September 28, 2009

Treo 755 ActiveSync & Exchange 2007 fixes

Fun tech fix for the day:

Problem: You’ve got a Palm Treo 755 and you’re trying to use activesync with an Exchange 2007 SP0/1/2. Either it used to work or it’s a first time setup. This issue I’ve run into is 3 fold.

1)      The security policy on the exchange server. Palm devices seem to only like to talk to servers with just one policy.

2)      IIS timeout, you’ve got to have stay-alives active on the IIS page.

3)      Self-signed SSL certificates.

The first issue is the most Administrator intensive fix.

1)      Go into Exchange Management Console on your Exchange server (or on a delegated machine).

2)      Go into Organization Configuration – Client Access.

3)      You should see the ActiveSync Policies on the left. If you have more than one compare their properties, work to get the settings on one perfect and remember the other’s name.

4)      Open the Exchange Management Shell and perform the following command:

Remove-ActiveSyncMailboxPolicy -Identity “POLICYNAME”

where POLICYNAME is the exact name from the Console’s list. I picked Default to make this process easier.

The second issue is easy.

1)      Open IIS Manager (NOT IIS 6 Manager however, make sure it’s the new one) on your Exchange Edge Server.

2)      Go into Your Server – Sites – Default Website (or the site that manages OWA/ActiveSync) – Microsoft-Server-ActiveSync.

3)      Click on HTTP Response Headers, then click on the Set Common Headers action on the right.

4)      Ensure Enable HTTP Keep-alive is enabled and press OK.

The final issue is that of the self-signed SSL certificate.

1)      Find your Root CA’s certificate file for your domain. Sometimes your Exchange server is your root CA, sometimes it’s not.

2)      Copy that certificate file to your local machine.

3)      Download the certificate mod tool from Palm. http://www.palm.com/us/support/downloads/versamail/certmodtool.html

4)      Extract the tool and run the cert to pdb tool, import the cert file and create the CertMgr.pdb file.

5)      Copy the file using miniSD or other method to your phone. Install the certificate by copying it to your system device memory and reboot.

6)      Now your domain’s root cert is a trusted by your device.

There are a few other things I’ve run into, but these 3 are the most common from my experience. Hopefully this helps someone else!