get to the internet, but I'm getting an error on my phone:

"Synchronization failed due to an error on the server. Try again. Error code: HTTP_500"

... and on the server

Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3005
Date: 2/12/2005
Time: 5:37:43 PM
User: Domain\UserID
Computer: ServerName
Description:
Unexpected Exchange mailbox Server error: Server: [ServerName.Domain.local] User: [EMailName@Domain.com] HTTP status code: [501]. Verify that the Exchange mailbox Server is working correctly.

I'm running Windows SBS 2003 on a single server and I can access Remote Web Workplace, etc. Any ideas?

Thanks.

Bill

Posted by: Slacker

http://support.microsoft.com/default.aspx?scid=kb;en-us;323077

Posted by: billz89

Hi Slacker.

Yep. Checked that page out and saw similar pages to that and tried the SSL disabling and making sure that anonymous access isn't checked, that external IP addresses are blocked and that Integrated Windows Authentication and Basic Authentication are checked. Everything appears to be the way it should be. Bizzarre. It I don't have the proper port on my Proxy name:port for T-Mobile could it cause that type of error?

Bill

Posted by: Slacker

huh? Where is this setting you are asking about? How do you get to the screen to see it?

Posted by: billz89

T-Mobile support gave me a port to add to my IP address for WAP Proxy. It hasn't made a difference whether or not it is there. I've reported to T-Mobile that I'm still getting an error, hopefully they can fix it.

Bill

Posted by: Slacker

I didn't use any ports except what is listed in the instructions. Works great for most of the other folks that have used them. I suggest deleting all of your data settings and starting over. Once you can browse the web and secure sites, THEN try to set up OTA activesync.

Posted by: billz89

I did go back to what the instructions have for T-Mobile settings and everything is working on the internet side, but OTA sync is still not working. The weird thing is, if I go into activesync on the MPX200 and change my userid/username so it is different from any userid in my 'domain' my server logs in security events "Unknown user name or bad password". Which seems to indicate that from an authentication level it must be talking to the server. This would lead me to believe that it is a 'path' error in Exchange/IIS.

Update: 2/15/2005: I have confirmed that my Exchange/IIS setup is corrupted. Most likely the phone and T-Mobile service are fine. Now I just have to find a way to restore the service back to the way it was.

Bill

Posted by: billz89

Hi Slacker.

Well, my SBS2k3 server is royally messed up. I can't get OMA to work via a PC based web browser so I know that for sure.

I have another SBS2k3 server that I found had a setting that was correct as far as the initial installation was concerned, but when I added an e-mail domain that wasn't the same it got confused quickly. Here is a brief description:
***
In IIS 6.0, Default WebSites, the /exchange-oma and /exchange folder paths don't match the SMTP e-mail address domain.

The original installation folder paths look something like this: \\.\BackOfficeStorage\domain.local\MBX

However in the instance in which I fixed it the path needed to be \\.\BackOfficeStorage\domain.com\MBX

Where domain.com would be the internet address after the '@' symbol in the users primary e-mail address.
***

Once this correction was made I tried my MPX200 against it and it worked great! The sad thing is that I have to rebuild my SBS2k3 server this weekend.

Hopefully once I have completed that step everything will work okay with it.

Thanks again for all the help you provided to me and also to others in this forum. It is greatly appreciated. Have a great weekend!

Posted by: bradley_st

To receive updates on activesync with the exchage server, you will need to make sure that basic authentication is set in IIS on either the mailbox server or front end. Really it just needs to be set on whichever server you are pointing to. I could not get this to work for awhile, and then I came acroos the fact that basic authentication wasn't checked. This is a by product of running IISlockdown on your exchange servers. Hope this helps.