Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Exchange 2010 ActiveSync doesn't work on Android

Tablet, Smart Phone, other Internet devices

Exchange 2010 ActiveSync doesn't work on Android

Postby guest » Wed Mar 23, 2011 8:40 am

Q: After upgrading exchange server to 2010 SP1 ActiveSync no longer works. When setting up a new account the message "Unable to open connection to server"

A: The analysis of the ExTRA data files you provided did not show the problem sequence in its entirety. First let me describe what should be the sequence of events between the mobile device and the Exchange Server. Anytime the device attempts to carry out an ActiveSync command dealing with the mailbox configured it also sends an X-MS-PolicyKey string in the header of the HTTP request. The Exchange server looks at this policy key in its configuration and compares it with what was sent by the device. If they do not match the mail server tells the device that it must issue a PROVISION command before continuing on. This is the “HTTP 449” request from the server we see in the ExTRA results. The device must then issue a PROVISION request for the policy to the server. This is where Android 2.2 is not issuing that PROVISION command.

The ExTRA trace data you provided does not show the device issuing the PROVISION command although we see that the Exchange server issues this: “HTTP/1.1 449 Retry after sending a PROVISION command.

A bit more of research shows other customer opening cases on this same issue and in one case where the customer supplied Android device side ActiveSync logging we again do not see the device issue the PROVISION command. Our support team has agreed that customers experiencing issues with Android 2.x devices and the native EAS software on those devices should contact the phone vendor. The majority of cases reporting this issue coincide with your findings that Touchdown configured for EAS on the same Android device does work correctly. We believe that the native ActiveSync software of the Android phones are displaying a connectivity failure that needs to be addressed by the phone manufacturer. Applying SP1 to Exchange 2010 has only exposed that device’s native EAS software.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: Exchange 2010 ActiveSync doesn't work on Android

Postby blin » Wed Mar 23, 2011 9:57 am

- Steps to reproduce the problem.
Exchange 2007 Activesync Policy that requires device password
4 Digit Pin as minimum
Configure Nexus One 2.2 device to connect
No prompt to turn on device password

- What happened.
Email, Calender and contacts syncs with no device password in place

- What you think the correct behavior should be.
When setting up an Exchange email account that requires a device password:
User should be prompted to create a device password to match at least the
policy requirements
If no device password is set then syncing should not occur
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3634
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 ActiveSync doesn't work on Android

Postby blin » Wed Mar 23, 2011 9:59 am

This appears to be a bug with how the "Allow non-provisionable devices" policy option
is implemented.
In the case where a policy allows non-provisionable devices other OSs do a graceful
fallback and implement the policies that it is capable of implementing and ignore the
others.
2.2 seems to just ignore all policies when "Allow non-provisionable devices" is set.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3634
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 ActiveSync doesn't work on Android

Postby blin » Wed Mar 23, 2011 10:00 am

We have reviewed this problem and reproduced it on a test server. Thank you for bringing it to our attention.

There are two different things going on here.

The first is the server itself. As you discovered, setting the "Allow non-provisionable devices" option causes this. We analyzed the traffic on an Exchange 2007 test server, and the server is not sending any security policy requirements to the device at all. We *strongly* recommend deselecting this option. This option allows *any* device to connect to your exchange server, even if that device supports none of your required security policies. We believe that if you deselect this option, your Android 2.2 devices will function as expected.

The second is the desire to operate your devices in a more secure mode, even when "Allow non-provisionable devices" is selected. I'll keep this bug open because we are investigating ways to trigger the server to send security policy requirements, even when "Allow non-provisionable devices" is selected.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3634
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 ActiveSync doesn't work on Android

Postby blin » Wed Mar 23, 2011 10:02 am

The fix for this issue is included in the 2.2.1 release, which is currently deploying via OTA update to Nexus One devices. The release is also in the final testing pipeline for Droid, pending completion of testing by Verizon. (I don't how long that will take - please don't ask me.)

With this fix, the device will operate as expected: If "Allow non-provisionable devices" is selected, the device will enforce as many policies as it can (e.g. password requirements) while ignoring policies that it cannot enforce.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3634
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA


Return to Do-It-Yourself

Your Ad Here

Who is online

Users browsing this forum: No registered users and 1 guest