Nobody had the answer on how to set up activesync over the air on a Motorola MPx200 using T-mobile GPRS connectivity. So here it is for those poor souls lost in the wilderness of misinformation, missing information, and a general lack of comprehendable documentation from Microsoft...
This information is provided as-is, with no warranty of any kind. Use at your OWN RISK!
This REQUIRES the T-Mobile VPN/Internet package (Now available for $19.99 a month). It ABSOLUTELY WILL NOT WORK with the free WAP or $4.99 WAP plans or the $9.99 T-Zones Pro plan so don't bother trying. While you might get it to work once in a while, the only supported and guaranteed plan is the VPN/Internet plan.
1) Install Exchange 2003 (Small Business Server is the best option for a single server implementation)
2) Install a certificate (self-signed, purchased, whatever)
3) Configure Outlook Web Access to use "Forms Based Authentication" (you can Google this if you don't know how)
4) Open port 443 (HTTPS) and direct it to your Exchange server
5) MAKE SURE OWA WORKS from OUTSIDE your network!
That is ALL you need to do for Exchange. The tough part is the phone.
1) I am assuming you have deleted your data connections for AT&T. Even better if you have flashed the phone with the original firmware
2) Press PROGRAMS -> SETTINGS -> DATA CONNECTIONS
3) Press MENU -> EDIT CONNECTIONS -> PROXY CONNECTIONS
4) Press MENU -> ADD
DESCRIPTION: T-Zones WAP Proxy
CONNECTS FROM: The Internet
CONNECTS TO: WAP Network
PROXY: 216.155.165.50
TYPE: WAP
USER NAME: <blank>
PASSWORD: <blank>
5) Press DONE
6) Press MENU -> ADD
DESCRIPTION: T-Zones SWAP Proxy
CONNECTS FROM: The Internet
CONNECTS TO: Secure WAP Network
PROXY: 216.155.165.50
TYPE: WAP
USER NAME: <blank>
PASSWORD: <blank>
7) Press DONE
8) Press DONE
9) Press GPRS CONNECTIONS
10) Press MENU -> ADD
DESCRIPTION: T-Zones GPRS
CONNECTS TO: The Internet
ACCESS POINT: internet3.voicestream.com
USER NAME: <blank>
PASSWORD: <blank>
PRIMARY DNS: 216.155.165.50
SECONDARY DNS: 216.155.165.51
IP ADDRESS: <blank>
11) Press DONE
12) Press MENU -> ADD
DESCRIPTION: T-Zones WAP
CONNECTS TO: The Internet
ACCESS POINT: internet3.voicestream.com
USER NAME: <blank>
PASSWORD: <blank>
PRIMARY DNS: 0.0.0.0
SECONDARY DNS: 0.0.0.0
IP ADDRESS: <blank>
13) Press DONE
14) Press DONE
15) Press DONE
16) Setting for the DATA CONNECTIONS page:
INTERNET CONNECTION: Automatic
WORK CONNECTION: Automatic
WAP CONNECTION: Automatic
SECURE WAP CONNECTION: Automatic
17) Press DONE
18) Press DONE
19) Press PROGRAMS
20) Open INBOX
21) Press MENU -> OPTIONS
22) Press E-MAIL SETUP
23) Press CONNECTION
USERNAME: Your Windows domain login name
PASSWORD: Your Windows domain password
DOMAIN: The NETBIOS name of your Windows Domain
SERVER NAME: The external FQDN (Fully Qualified Domain Name) name of your Exchange server
SAVE PASSWORD: Your call. If you don't you have to enter it every time.
LOGGING: DO NOT SET THIS TO NONE! It won't sync if this is none. I recommend VERBOSE.
24) Press DONE
25) Press DONE
26) Press DONE
27) Press your HOME key
28) If you already have a partnership on your desktop for the phone, DELETE IT.
29) Drop the phone in the cradle
30) Create a new partnership. You WILL GET AN ERROR if you are using a self-signed cert. The next step fixes this
31) Once the sync operation ends you need to tell the phone NOT to verify the server's digital certificate. Download the MS program to disable certificate checking (http://www.microsoft.com/downloads/details.aspx?FamilyId=D88753B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en)
32) Run the program which extracts three files. PAY ATTENTION to where you export the files!
33) Click START -> RUN and type CMD in the box and press <ENTER>
34) In the command window type the drive letter where you extracted the files (C:, D:. etc) and press <ENTER>
35) Type CDPATH TO THE EXTRACTED FILES and press <ENTER>
36) Type "CERTCHK OFF" without the quotes and press <ENTER>
37) Take the phone out of the cradle again
38) Power cycle the phone (Turn it off then back on)
39) Put the phone in the cradle and ActiveSync should complete without any errors
40) Remove the phone from the cradle
41) Press PROGRAMS
42) Open INBOX
43) Press MENU -> OPTIONS
44) Press E-MAIL SETUP
45) Press CONNECTION and change the SERVER NAME. Everything else remains unchanged.
