Hi Harold, During the wipe portion of the video the mobile device received a prompt that I interpreted was a confirmation for the wipe. Did I see this correctly? If so, is the wipe command truly "optional"? Thanks, Rob

When we create a Mailbox for a New User ActiveSync (User Initiated Sync) is Enabled by Default ? Is there a way where we can Disable this by default and enable on a per user basis to control which users can user ActiveSync

Where does the mobileadmin wipe utility gather the list of devices that have connected to a given mailbox?

Thank you for the video, however, I am in need of explaining how the secure sync is to be done (with SSL checked) - I don't think businesses would try the unsecure one. Especially it's interesting for small businesses, which don't have a front-end exchange at disposition.

Hi, let me try and help out here by answering a few of the questions above SSL - The SSL certificate used by Windows Mobile is that same certificate that you would use for Outlook Web Access or RPC over HTTP. There is some more information on the www.microsoft.com/exchange site but if you are already using SSL for OWA then you have everything server side you need in place. The problem comes if someone has used small business server as this uses its own certificate authority rather than a public certificate (that a larger company may go through the expense of buying). Windows Mobile 5 with MSFP does not allow you to ignore the fact that the certificate is not from a recognised cert authority so this means you need to either a) install a public cert you have purchased from a cert authority or b) get the root CA certificate of your small business server installed as a trusted root on the device (you need to talk to the operator/device supplier for this. Mobile Admin - Correct me if I am wrong guys, but within each mailbox there is a hidden folders containing the list of devices that connect to that mailbox, I imagine the remote wipe tool uses this information to figure out what devices a given user owns. Is the wipe optional ? - I can confirm that the remote wipe is not optional for the person in possession on the device User Initiated Sync default? - I believe the answer to this is yet. It’s worth mentioning though that this can be set globally via the Exchange System Manager -> Global Settings -> Mobile Services -> Properties Hope this helps guys ! Mark

Does anyone know if there is a specific problem with GoDaddy SSL certs? I believe it is Starfield who actually issues the certificate. I have OWA working fine but ActiveSync does not work at all.

Does ActiveSync on the device keep the listening session open on port 443 on the server, or does it use a different port?

Is it possible to use Direct Push with a Windows Mobile 5 Pocket PC (non-Phone Edition)? There is no option to Sync 'As items arrive' on the non-Phone Edition, which seems to be the missing piece of the puzzle. Does this menu choice for Active Sync get installed with the MSFP ROM on the device? Thanks. Great screencast!! -Tim Barrett

It is possible that your mobile device does not support GoDaddy SSL certs out of the box. The mobile devices have a subset of the CA root certs that are available in IE. You will have to add the root cert to those devices even though you bought a public certificate to avoid that. The root certs are on the device by default are added by the phone vendor and are not consistent between different carriers. Direct Push requires a celluar phone connection. It will not work over WiFi even on PPC phone edition. It has something to do with the ability of the device to remain on the phone network even powered down. Wifi does not offer this functionality. PPC also does not support the older SMS based up to date method, only phone edition. DirectPush and SMS are the only ways to get up to date notification, which is why there is no menu option for it. PPCs are stuck with scheduled syncing.

Since PocketPC (non-phone edition) cannot get direct-push email over WiFi, will the remote wipe and other security settings still work - assuming MSFP on the device? Or can that work with the usual scheduled sync?

Sorry it took so long for me to post a response to some of the questions. Thanks Mark Deakin for jumping in and answering some of them already. I just want to add my two cents in as well for further clarification. 1. When enforcing Policy for the first time against the Windows Mobile 5 phone device, the user does get prompted. If the user chooses not to allow the policy to be applied, the device will no longer synchronize with the server. Thereafter, no prompting is done. When a Remote Wipe command is sent to the device (after policy has already been applied), then the device is just wiped. 2. The Mobileadmin tool does indeed retrieve the information about mobile devices stored in the user's Exchange profile / mailbox. 3. When you don't have an Exchange 2003 Front-End Server, then please refer to the following article: http://support.microsoft.com/default.aspx?scid=kb;en-us;817379. This gives you information on a "work around". 4. Exchange Active Sync does indeed use port 443 for communication between the Windows Mobile 5 Phone device and Exchange Server. 5. I don't believe non-phone editions of Windows Mobile 5 devices support direct push. I need to get this clarified. Harold Wong

Harold, In the device emulator, how was it setup to emulate a GPRS connection? When I setup ActiveSync to sync as Items arrive, I get the following message:Your current sync schedule requires a cellular data connection. Please set up a cellular data connection as described in online Help or change the sync schedule.

