We have moved to a new Sailfish OS Forum. Please start new discussions there.
60

Microsoft Exchange not working with Company exchange server

asked 2014-01-09 11:20:46 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2015-02-23 12:46:10 +0200

tvicol gravatar image

It is working in 1.1.2 / Yliaavanlampi :D

Sailfish has the same problem sa the N9 did before the last update. The exchange setup dos not work, properly due to security settings on the server.

The Jolla and Server is behaving the same way as the N9 did as described in her.

https://harmattan-bugs.nokia.com/show_bug.cgi?id=3

Please fix :-)

edit retag flag offensive close delete

Comments

Is your server still Exchange-Server 2007 ? Thanks for the details.

VDVsx ( 2014-01-09 20:57:32 +0200 )edit

Do not know all i can see is this: dos that answer your question ? Mailbox server Microsoft Exchange version: 8.3.83.0

ThomasF ( 2014-01-10 10:51:39 +0200 )edit
6

I believe the current iteration of MfE on the Jolla does not support Mobile Device Security Policies (which was also the case on the N9). So if your corporate Exchange server implements policies for security reasons then you won't be able to use your Jolla to talk to it.

strongm ( 2014-01-10 11:15:53 +0200 )edit

So the solution is that Jolla must add Mobile Device Security Policies in the app?

ThomasF ( 2014-01-10 11:31:16 +0200 )edit
2

Sure - if you want your Jolla to be (at least partially) controlled by your company. There are some significant repercussions in adding support for this on the phone.

On the other hand, if people need it, then I guess it would be nice have the option.

strongm ( 2014-01-10 11:57:38 +0200 )edit

11 Answers

Sort by » oldest newest most voted
7

answered 2014-04-11 15:05:19 +0200

tvicol gravatar image

Updated to 1.0.5.16, Paarlampi, still not able to create corporate Exchange account due missing policies ...

edit flag offensive delete publish link more

Comments

+1: ''' Oops, account could not be added Device does not support all server settings and policies required by this account" '''

rdesgroppes ( 2014-04-14 22:26:52 +0200 )edit

Fore my company mail, the option to emotely reset the phone is still missing. Without this option email will not work for me.

Arjon ( 2014-05-29 09:45:53 +0200 )edit
2

just as temporary solution, the Aqua Mail app from the yandex-store seems to be retrieving e-mails from my exchange server just fine! this is strange, because there is no security (provisioning not possible) configured.

ebalaf ( 2014-06-03 23:55:23 +0200 )edit
1

@ebalaf - No strange, is very easy to lie to the server and say that all security is in place, specially if there's no liabilities or contracts in place :)

VDVsx ( 2014-06-04 10:13:36 +0200 )edit

@VDVsx I am sorry for even asking this, but... can the exchange app be hacked to lie? :-), till this gets implemented? lack of access to corporate e-mail/calendar is a major issue for me.

ebalaf ( 2014-06-05 10:27:17 +0200 )edit
5

answered 2015-09-11 11:45:57 +0200

shertell gravatar image

Eineheminlampi update broke a working Corporate Exchange account. While on 1.1.7.28 this account worked OK, after update to 1.1.9.28 it wouldn't update anymore. I have tried everything to make it work again I have even resetted the phone but with no success. After reset it is possible to create this account on 1.1.7.28, but again after update to 1.1.9.28 it doesn't work anymore. Anyone else with same issue? Any suggestions to fix it? I have reported this to Jolla and they are (I hope) working on it. Hopefully a fix on it's way before public release. This is most annoying.

edit flag offensive delete publish link more

Comments

https://together.jolla.com/question/108287/ms-exchange-and-imei-on-sailfishos-20

I have the same issue and I reported it on different question with my culprit candidate.

SlOrbA ( 2015-09-11 15:56:07 +0200 )edit

Same issue here too. Been working nicely for more than a year now but now it broke in Eineheminlampi :(

Wizah ( 2015-10-02 10:21:33 +0200 )edit
4

answered 2014-06-17 18:16:16 +0200

tikkari gravatar image

Jolla have to support Mobile Device Security Policies before it's truly such a phone model what company users can use.

There are few different policy settings what the phone must support.

  1. Set password Definition of a password complexity: Allow simple passwords, Alphanumeric password allowed, Password must include "this many" character sets

  2. Require encryption on device

  3. Set minimum password length
  4. Set number of sing-in failures -> The device is wiped after failures
  5. Require sign-in after the device has been inactive for (minutes) - The phone can be locked sooner than the policy needs
  6. Enforce password life time (days) - The device must notify user when life time is ending (grace time).
  7. Password recycle count
edit flag offensive delete publish link more

Comments

I agree with points/policies 1, 2, 3, 4 and 5. Especially crypto. However I want to moan about 6 and 7. I'm just venting my frustration, nothing personal... ;)

As an email admin I want to say that 6 and 7 are simply not very good policies. They are designed thinking normal passwords, in an age when passcodes weren't commonly used yet (early 2000).

To be effective against malicious use cases, user would have to keep changing the passcode _very_ often (several times per day). This is considering how often user has to type the code in public places, just in case someone happens to peek it and steal the phone.

