with a client of ours who is running exchange and has a self signed cert the thing i did was direct the phone via the browser to the owa address (Outlook Web Access) This is a web site that you can check your company email from any location with internet and a browser. Basically the problem was that the certificate needed to be installed and I could find no way of doing that easily. From what I researched android needs the certs in .p12 extension. I couldn't find an easy way to do that. By going to the owa address and logging in then I was prompted to accept the certificate. Once that was done I set up account in activesync on the phone and it worked. No issues since then. I did have to duplicate the scenario at the clients office and I ended up using the ip for the server name. Your owa address should be something like https://mail.company.com/owa. Hope this helps, if it doesnt give me some feedback on what happens and I will try to help

 

The problem appears to be HTC's mail app and how it accepts and uses certs. There is a thread on xda-developers with a link to the native 2.1 mail app that works. I know it works because I downloaded it, installed it and now sync to our exchange server with no issues that I have noticed. When you try to connect you'll be prompted to accept or allow the cert.

I don't know if it is against forum policy or not (i'll have to go back and re-read them) but here is a link to the app and with more info:
Original Android 2.1 Email Client - xda-developers

Hope that helps.

 

i was unaware of that app, does it sync tasks? it says it doesnt support copy and paste which might be a killer for me.

 

No it will not sync tasks. Just calendar, contacts, mail. If it does, I missed it. Since I was setting it up at 1am there is a possibility of that.

For me I need my email. So while their is no copy and paste feature in this app, I can live with it since I can get my e-mail to work.

Also to note I tried K-9 too and could not get it to work with it after several attempts. The app I linked to worked the first time so I didn't investigate K-9 further.

 

It's possible that your company has a self signed cert. If so, you will get the error message. If your company purchases a wild card cert from a company such as Verisign, RapidSSL and perhaps even GoDaddy, then there will be no reason to go through all these gyrations. You might not even need a wild card cert, although I like them for simplicity, but only a commercial cert. The self signing ones are free but they suck from the outside.

 

If I understand the last posting correct, this means that since my company is using self signed/created certificates it is not possible to access Exchange2007 via my HTC Desire?
The personal certificates which are used successfully with WM-Phones and iPhones are deployed as a .PFX file. After renaming this file to .P12 I can install it on my Desire ... but it seems not to work.
After trying so many things (incl. the Android Email mentioned in this thread) I still get "Authorization failed (wrong user or password)" when connecting to our Exchange server. Anything else I can try?
Looking forward to hearing from you!
Michael

 

I'm using my cooperate logon ID (= domain user) and password. I tried it with "<domain>\<user>" and <user> only but nothing works. Using HTC Mail one has to specify the domain name sperately. Using Android Mail one has to specify the domain in front of the user-id...

I'm 100% sure that I didn't misspell my domain userid and password although there is the message "Authorization failed (wrong user or password)". On the server-side my admin sees only that I try to connect but I get kicked off by the server since the login-information (user, password, certificate) are not correct.

Maybe the problem is here: Our certificate is a .pfx file. Since .pfx and .p12 are "nearly" the same I renamend the .pfx file to .p12. When installing the certificate I get the information that this is a certificate container holding user certificate, user name, password and a CA certificate. So this looks absolutely fine. No errormessage during the installation of the certificate. Unfortunately there's no way to check the certificate on the Desire after the installation...

Since the first connection is done during the setup of the account it is not possible for me to setup (and save) the account. After entering all the data I end up with the errormessage that my login is invalid. It must be the certificate since - as I told before - I'm 100% sure that my domain user-id and my domain-password are correct.

Looking forward to hearing from you and the information your IT-guy gets from HTC.

Thanks and Best regards
Michael

 

Ok, I hate to push a product that costs $20 but let's take another look at this problem the two of you are having. There is obviously a problem with the way the HTC app is talking to your Exchange servers, be it a cert or password or sync policy. So I suggest downloading Touchdown 2.0, trial version for 5 days, and see if that works. If it doesn't then you need to speak with your admins. But if it does, and I suspect it will, then you need to ask yourselves how much is your time worth? I'm sure you have spent multiple hours on this issue and will continue to spend hours more. Make your decision on that and the aggravation factor. Also, some have said they don't like the TD interface, but I really don't give a shit as long as I get my email on time and reliably.