When I finished the setup of direct push, I pushed the SYNC button on my mobile device. Then my QTEK 9100 rebooted and restored to factory defaults. Anyone had the same problems? Thanks

I wish i could view this on my linux desktop.... We run 6 exchange servers here and we're getting ready to start doing tests on windows mobile 5. Too bad i can't view this video unless i walk over to the accounting office. Thanks guys!

Harold, regarding the prompt a user gets when initiating a remote wipe. You state that it only gets prompted once. Is it possible to enforce a security policy without issueing the actual wipe so that I can sent a wipe command when needed without being notified ? If the 'thief' sees this prompt he can easily cancel this promt and still has all the applications and info on the device. We don't use password enforcement on the device, so I can't enable that which also causes policy enforcement. So is it possible to disable the prompt alltogether ? I can't see the benefit of this prompt in regard to security policies. When applying group policies on a workstation the user is also not prompted if he would really want the policies to be applied. Franc.

Harold, we have a problem with Direct Push which is not down to the ROM version but something to do with the Exchange server. If I configure my corporate Exchange server on my device for Direct Push, the option for 'As items arrive' is not in the schedule list. If I configure my test Exchange server it works with Direct Push and has the option for 'As items arrive' So far there are explanations for this. However we have checked all the Exchange user properties are enabled for ‘User initiated synchronisation’ and ‘Up-to-date notifications’ on the corporate server and they are fine. We configured another users settings on this device and got the same problem. However this users has the exact same device with exact same ROM version configured with the same exchange server and his Direct Push works and has the ‘As items arrive’ option. This leaves me to think that the Exchange server doesn’t like something about the device – is this possible? Many thanks. Rob.

First, I want to let everyone know that I posted the emulator I used in my screencast (.DESS file). Please see my blog entry for the download link: http://blogs.technet.com/haroldwong/archive/2006/06/23/438485.aspx. When enforcing security policies on the Windows Mobile device, the user will get prompted the very first time. If the user chooses not to have policy apply, the device will no longer synchronize with the Exchange Server. After policy is applied the very first time, any additional changes that get pushed to the device "just happens" - the user no longer gets prompted. This includes the remote wipe command being issued. I was having a small problem with my emulator on my demo machine and hence why I got prompted when the remote wipe was sent to the device. Rob, can you please email me at harold.wong@microsoft.com? Harold Wong

I am having a problem with trying to get any Windows Mobile 5 device to get email pushed to it. I have Exchange SP2 installed on my only exchage server, I also have OWA up and running over a secure connection to it, so I thought it should be fairly easy to get this up and going. I've gone thru the Step-by-Step guide to deploying windows mobile based devices, but still can not get them to connect correctly. I've read that it I get a 501 error (which I do get) when using my desktop IE to try and connect to the site then it should be set up correctly. One thing I'm not sure about is this MSFP. Is this something that has to be installed on each device? If so, where do I find it? I am trying to set this up on a Verizon PPC6700, a Motorola Q, and a Treo 700w. I see a lot of talk about it, but not where to downlod it. Any ideas?

I am attempting to get Push email working with my only Exchange 2003 SP2 server (that is using OWA SSL) Our mobile devices have the MSFP. My question is this Do you need to have OMA working in order to get GPRS push email working? Many Thanks for any help John

Wow! Am I lost! Please clarify. From what I read in the posts regarding SSL, Direct push will NOT work with a self signed certificate only with a public certificate. Is this correct? Also, the workaround from KB 817379 essentially bypasses the SSL requirements for OWA so you still don't have a secure connection. Is this correct? The lack of information available for configuring Microsoft's "Blackberry Killer" astounds me! My company is actually looking to replace Blackberries with this technology provided we can make it work with SSL at a reasonable cost. Some step by step instruction on making these things work with SSL is critical. Without easy SSL this will not even be a "Blackberry Annoyance"

Can you confirm over which types of connection PUSH will work? One post above suggested it doesn't work over WIFI, but I found this comment on the web: "Direct Push also will work over Wi-Fi networks, Microsoft officials have said, and will make use of additional data compression to speed up message sending, retrieval and synchronization" at http://www.windowsfordevices.com/news/NS8596835527.html I've got a WM5 phone running the PDA version. It can connect via GPRS, WIFI, cable or bluetooth. Push over GPRS worked really well, but I haven't seen it working over any other type of connection.

