posted by ![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
sbisson at 03:55pm on 06/01/2006 under activesync, application unlock, exchange, mobile email, orange, spv c600, windows mobile
sbisson at 03:55pm on 06/01/2006 under activesync, application unlock, exchange, mobile email, orange, spv c600, windows mobileMy Orange SPV C600 arrived this morning. It's a lovely little phone, and it looks like it will quickly become my regular hand-held device.
However the usual fly in the ointment appeared when I tried to connect it to my mail server using Exchange ActiveSync.
It wouldn't work. The phone refused to accept my server's perfectly valid security certificate.
This was not good. I need mobile email like I need oxygen.
So why was I having problems? Like many small businesses I self certify my server.![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
marypcb and I (and a couple of trusted folk) are the only people who need remote access to the server, so there's no need for us to spend money on a commercial certificate.
The standard trick of running Small Business Server 2003's sbsmobconfig.exe to load my server certificate on the phone didn't work - Orange's default setting for their Windows Mobile 5 devices locks down the certificate store, and the server certificate can't be loaded.
Any why is this? The answer's quite simple: Orange doesn't trust its users.
However there are ways around the impasse.
A bit of frantic googling and I found this thread on MoDaCo.
The instructions weren't quite right for a SBS installation. Here are my modified steps.
1. Download RegeditSTG.zip and SDA_ApplicationUnlock (there's a zip file in the thread with them both in).
2. Connect your phone to your PC and make sure that ActiveSync 4.1 is running.
3. Copy RegeditSTG.zip onto the phone without unzipping, and unzip on the phone. Run and install RegeditSTG.
4. Run RegeditSTG and change the value of HKLM\Security\Policies\Policies\00001017from 128 to 144.
5. Run SDA_ApplicationUnlock on your PC. This should remove the application lock on the phone.
6. Power cycle the phone.
7. Run sbsmobconfig.exe from your PC.
8. Power cycle the phone.
9. Check your phone settings for your server certificate.
Exchange ActiveSync should now work.
You can now breathe and read your email wherever you may be.
However, that is too many steps, and too difficult for the end user. Orange needs to stop being paranoid about application installation and ship its phones unlocked. Microsoft needs a more user friendly certificate installation tool than one that only ships with Small Business Server 2003.
There's a reason why Blackberry is successful. It's easy to use one to get mobile email from any source.
However the usual fly in the ointment appeared when I tried to connect it to my mail server using Exchange ActiveSync.
It wouldn't work. The phone refused to accept my server's perfectly valid security certificate.
This was not good. I need mobile email like I need oxygen.
So why was I having problems? Like many small businesses I self certify my server.
marypcb and I (and a couple of trusted folk) are the only people who need remote access to the server, so there's no need for us to spend money on a commercial certificate.The standard trick of running Small Business Server 2003's sbsmobconfig.exe to load my server certificate on the phone didn't work - Orange's default setting for their Windows Mobile 5 devices locks down the certificate store, and the server certificate can't be loaded.
Any why is this? The answer's quite simple: Orange doesn't trust its users.
However there are ways around the impasse.
A bit of frantic googling and I found this thread on MoDaCo.
The instructions weren't quite right for a SBS installation. Here are my modified steps.
1. Download RegeditSTG.zip and SDA_ApplicationUnlock (there's a zip file in the thread with them both in).
2. Connect your phone to your PC and make sure that ActiveSync 4.1 is running.
3. Copy RegeditSTG.zip onto the phone without unzipping, and unzip on the phone. Run and install RegeditSTG.
4. Run RegeditSTG and change the value of HKLM\Security\Policies\Policies\00001017from 128 to 144.
5. Run SDA_ApplicationUnlock on your PC. This should remove the application lock on the phone.
6. Power cycle the phone.
7. Run sbsmobconfig.exe from your PC.
8. Power cycle the phone.
9. Check your phone settings for your server certificate.
Exchange ActiveSync should now work.
You can now breathe and read your email wherever you may be.
However, that is too many steps, and too difficult for the end user. Orange needs to stop being paranoid about application installation and ship its phones unlocked. Microsoft needs a more user friendly certificate installation tool than one that only ships with Small Business Server 2003.
There's a reason why Blackberry is successful. It's easy to use one to get mobile email from any source.
busy
There are 11 comments on this entry.