1. Are you ready for the Galaxy S20? Here is everything we know so far!

MS Exchange ActiveSync problems with 2.2 FRF91

Discussion in 'Android Devices' started by ancalag0n, Aug 2, 2010.

  1. ancalag0n

    ancalag0n Lurker
    Thread Starter

    I'm wondering if someone could help me, or at least point me in the right direction.

    Work has given me a Google Nexus One (provided by Vodafone NZ) to play with, everything is going pretty well and I'm getting my head most things. The phone is running Froyo 2.2 FRF91

    One problem that I'm having is getting Microsoft Exchange ActiveSync working. I'm adding a new account, entering all the correct information, as I've done with Nokia devices and WM6 devices. We're running Windows Server 2003 with Exchange Server 2007. I get the following error:

    Setup could not finish:
    This server requires security features your phone does not support.
    Edit details

    I've selected "Use secure connection (SSL)" and have selected "Accept all SSL certificates", which is required by our webmail server.

    I think the problem lies in the fact that our certificate is a self signed certificate with no chain of trust to any Google approved CA authority. I've tried getting the network admin to email me *.pem and *.der certificates and install them onto the phone (but I'm not sure if I did that right either).

    The following thread has other people with the same problem.
    Froyo FRF91 exchange 2003 unable to conect - Android Help

    I don't want to have to install any third party apps on the phone, as they cost money and I can't guarantee that they'll work with our Exchange server setup.

    Is anyone able to suggest anything that we could try, or tell me if I'm doing something wrong.

    1. Download the Forums for Android™ app!


  2. gibson6594

    gibson6594 Well-Known Member

    You can try Touchdown for free and see if it works before purchasing
  3. Snazzy

    Snazzy Android Enthusiast

    If you are using a private cert then yes you will need to install and test it.

    As a test see if you can load your OWA (Outlook Web Acess) website(https://yourexchangeserver.com/owa) which will use the same cert. If you can view your HTTPS OWA login page correctly by seeing the lock icon, then your cert is successfully installed. You probably will not be able to login to OWA but you should see the LOCK icon.

    Once you know your cert is working then you can begin to trouble shoot the mail client.

    TouchDown is great 3rd party app and yes you can try the trial. TouchDown also has great error reporting and will help you ID any server problems.
    ancalag0n likes this.
  4. ancalag0n

    ancalag0n Lurker
    Thread Starter

    Thanks for the advise Snazzy, much appreciated. The only way I've got it working was to use the TouchDown application, which is great. I've configured peak times and it's syncing really well.

    I'll leave it up to the boss to decide whether or not to purchase the application. As it's a work device I don't want to fork out my own hard earned cash for something that has no personal benefit for me.

    I suspect the reason I can't get the native app working is the certificate issue. :D

    Thanks anyway.
  5. Snazzy

    Snazzy Android Enthusiast

    Touchdown might have done the certificate import for you, it might be worth trying the native email application again. although leaving touchdown would be hard.
  6. stepdg

    stepdg Lurker

    After trying everything else, the only thing that solved this for me was the purchase of a genuine SSL certificate. Even when I said to accept all certificates (which we all know worked fine in 2.1) it still kicked it out. With nothing else changed, having a trusted certificate from an external authority did the trick. GoDaddy has about the best price going for certificates right now.
  7. mtphono

    mtphono Lurker

    I hate to ask a really stupid question (but I am going to)......

    Do I install the SSL certificate on my PC or phone?
  8. Snazzy

    Snazzy Android Enthusiast

    Depends if your Exchange server has a legitimate PAID SSL certificate installed or not.

    A paid SSL certificate is purchased and installed on the Exchange SERVER and as long as it was purchased from a legitimate cert authority like GODADDY.COM then a certificate will not need to be installed on the phone. Your Exchange client will trust the cert and accept it automatically.

    Now if your Exchange server was built on a budget and the admin wanted to save $100.00 he/she might have created his own SSL certificate which will not be trusted by anyone. To get the connection to work a copy of the custom certificate must be installed on each PC or phone that connects to the server.

    A quick test would be with a browser goto the Exchange server's webmail address usually https://[I]mydomain.com[/I]/owa - If you get any warning about the certificate being untrusted then it is a custom cert and must be installed manually or a security exemption made. NEVER install certificates or accept exemptions from servers you do not know.
    gracejourney likes this.
  9. Smiling Eddie

    Smiling Eddie Lurker

    Hi there,
    I recently went through this when we upgraded to SBS 2008. We're using a self-signed certificate on the server (and worse, it has installed one that doesn't even match the FQDN) so I'd be less concerned about cert issues. Something that did surprise me, was that Active Sych required me to use either a PIN or password to authenticate to the device before it would allow Active Synch to be set up. In fact, it forced me to drop the pattern authentication scheme I was using, in favour or a PIN (prompting me to trawl these fora). I don't know the device you're using but its one more area to check.
  10. scillyflowers

    scillyflowers Lurker


    I'm not a frequent poster on forums, but since I spent the best part of a week frantically trying to connect my new Desire S to our Exchange Server I am aware that there is a lot of poor information out there on forums. There is also not a lot of good information anywhere on the web. So... In order to save anyone else the tears and tantrums here are links to two step by step troubleshooting walkthroughs which solved my problems. Make sure you read both articles (although they are associated, there are differences between them). You will find all the settings needed in Exchange Server 2003 and on your device explained fully. Good luck...


    This is the original article I found (don't worry too much about the iphone reference). At the bottom of the above article is a link to a slightly more detailed article by a different author (This is what solved my crisis). Here...

    Exchange 2003 and Activesync Configuration and Troubleshooting Alan Hardisty's Blog – All Things IT Related

    BTW, you CAN use an IP address instead of FQDN to connect to Activesync (part of my crisis!)

    Hope this helps someone.
  11. alanhardisty

    alanhardisty Lurker

    To all who may read this forum thread,

    The Kingcomputer.com.au post is a plagiarised version of my early Activesync Article and they have now (after being requested to) added a reference to my blog article, which can be found at my blog page on alanhardisty.wordpress.com site.

    My blog will be updated - the plagiarised version is unlikely to get updated, so if you want to get your problems sorted, don't bother with the kingcomputer link.

    Alan Hardisty

Nexus One Forum

The Nexus One release date was January 2010. Features and Specs include a 1400mAh battery, 3.7" inch screen, 5MP camera, 512GB RAM, and Snapdragon S1 processor.

January 2010
Release Date

Share This Page