And while changing passcodes, users simply forget them and end up locking themselves out of their own devices when they need them most (trips abroad etc). This also leads to accidental wipes.

These two policies cause hours of unnecessary work and harm for both users and IT staff, without actually gaining any real security. They are there only because they always have been.

Manatus ( 2014-06-17 19:19:40 +0200 )edit

The whole list is not my design, it's taken from a true Microsoft Outlook.com cloud where those policies can be set to be used different kind of devices. Because of that I see only one way to go forward. Jolla have to support those policies even some of them are not very user friendly.

tikkari ( 2014-06-17 19:50:24 +0200 )edit

Yes, I know, I know... ;)

Manatus ( 2014-06-17 20:23:20 +0200 )edit
2

answered 2015-02-25 20:00:13 +0200

tikkari gravatar image

Once again a new update Yliaavanlampi (1.1.2.16) and some fancy new improvements but no luck. Is it really hard to fix this provisioning issue? I have wait it more than one year! A calendar and a contacts apps are the most important tools for me and if the exchange can't fully work the Jolla phone is useless.

edit flag offensive delete publish link more

Comments

Yes, I did and and no luck.

tikkari ( 2015-02-26 11:02:23 +0200 )edit
2

answered 2015-08-22 19:09:11 +0200

tikkari gravatar image

updated 2015-08-22 19:10:23 +0200

In Finnish this time: Hyvä Jollan väki. Olen nyt odottanut lähestulkoon kaksi vuotta, että te saisitte Microsoft Exchange tuen lopulta sellaiseen kuntoon jotta minulla olisi mahdollisuus käyttää puhelintani haluamallani tavalla. Kauanko vielä minun pitää odottaa? Olen erittäin pettynyt Jollan käsittämättömän huonoon tukeen Exchange tapauksessa. Olen valmis tapaamaan kehittäjäänne ja jopa valmis tekemään yhteistyötä, jotta synkronointi puhelimen ja yrityksemme sähköpostipalvelimen välillä alkaisi toimia. Olen mielestäni aivan liian kauan kärsinyt tästä ongelmasta. Toivon vilpittömästi, että joku teistä Jollalaisista ottaisi tämän ongelmani todesta ja ryhtyisi sellaisiin toimiin, ettei minun enää seuraavan päivityksen jälkeen tarvitsisi pettyä.

edit flag offensive delete publish link more
1

answered 2015-01-21 23:12:13 +0200

Obi gravatar image

With 1.1.1.27 I was able to enable Exchange synchronization by manually enabling security settings.

  1. Try Exchange account setup, it failed
  2. Enabled required security settings manually (PIN lock, max 8 login attemps)
  3. Tried Exchange account setup again -> it worked

Of course it would be much much more user friendly if the Exchange account setup would enable these during account setup(With users permission). And this wont work if your server requires security setting which Jolla still does not support.

edit flag offensive delete publish link more

Comments

Thank you for this tip ! Changed PIN lock to 8 login attempts and it was working for me as well. I think this should be set by default when account is created.

tvicol ( 2015-02-23 12:47:53 +0200 )edit
1

answered 2015-04-10 09:55:30 +0200

tikkari gravatar image

@Jollla company developers. How about if we met and some of you look my phone. We can sit together and try to solve this Exchange issue.

Here againg some logs from the Exchange server.


RequestBody : <sync xmlns="AirSync:"> <collections> <collection> <synckey>433820216</synckey> <collectionid>13</collectionid> <deletesasmoves>0</deletesasmoves> <getchanges> <windowsize>100</windowsize> <options> <filtertype>2</filtertype> <conflict>1</conflict> <mimesupport>1</mimesupport> <mimetruncation>7</mimetruncation> <bodypreference xmlns="AirSyncBase:"> <type>2</type> <preview bytes="3"> </preview></bodypreference> </options> </getchanges></collection> </collections> </sync>

LogicalRequest : <sync xmlns="AirSync:"> <collections> <collection> <synckey>433820216</synckey> <collectionid>13</collectionid> <deletesasmoves>0</deletesasmoves> <getchanges> <windowsize>100</windowsize> <options> <filtertype>2</filtertype> <conflict>1</conflict> <mimesupport>1</mimesupport> <mimetruncation>7</mimetruncation> <bodypreference xmlns="AirSyncBase:"> <type>2</type> <preview bytes="3"> </preview></bodypreference> </options> </getchanges></collection> </collections> </sync>

AccessState : DeviceDiscovery

AccessStateReason : ExternallyManaged

ResponseHeader : HTTP/1.1 200 OK MS-Server-ActiveSync: 15.1

ResponseBody : [No XmlResponse]

ResponseTime :

04/10/2015 06:29:21

RequestBody : <provision xmlns="Provision:"> <policies> <policy> <policytype>MS-EAS-Provisioning-WBXML</policytype> <policykey>3281924770</policykey> <status>3</status> </policy> </policies> </provision>

