TreoCentral.com - View Single Post

ggarrett · 01/24/2007, 11:11 AM

After first posting this without response, I have been on an adventure with Direct Push. While I am still not satisfied with the performance of Direct Push with my Treo 750 due to network architecture issues at my company, I can now answer many questions regarding Exchange ActiveSync Direct Push due to the amount of time I have spent trying to understand this problem.

As for the "certificate is invalid on the server" error...

It is very simple. Log into Outlook Web Access (OWA) on your computer using IE. Then go to "view security report" (there should be a little lock icon in your browser) and then view certificates. Most likely you will have a chain of certificates (use the certificate path tab) and for each cert in the chain you must individually "view certificate" and then go to the details tab and copy each certificate to a file using the default DER format. Once you have the DER file for each certificate in the chain, copy these files to your device (over usb) and then click each one to install. I installed in hierarchical order starting with the root CA (the top cert in the chain) and then working my way down through the intermediate certs. You must check the box in Mobile ActiveSync that says “this server requires an encrypted (SSL) connection.” If you have followed this procedure correctly you should now be able to connect without error.

The problem of not receiving calendar, tasks, and/or inbox subfolders during a sync and no error message is displayed...

My problem was that Calendar appointments and Tasks would not sync; nor would any of my 65 subfolders to the inbox sync even though I specified them to. Also if I requested a month of email history I would only get a few days. It turns out this problem is related to antivirus scan program on the Exchange server. For most AV programs the emails are placed in a queue to be scanned based on their priority. Inbox is highest priority, then subfolders, calendar, and tasks. When Mobile Activesync attempts to sync your folders it notices how many items it needs to sync but is unable to sync all items because Exchange will not let them go due to not being scanned. So it simply skips the ones that are not available and then maybe at a later date it will receive them if they have been scanned. However, if you go into OWA and then view the subfolder emails in the reading pane this forces a scan on that particular email and then you’ll notice that your device is able to sync the item. This is also true for calendar and tasks; open the calendar appt and/or task and then choose “save and close” and then these items will sync next time a sync is initiated. You can correct this issue by enabling “proactive scanning” in your AV program (on the server) or directly on the Exchange server (registry edit). We enabled this feature on our server and then all of my email, email subfolder, calendar appointments, and tasks synced perfectly but the next day we had massive “slow down” issues with our Exchange server (though maybe just coincidence) but now this feature has since been disabled and I am not receiving calendar, tasks, and subfolder emails.

And last but not least, the problem that I have not been able to solve… PLEASE HELP WITH THIS ONE.

I have enabled to receive all Exchange items “as they arrive” and this has never happened. My device initiated sync a random amount of minutes after receiving the email in Outlook. I have read that when working properly the device usually receives the item before outlook (similar to BlackBerry). By viewing the logs on my treo I can tell that the device is sending out a 360 second heartbeat and then syncs during every heartbeat cycle regardless of whether it needs to. I think that the connection is being dropped during the heartbeat interval and so Mobile ActiveSync just syncs to make sure that it didn’t miss anything. Our firewall timeout is set to 30 and 60 minutes for port 443 and 80 respectively. I haven’t been able to verify timeouts on all other net appliances yet. By looking in the registry of the treo I have found that 360 seconds is the minimum heartbeat that the device is allowed to sync. Since in theory the device dynamically picks the longest possible heartbeat based on imposed timeouts along the path from internet to Exchange, it appears that our timeout must be less than the minimum allowed by the phone. So, I modified the registry to allow as low as 60 second heartbeats just so that I could verify my theory to be correct but the phone began syncing once per minute and so I had to revert to the default because my battery could not take it.

If anyone has any advice please let me know… Sorry for the long descriptions but hopefully this information may help others with similar problems.

01/24/2007, 11:11 AM	#7 (permalink)
ggarrett Member Join Date: Jan 2007 Location: Houston Posts: 50 Thanks: 0 Thanked 0 Times in 0 Posts	After first posting this without response, I have been on an adventure with Direct Push. While I am still not satisfied with the performance of Direct Push with my Treo 750 due to network architecture issues at my company, I can now answer many questions regarding Exchange ActiveSync Direct Push due to the amount of time I have spent trying to understand this problem. As for the "certificate is invalid on the server" error... It is very simple. Log into Outlook Web Access (OWA) on your computer using IE. Then go to "view security report" (there should be a little lock icon in your browser) and then view certificates. Most likely you will have a chain of certificates (use the certificate path tab) and for each cert in the chain you must individually "view certificate" and then go to the details tab and copy each certificate to a file using the default DER format. Once you have the DER file for each certificate in the chain, copy these files to your device (over usb) and then click each one to install. I installed in hierarchical order starting with the root CA (the top cert in the chain) and then working my way down through the intermediate certs. You must check the box in Mobile ActiveSync that says “this server requires an encrypted (SSL) connection.” If you have followed this procedure correctly you should now be able to connect without error. The problem of not receiving calendar, tasks, and/or inbox subfolders during a sync and no error message is displayed... My problem was that Calendar appointments and Tasks would not sync; nor would any of my 65 subfolders to the inbox sync even though I specified them to. Also if I requested a month of email history I would only get a few days. It turns out this problem is related to antivirus scan program on the Exchange server. For most AV programs the emails are placed in a queue to be scanned based on their priority. Inbox is highest priority, then subfolders, calendar, and tasks. When Mobile Activesync attempts to sync your folders it notices how many items it needs to sync but is unable to sync all items because Exchange will not let them go due to not being scanned. So it simply skips the ones that are not available and then maybe at a later date it will receive them if they have been scanned. However, if you go into OWA and then view the subfolder emails in the reading pane this forces a scan on that particular email and then you’ll notice that your device is able to sync the item. This is also true for calendar and tasks; open the calendar appt and/or task and then choose “save and close” and then these items will sync next time a sync is initiated. You can correct this issue by enabling “proactive scanning” in your AV program (on the server) or directly on the Exchange server (registry edit). We enabled this feature on our server and then all of my email, email subfolder, calendar appointments, and tasks synced perfectly but the next day we had massive “slow down” issues with our Exchange server (though maybe just coincidence) but now this feature has since been disabled and I am not receiving calendar, tasks, and subfolder emails. And last but not least, the problem that I have not been able to solve… PLEASE HELP WITH THIS ONE. I have enabled to receive all Exchange items “as they arrive” and this has never happened. My device initiated sync a random amount of minutes after receiving the email in Outlook. I have read that when working properly the device usually receives the item before outlook (similar to BlackBerry). By viewing the logs on my treo I can tell that the device is sending out a 360 second heartbeat and then syncs during every heartbeat cycle regardless of whether it needs to. I think that the connection is being dropped during the heartbeat interval and so Mobile ActiveSync just syncs to make sure that it didn’t miss anything. Our firewall timeout is set to 30 and 60 minutes for port 443 and 80 respectively. I haven’t been able to verify timeouts on all other net appliances yet. By looking in the registry of the treo I have found that 360 seconds is the minimum heartbeat that the device is allowed to sync. Since in theory the device dynamically picks the longest possible heartbeat based on imposed timeouts along the path from internet to Exchange, it appears that our timeout must be less than the minimum allowed by the phone. So, I modified the registry to allow as low as 60 second heartbeats just so that I could verify my theory to be correct but the phone began syncing once per minute and so I had to revert to the default because my battery could not take it. If anyone has any advice please let me know… Sorry for the long descriptions but hopefully this information may help others with similar problems.