SERVER NAME: The FQDN (Fully Qualified Domain Name) of your Exchange server as seen from the outside world
46) Press DONE
47) Press DONE
48) Press DONE
49) Press your HOME key
50) Press PROGRAMS
51) Press ACTIVESYNC
52) Press SYNC
If all goes well you are now connecting to your internal Exchange server over GPRS and syncronizing changes with your Exchange account.
Good luck!
Fanatastic work.
If someone else uses these instructions and has a problem please provide some feedback. I might have missed a step or something that will prevent it from working for you. And these are as much for me as anyone else, cause I know I will nuke my phone and have to set all this up again...
i just tried the settings and get an CONNMGR_33 error ... i have signed up for the Pro plan and have waited for over 24hrs but still the same problem. i know that OMA works ... other employees at the company are using it with ATTWS. any ideas on what i could try?
I think you pasted the wrong error. Check out this site:
http://www.cewindows.net/faqs/activesync/mis.htm
I can't make this work on my mpx200 with t-mobile - I have signed up for the pro tzones, but that isn't helping.
however, last week I was out of town and roamed to the cingular network and it worked there. Back on my home t-mobile, it's back to not working.
I called t-mobile and they seem to have no idea what activesync over the internet is - they claim they don't support it.
is there anything that I can do to find help somewhere?
Mine stopped working last week. Not sure why but I will be on the phone tomorrow with T-Mobile.
I am having the same issue. Was working fine last week...
I got it. It seems that T-Mobile changed their internet3.voicestream.com connection to block port 443. I revised my instructions http://www.mpx200.org/index.php?name=PNphpBB2&file=viewtopic&p=13158#13158 to reflect the change.
To change it if you already configured your phone:
1) Press PROGRAMS -> SETTINGS -> DATA CONNECTIONS
2) Press MENU -> EDIT CONNECTIONS
3) Select GPRS CONNECTIONS and press the blue action button
4) Select T-ZONES WAP and press the blue action button
5) Change the entry in the ACCESS POINT field from wap.voicestream.com to internet3.voicestream.com
6) Press DONE
7) Press DONE
8) Press DONE
9) Press DONE
10) Press DONE
11) Press the HOME key
Now try to sync again. I set mine up this morning and have been able to sync about 15 times today so far. Did I mention I love unlimited internet?
This was working great for a few days, but stopped working for me today.
Anyone else?
I upgraded to TZones Pro with the hope of being able to access Exchange over Active Sync. But I am unable to perform Exchange Active Sync.
Raj
How long did you wait after adding the Pro to your plan? They tell you 2 - 3 hours on the phone for it to work. LIES! LIES I TELL YOU! It took mine just shy of 24 hours.
If you are having problems you should be getting specific error messages. What are they?
Its been more than 4 days since I was upgraded. The error I get is
"The server could not be reached. This can be caused by temporary network conditions or because an incorrect name was entered"
So you dont get an error like "INTERNET_29"?
Try this: from an outside network connect your phone as a GUEST with ActiveSync. Will it sync with your Exchange server using the computer as a proxy?
Ok I think I have got it now. I have a trouble ticket open with Tier 2 Data at T-Mobile to figure out the issue and it seems one of my settings was wrong above. I have edited both of my posts so they contain the correct information. Basically you need to change everywhere that you have "wap.voicestream.com" to "internet3.voicestream.com" and it REQUIRES their VPN and Internet access plan (19.99) to be guaranteed to work. It will occasionally work even with their free WAP service but they only way they actually support is with the VPN and Internet plan.
Let me know if you are still having issues or if it works for you.
nope - still not working - is the VPN and internet access plan different than the T-zones pro plan?
I just upgraded to the vpn plan - I'll try this in 4 hours and see if it works and let everyone know
Please do. Every time I talk to those folks I get a different answer. You should see the 3 pages of the trouble ticket I opened. Can you say "clueless"? Sure you can.
But for the record, mine has been working since my VPN/Internet plan kicked in.
I tried it last night and it works fine now - thanks a bunch for the help
I had tried to get to someone in tech support to help me and was told I was escallated as high as I could go and no one knew how to configure this. I even saw the T-mobile guys at Tech-Ed and asked them - they said that T-mobile hadn't decided yet when they would support a smartphone and couldn't help me.
too bad - great service otherwise, just a bit of a pain if they can't help you configure your phone.
The article you linked refers to OMA (Outlook Mobile Access). This is not what is used for ActiveSync and therefore doesn't apply. And so far I have had no issues with OWA (Outlook Web Access) since setting it up 2 months ago.
Thawte does provide cheap certs. Unfortunately they are not free.