Hi, We have a WM5 T-mobile MDA device which is formaly known as the HTC-Wizard with the following numbers: Model: WIZA200 2.21.2.5 NLD ExtRom version 2.21.2.108 WM5: 5.1.195 (Build 14847.2.0.0) We are trying to synchronise with Exchange Server 2003 dutch with SP2 over the air (GPRS). We have a self issued SSL certificate created with the IIS tool SelfSSL. The following scenario occurs; When adding the exchange server account in Active sync after installing the certificate, the synchronisation is no problem at all, everything is working fine! After a soft reset of the MDA there is NO synchronisation possible what-so-ever, there is an error with supportcode 0x85030027 and the following discription: "The exchange server requires certificates for the login procedure, connect your device to your pc on the corporate network, to obtain a new certificate." When we do this the active sync on the mobile device is asking for the domain password of the account we are using, we issue the password which is absolutely correct but active sync won't accept it. then, when I go to the setup of the server configuration I see on the second step a note that we are using client-certificates and that a password is not necessary. I actually never configured this! The thing we would like to accomplish is using pull mail with SSL-security, and as the next level push-mail. The strange thing here is that I have my own private MDA device with an older rom version (1.3.2.3) and WM5 5.1.70 (build 14406.1.1.1) which is working fine, I just exported the self-issued SSL-certificate to the MDA, install it and it works 'for ever'. So, there is a significant difference in Rom version and WM5 version, maybe there's a change in security policy on the changelist which could be the reason. Please help!

I have direct push and device security working on the device, but the sync's are not showing up in the log, nor are the devices showing up in the device list on the mobileadmin page. Has anyone seen this type of problem?

Martijn de Haan said: You need a public certificate not one you created your self that will work fine for outlook web access not for pda devices. also you need to put the certificate on the pda device im working on this now i have to setup a public certificate and im 100% ready. http://support.microsoft.com/default.aspx?scid=KB;EN-US;817379 http://support.microsoft.com/?id=308205

My Issue, I think I’m 95% there your video on this topic was very helpful also some of the user comments My problem is Naming Domain on SBS 2003 XXXXXX.local Public Email @XxXXXXsolutions.com Certificate = www.xxxxxxxxxxxxxsolutions.com I’m using a trial Thwate certificate to see if I can get this solution to work Error = 0x80072f06 0x80072f06 You have an incorrect SSL certificate common name in the Host Name field. For example, you may have entered www.server.com, when the common name on the certificate is actually www.different.com. Make sure the server name is entered correctly. The Exchange Server name in the ActiveSync settings differs from the name that is required to establish an SSL connection. Correct the Exchange Server name, and try to synchronize again. If you synchronize on a schedule, synchronization has been changed from scheduled to manual. How do i know what this should be

I have also problems to connect a WM5 (with MSFP) with a self-signed-certificate on a IIS Server (with Exchange Server 2003). I have found same stuff on the internet, so that you can disable the certificate control process on a WM5 with a reg key, but it doesn't work.... Have everyone a hint to solve this problem? Thanks, Gerhard

Hi everyone, i have the same problems and same questions. Is it possible to make some round up of the solution? We have Exchange 2003 sp 2 and the new HTC Tytn (WM 5). I created a self signed security certificate and installed it on the server. OWA works perfect, i have 2 green lights and when i install the certificate on my desktop, it works perfect (without popups). But on the smartphone i keep getting the error 0x80072F0D - The security certificate on this server is invalid. Contact your Exchange Server Administrator or ISP to install a valid certificate on the server. When i install the certificate on the smartphone, the problem isn't solved. I have the impression that i make a mistake when i create the certificate. Can anyone help?