AccessState : DeviceDiscovery

AccessStateReason : ExternallyManaged

ResponseHeader : HTTP/1.1 200 OK MS-Server-ActiveSync: 15.1

ResponseBody : <provision xmlns="Provision:"> <status>1</status> <policies> <policy> <policytype>MS-EAS-Provisioning-WBXML</policytype> <status>1</status> </policy> </policies> </provision>

ResponseTime : 04/10/2015 06:33:31

edit flag offensive delete publish link more
1

answered 2015-05-05 09:36:37 +0200

1chb gravatar image

I use ssh and port forwarding to circumvent the security policies. Works fine for me and to access my company's exchange server. In the ~nemo/.ssh/config file add the following to your ssh entry for your company:

LocalForward 10443 <exchange-server>:443

Configure the exchange account to use 127.0.0.1:10443 instead of your company's exchange server. From terminal ssh to a company server on the same intranet as the exchange server. Happy synchronizin!

Missing possibillity to accept/reject meetings thou. Otherwise both emails and calendar items synchronize fine both ways.

edit flag offensive delete publish link more
0

answered 2014-02-16 15:00:38 +0200

norguhtar gravatar image

I'm just enable provisioning in .config/Nokia/activesync.conf and my Exchange account work! PS Don't forget kill as-daemon after save settings. It started on new mail check.

edit flag offensive delete publish link more

Comments

Errr, that file is only for logging proposes, settings are not read from there(only settings for logging), makes no difference at all :)

VDVsx ( 2014-02-18 08:38:26 +0200 )edit

Really? Before i'm configure ms exechange account analogical. And log show me provisioning is off. After i'm set provision in activesync.conf this worked. And warning about not set provision dissapear.

norguhtar ( 2014-02-18 08:42:25 +0200 )edit

@VDVsx Full path for file is /home/nemo/.config/Nokia/activesync.conf I have set Provision=1, reboot phone but no joy.

tvicol ( 2014-02-18 08:50:05 +0200 )edit

You enable logging? I'm enable logging and found provision setted. But before i'm change domain from dns name to ms name (for example change my.company.com to MYCOMPANY). May be it set provision on this moment.

norguhtar ( 2014-02-18 08:53:51 +0200 )edit

@tvicol - This makes no difference this option is just to collect logs, so be aware that if you have some logging enabled in that file it will just slow things down(any line like Enabled=1).

@norguhtar - Provisioning can be enable disabled via accounts settings, there's a "Turn off provisioning" option.

VDVsx ( 2014-02-18 08:54:29 +0200 )edit
0

answered 2014-03-18 12:57:09 +0200

dieterrams gravatar image

updated 2014-03-18 13:04:12 +0200

This is a thread that has Exchange issues on it. I have provisioning enabled now, and I'm seeing the Email client update but not necessarily seeing a notification for it (hit or miss). Sometimes it makes the noise/light notification, sometimes it doesn't (and sometimes it shows on the lock screen). Office365 for me. Apologies for making this an answer, and this is similar but closed: https://together.jolla.com/question/500/bug-e-mail-synchronization-does-not-work-as-configured/

An option is this: If you are still having Exchange issues with sync, delete the account and add it again with provisioning. It will not take the update if you just try to turn on provisioning within the existing account (may be a bug since it should warn you that you don't have device lock on). Since provisioning appears to be better supported, I enabled the device lock (do it before or you'll have to enter your Exchange account information an additional time). I have just tested push email and it appears to be working now. Doesn't appear to fix Exchange 2007, but helps with Office365.

edit flag offensive delete publish link more

Comments

@dieterrams - Sorry quite confusing, can you please clearly describe what is not working, what happens in each stage of configuration and what are your expectations ?

VDVsx ( 2014-03-18 13:08:22 +0200 )edit

Sure thing. Right now, I'm getting emails on my phone with no sound or light indications (but push does appear to be working now that I've added the provisioning). If I check the lock screen, they are showing up there now. Only once have I received an audio/visual indication for an email, but I don't know what made that one email different. Usual symptoms: Home screen: Sound/No lights. Lock Screen: No sound/no lights. In email: Sound/no lights, with back to lock screen light flashing.

dieterrams ( 2014-03-18 13:11:17 +0200 )edit

Think I've figured it out. Light/sound at lock screen only happens if the screen is awake, though that isn't necessarily true. Is it possible to have the notifications clear if they're done server-side as well? It would be nice, as it's showing seven emails that I've already deleted in the notification panel. I'd also love an expanded list of who sent it and the subject.

dieterrams ( 2014-03-18 13:17:02 +0200 )edit

@dieterrams - Currently it only notifies for the first group of emails you receive, until you clean the notification(remove it or open email app), if the notification is already on screen it just updates the count when new emails arrive, emails deleted on server will be removed from notifications as well when in "always-on" mode and the server informs about it(some servers don't do it for every ping).

Some users requested a beep/vibration for each group of emails received, we'll offer than in the future as an option, since users that receive many emails don't want their phone to be constantly beeping.

VDVsx ( 2014-03-18 14:08:29 +0200 )edit
Login/Signup to Answer

Question tools

Follow
24 followers

Stats

Asked: 2014-01-09 11:20:46 +0200

Seen: 6,511 times

Last updated: Sep 11 '15