 

+1 - TD may not be for everyone but it works and their support is pretty solid.

 

I already tried TD (don't know whether it was 2.0) and couldn't manage to connect either... Do I get 2.0 in the market?
I'll give it another try tomorrow. Thanks for the hint!
Best regards
Michael

 

Yes, in the Market. I just got an update for it today and I believe the release notes said 30 day free trial! See if your admin can remove any phone in your Exchange profile too. There are a bunch of options in the EAS policy too that you might want him to check, from password, to devices, to sync settings. Good luck.

 

You can imagine that I had to re-try it now ;-)

Not successfull. The log says:

Checking Certificate...
Checking ActiveSync with SSL...
AUTHENTICATION FAILURE provisioning
ActiveSync: Check your credentials
ActiveSync version check returnded
negative, but still trying for 12.1

attr value delimiter missing! (position:
START_TAG <HTML dir='null'>@2:11 in
java.io.StringReader@464ef338) for
operation: Subscribe -> Error renewing a
subscription
Checking 2003 with SSL...

Now, I do know that we are running Exchange2007 with SSL.
Best regards
Michael

 

It goes through all the checks until it fails which it did. Now I have to ask the question, are you sure this is allowed on your network? They can have EAS turned off for security purposes. I know Kevin, the OP, got it to work on his Droid, but does your IT dept have any that are working currently? If so, then you can email support@nitrodesk.com and get their take. They once called me on a Saturday morning when I was having issues.

One thing to try is the username field since auth is failing. They suggested only using the user name without the domain or the @ sign.
Keep us updated.

 

I'll check regarding EAS with the admin and let you know.
Yes, we do have multiple iPhones and WM-Phones (I had one before I bought the Desire) running successfully. My Android phone is the first one.
Regarding the User: I tried it differently - <user>, <domain>\<user> and <user>@<domain> with no success.
Thanks again and best regards
Michael

 

One other thing I found: The certificates which are used will force the mobile phone to setup a "screen-saver password" (I don't know how this is really called). I mean, whenever my WM phone went into standbye mode I had to enter a PIN (not the provider PIN) to get it back working. Maybe this part of the certificate is sort of not supported...

 

You really need to call Touchdown support or email them with these questions and error messages. I believe they can get you up and running in short order. It could be the cert and they can tell you how to get it into the system. That initially happened with me and I played around with it until it worked. Well sort of, it fell back to Ex2007 not AS. So I bought a true cert from I think rapid ssl and then everything worked as designed.

But if the iphones are working then you support EAS so it's just a matter of getting the right values in. Their support will help you even unlicensed.

 

TouchDown IS WORKING !!!!!
As you wrote, NitroDesk is very helpfull and they pointed me into the right direction quickly. The problem was that I installed the certificate in Android but not within TouchDown. After doing that everything runs fine now. Although it's sad that Android/HTC seems not to support this type of connection, I can life with having TD for business and Android/HTC for private. Thanks again for your help! Best regards Michael

 

Great news! It's really why I recommend them even though the price is a little steep. I need my email for work and the program delivers. But I figure with all the apps that are free or very inexpensive I can spring for it. Just paid for the full version of PDAnet too for my airport travels, around the same price.
Take care Michael, thanks for the update.

 

How exactly did you resolve this issue? I am also trying to setup TouchDown as I am receiving exact same error (authentication error, check username password) with standard mail application.

With TouchDown I am also getting the exact same error:
Checking Certificate...
Checking ActiveSync with SSL...
AUTHENTICATION FAILURE provisioning
ActiveSync: Check your credentials
ActiveSync version check returnded
negative, but still trying for 12.1

You have mentioned installing a certificate. How to get that certificate and where to install it? Do I need to get the certificate from my IT support department? It might be a little tough as my organization officially only supports WinMo devices