When I try to install a certificate on my device (Samsung I320, WM5 with MSFP and AKU2) I get the message: "Security Permission was insufficient to update your device". It's MY personal device so if *I* don't have sufficient permission, who the hell does!? Can anyone help sort this out please? Thanks

Hi Harold, We have Frontend (DMZ) and Backend Exchange. Our OWA over HTTPS works well from the Internet. But we couldn't establish a connection for direct Push with the newest T-Mobile MDA Vario II (Mobile 5 and MSFP) to the same OWA-Server via HTTPS. We did every thing nescessary but get error 0x85010004 while synchronisation. We did the following Tasks: - Make a Virtual Directory under OWA-Site for ActiveSync at Frontend - Install KB919864 on the FE and BE. - Install our own RootCA Certificate on the MDA Root - Increase the Timeout from external ISA 2004 OWA Listener to 1800 sec Your demo shows a simple Direct Push insatllation but not for the real World with FE, BE, HTTPS. Can you tell me exactly, waht should we do in such constellation. Thanks T. Pham (Germany)

Hi Harold, I had 3 questions with Windows Mobile 5. 1). The 'As items arrive' setting in schedule is missing, tried everything but cannot enable? 2). To ensure HTTPS Activesync connection to server is enabled and working - can this work using Microsoft certificate service generated cert or do you need for example Verisign bought and paid for certificate. 3). Lastly if the Windows mobile device in my case HP iPAQ 6915 is wiped, i have heard that WM5.0 has new feature called persistent storage for backup - how do you enable so remote backup can be pushed down to device ? Best regards OllieB.

I've discovered you can get remote wipe working properly (i.e. without prompting!) and without requiring a password on the mobile device. First, set a mobile policy that does enforce passwords. As part of your enterprise provisioning process you can accept the first policy prompt. Once you've accepted the policy on a device, add an exception in the policy to exclude the owner of the new device. Once this new policy has been sync'ed you will be able to remove the password from the device lock, but any further policy updates (or wipe requests) will still be processed without prompting.

Thanks Harold, Great that you took the time to create the video, they say a picture is worth a 1000 words. Well worth watching.. Lee Taylor

Hi Harold, I have the same question as Ian: after implementing the Method 2 workaround found in KB 817379 is the connection between the Windows mobile device and the Exchange server secure? If not, how can we make it secure?

Yeah, what Ian and HSK said! What good is this if it's not secure! Microsoft and Palm sure don't advertise the fact that you need both back-end and front-end Exchange servers for communications to be secure! That's lame! So what's the story?

We have two network sites, with mail routing through the top domain, which in turn is fed by an external mail relay. We currently run Blackberry because it it easy to implement. After two weeks of fiddling about with push mail and WM5 devices I can tell you all that if your network is not bog standard you will struggle to get push mail working. Also the fact that you cannot choose how to implement SSL is a HUGE stumbling block. The fact that pre-release versions on WM5 allowed you to manually bypass external SSL requirements, then to find this ability to be crippled on release is typical MS. Then lets talk about the error system. Do we need vague errors without fixes at every turn? Oh yeah, it's that error with the x in the middle...This is extremely poor. It reminds me of many desktop active sync releases which were amature in their delivery with no decernable error system. It seems that the poor legacy of MS and mobile devices will continue. So my poor users are stuck with OMA if they use a PPC. Blackberry is dominant because they understand what the consumer wants, whereas MS has no clue whatsoever. I do want to thank you for the vid, but it does not cover a real world senario, so back to the drawing board.

I find its crucial that you create the certificate (Local or Public) as a DER cert. Well, it was for us anyway. Saying that we have installed it on a client site and PUSH isn't working, Timed pulls are, but Direct Server Push isn't. Frustrating but not as bad an experience as GB above has intimated.

I have used a PPC-6700 WM5 phone (thru Verizon) for direct push since Feb. '06 and it worked great until we updated the ROM to AKU2 in July. After 2 months of troubleshooting the issue with Verizon and UTStarcom, we still cannot determine why it will not push email to my phone. Before the ROM update I used a root certificate created by my IT Admin from the Exchange 2003 Server. Then after the ROM update, my phone continued to push PIM data but not email. We created a new root certificate per MS instructions (http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx) which worked for a couple of weeks but now, it is not working again. My office runs Exchange 2003 and Active Directory. In order to setup Outlook on a laptop for my office, I have to enter "servername.domainname.local" in the exchange server name field, enter "servername.domainname.com" in the proxy server name and enter "msstd:servername.domainname.com" in the principal name field. Obviously, this info is not required on the device so does the root certificate encapulate these settings? Also, could the fact that my exchange server connection is via proxy have something to do with why it will not push email? Thank you all for any suggestions.

I already have my phone working under this sistem. Can anyone of you can explain me how to use outlook 2003 to have the same features? thanks in advance

http://www.special-ringtones.net/mp3/ ringtones site free. ringtones site free, ringtones site, Free nokia ringtones here. from website .

cool blog man

Diet Notes