I had some problems getting ActiveSync to work with my new phone, the Audiovox SMT 5600. Then I had problems getting it to work securely. I’m happy to say that I’ve finally managed to get it all working.
My first problem was that I couldn’t get a connection to the server. We’re using Microsoft Windows SBS 2003, and as you may know it installs its own certificate based on the computer name. This isn’t so much a problem, but that computer name wasn’t available externally. What’s worse, I couldn’t get certificate services to install on the server. I’ll get back to that problem another day.
I managed to get things set correctly in the DNS, after numerous tries, so that the third-level domain would correctly resolve the host name at the fourth level of the server name (a.b.example.com). That means that I could actually connect to the appropriate server name in ActiveSync, instead of an alias. This eliminated one problem: Namely the dreaded Internet_55 error during sync, which appears to mean that there was a name mismatch on the certificate.
Sweet! I figured that all I needed to do next was turn on SSL and it would work. No such luck. Now I was hitting the Internet_45 error, which indicates that the certificate isn’t trusted. Easy enough, trust it. But how to make that happen?
Microsoft has two solutions. The first is to use a utility called DisableCertChk (why they can spell out “disable” but not “check” is beyond me) to deactivate the SSL checking during the ActiveSync process. This is great, but I can already do this on the phone. I tried anyway, and couldn’t get this application to run with SBS 2003. The search continues.
The second solution I found was to use another Microsoft utility called AddRootCert. The initial links I found did not include this descriptive page, so I tried over and over to get it to work. I kept getting a message that said SHCreateMenubar Failed. I’ve seen mentions that this means your version of the OS is too old, but in this case I think it is that the Smartphone operating system is different enough from the Pocket PC version that the widget just doesn’t exist.
Then I finally found the link above, and read the all-important text on that page. Namely that Pocket PC 2003 devices do NOT require a tool to install certificates.
The problem then became how to install the certificate. I had read some things that made it seem like just copying it and executing it would do the job, but I had to get it there first. So I used Internet Explorer to install the self-signed certificate on my desktop. I then used the Usercerts.msc management console (included with the AddRootCert package above) to export that certificate in DER-encoded binary X.509 format to a file with a .cer extension.
I then used ActiveSync to copy this file to my phone, and then using the file manager on the phone I selected the file and it installed it. Once the installation was done, I turned on the SSL option, verified that it worked and all was set. As a side note, once installed, you can delete the file containing the certificate from the phone – the import appears to update that information elsewhere on the phone, so the file is no longer needed.
I hope that this helps anyone else experiencing the same frustration.
Comments
12 responses to “Smartphone ActiveSync”
I found the UserCerts.msc file at http://support.microsoft.com/default.aspx?scid=kb;en-us;322956
but when I run MMC is says it can’t open the UserCerts.msc file. This is on a PC running Windows 2000 SP4.
But all this is to install a certificate in DER X.509 format – but in
http:///certsrv/certfnsh.asp
I selected the option to create it in that format anyway – so it should install itself on the iPAQ without needing to run UserCerts.msc – but I get “Security permission was insufficient to update your device” and it fails.
Any ideas what I’m doing wrong here?
— Graham
I had a problem with SHMenuBarCreate which returned success, but the SIP is not showing the menu bar. Any way to solve this?
Regards
Sreekanth Muralidharan
Thanks for this. I looked all over the place and you explained it very nicely. It worked like a charm.
Thanks for the updated link, Ethan!
Thanks, you were the last stop on my 6 hour fiasco and I finally got it working. One thing to add, your link to the AddRootCert program works, and seems to go to the correct page, but the download doesnt contain the any msc files. After searching for a bit, it seems there are two very similar KB entries, and this one now has the MSC file.
Make sure that the list of included files contains UserCerts.msc and you will know its the correct one.
Thanks again!
Thank you soo much for this helpful information, you are a gentleman and a scholar =0)
I also got the message that my phone (Qtek8010) was locked, searched on the MS with no luck!.
Just opening the certificate with the file manager is a lot easier!
Heh. Just call me “Sir”… Glad that I was able to help someone else with the problem.
I would just like to take this opportunity to nominate you for a knighthood.
After reading Microsoft’s “How to add root certificates to Windows Mobile 2003 Smartphone and to Windows Mobile 2002 Smartphone“, and AddRootCert error saying that my phone “may be locked”, I thought it would be an ordeal to get a custom root certificate installed. All it took was opening the certificate inside file manager application on the SP3i phone! Thanks for the info!