Slacker.
The article refers to both.
"When you try to access a Microsoft Exchange Server 2003 computer by using Microsoft Outlook Mobile Access or Microsoft ActiveSync, you may experience one of the following symptoms..."
Since ActiveSync uses the OMA conduit, this is understandable.
You provided a great article, and I just wanted to add to it.
I currently have two live Exchange 2003 implementations, and both are using Server ActiveSync. The users love them.
I'm waiting to get a smartphone myself (mpx220) and already have a PocketPC Phone up and running - but it's too large to carry around all the time so I just have it sitting in the car acting as an email client.
To discribe the problem quickly, when ActiveSync speaks to the server, the front-end server speaks to the client on port 80/443. However the traffic from the front-end server to the back-end server only happens on port 80. If you have a single-server environment (most people probably do) then this front-end to back-end is really happening on the same server, and so you have to configure a custom folder to handle this communication. So, if anyone has a single-server configuration, and has forced SSL on the /exchange folder, and wants to use ActiveSync, then this article is for them.
Thanks again for a great article.
-=Nick=-
I appreciate the information. I guess I just don't understand. You talk about a custom folder for the front-end / back-end communication to happen on the same box. I am using SBS2k3 and didn't have to set up any type of custom folders. Once I did the basic install of 2k3 and configured the phone it worked fine. Same with my iPaq 5455. So can you explain exactly what you are referring to with this custom folder?
The way Microsoft want you to set up Exchange in a large organisation, it to have a "front end" server. This server speaks to the internet and handles all the public traffic. So, inbound/outbound SMTP, as well as OWA, OMA and ActiveSync are all handled by this server. The font end server does not contain any mailboxes or public folders.
Then there is a "back end" server, that is completely private and is not responsible for sending anything to the internet - it just sends it to the front-end server and that server then sends it. Kind of like a proxy thing. The back end server is where the data (ie mailboxes) is stored.
Now, in LARGE organisations, this makes a lot of sense.
In small organisations, this is expensive, and very few small companies will do it.
Now, having said all that, some applications, such as OMA, and RPC Proxy, take the traffic from the front end server, and relay it to the back end server. They're just designed that way.
If you happen to have a single server (which most of use will) then the front end / back end functionality is all happening on one server.
Now, if you read the MSKB article that I posted, you will see that it describes how OMA/ActiveSync traffic is received on the front end server, and sent as a request to the /exchange folder on the back end server. Since a back end server is designed to not be public, the assumption is that the back end server will not be running SSL, and so the traffic is directed to the /exchange folder on the back end server using HTTP (port 80).
If you happen to have a single server environment, and have forced SSL on the /exchange folder (good practice) then the front end request to the back end server will fail, as the back end server will not allow HTTP traffic to the /exchange folder. (ie the OMA folder is making an HTTP request of the /exchange folder, which has security prohibiting such requests.)
The solution here is to make a new virtual directory. Since the /exchange folder already exists, the solution (in the MSKB article) is to COPY the exact settings of this folder, and then to creat a new folder (call it anything you like, they suggest "/exchDev") using the same paramaters as the /exchange folder. You the decrease the security on this new folder, to allow traffic on port 80, while simultaneously increasing the traffic on the folder to only allow traffic from the server's IP address (so only the server can request traffic on this special folder.) Lastly, haveing created the security on this new folder, you edit the registry to redirect the OMA/ActiveSync requests from the front end server to go the new folder, instead of the /exchange folder.
Yes, it sounds kinda complicated.
The simple thing to do is to see if the server activesync is working for you.
Try it with a device such as a PocketPC (wifi models make this easy) and see if you can sync or not.
If you are having problems, then you may need to run through the instructions in the MSKB article.
I hope I have not confused the issue too much.
I don't know about MS SBS, as I have not used a recent version of it. I would not be surprised if they had done a few tweaks in order to make it play nicer with itself.
Okay, this has gone on a LONG time. If anyone has any questions, please just email me directly at npoore _at_ bde3d.com.
Thanks.
-=Nick=-
it works great now - thanks for all the help
I guess my server doesn't have the issue, because it has worked with my PocketPC great since day 1, and with my MPx200 most of the time.
http://support.microsoft.com/default.aspx?scid=kb;en-us;323077
I didn't use any ports except what is listed in the instructions. Works great for most of the other folks that have used them. I suggest deleting all of your data settings and starting over. Once you can browse the web and secure sites, THEN try to set up OTA activesync.
To receive updates on activesync with the exchage server, you will need to make sure that basic authentication is set in IIS on either the mailbox server or front end. Really it just needs to be set on whichever server you are pointing to. I could not get this to work for awhile, and then I came acroos the fact that basic authentication wasn't checked. This is a by product of running IISlockdown on your exchange servers. Hope this helps.
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)