Mail for Exchange

= Mail For Exchange (MfE) =

For general informatipon on synchronising your N900 with a mail or calendar server, please see the sync page

This page answers questions which are commonly asked by new N900 MfE users. It is mostly based on the analysis of the MfE support thread.

The current version of the page addresses two versions of MfE:


 * PR1.0, also known as "Sales release" (1.2009.42-11)
 * PR1.1 (2.2009.51-1). Latest firmware update available from Nokia.

See How can I check what version of the software is installed in my N900? for steps to check what version of the software is installed in your device.

If you use PR1.0 (sales release) it is hardly advised to update to PR1.1. See PR1.1 summary for additional details and update instructions.

PR 1.0
Microsoft Exchange 2007 with service packs on top. MS Exchange 2010 also works fine according to users reports.

In more technical terms, only EAS protocol 12.1 is supported and implementation is tested against MS Exchange 2007 servers. See How can I check what versions of EAS protocol are supported by my server? to check what EAS protocols are supported by your server.

PR 1.1

 * Microsoft Exchange 2007 with and without service packs on top. MS Exchange 2010 also works fine according to users reports.
 * Microsoft Exchange 2003.

In more technical terms, EAS protocols 2.5, 12.0 and 12.1 are supported and implementation is tested against MS Exchange 2003 and 2007 servers. See How can I check what versions of EAS protocol are supported by my server? to check what EAS protocols are supported by your server.

PR 1.0

 * Microsoft Exchange 2003 is not supported.
 * Microsoft Exchange 2007 without service packs is not supported.

The only way to get MfE working with these servers is to install PR.1.1 update which is highly recommended.

PR 1.1

 * All non-MS services, although there has been reported success synchronizing with Google and other non-MS services.

Why is feature XXX present in MfE for S60 but not for the N900?
S60 and Maemo MfE are different implementations.

The table below tries to summarize the most important differences between S60 and Maemo MfE implementations.

(*) This feature is supported in PR1.1 release but not in PR1.0 (sales release).

Lack of provisioning support in MfE for the N900 is the most common cause of problems with corporate Exchange servers in North America. See Provisioning for additional details.

Provisioning
N900 is considered to be "non provisioning device" from Exchange server point of view. It basically means that it can not be managed from Exchange server - administrator can not wipe your device, request you to use autolock and so on. Basically, all the provisioning data received from the server is ignored and the server is informed that N900 MfE does not support this feature.

Exchange administrator can configure the server in 2 ways - he/she can allow to use non-provisioning devices or disallow. In the second case N900 MfE will not work as server will reject the connection.

Post with Exchange server 2003 management console

PR 1.1
Corporate phone book support is broken for PR 1.1 release. Wait for the next MfE software update to fix it. It is broken only for Exchange 2003 servers (in more technical terms, for the EAS protocol 2.5).

SSL-related errors
The error message is displayed "Exchange server requires secure connection or account is disabled".

This infamous error message is caused by the fact that server certificate is untrusted from Maemo MfE client PoV.

Possible root causes and workarounds:

Server certificate is either self-signed or signed by the non-trusted authority (root certificate is not visible in N900 "Certificates" application).
In this case, the server certificate shall be added to N900 certificate storage. Check this message and the thread after it for additional details.

Keep in mind - self-signed certificate shall have "CA" field. Otherwise, N900 certificate manager will not allow to install it. This message tells how to check does certificate has "CA" field or not.

Unfortunately, there is no way to disable certificates check at the client side in the current MfE releases (both PR1.0 and PR1.1).

PR1.0
Disclaimer:

''The content of this section is applicable only for sales release (PR1.0). If you use this release, it is highly recommended to upgrade the software to PR1.1 instead of following the advices below.''


 * Another important hint about importing certificates.
 * Server certificate is valid and trusted but MfE fails to sync. Check this bug.

How can I check what version of the software is installed in my N900?

 * Open "Settings" view
 * Scroll to the "General" section
 * Open "About product" applet
 * Check the "Version" string

Versions strings versus releases:

If you use PR1.0 (sales release) it is hardly advised to update to PR1.1. See PR1.1 summary for additional details and update instructions.

How can I check what versions of EAS protocol are supported by my server?

 * 1)  Take the logs following the steps described in the section How can I turn the logging ON or OFF?
 * 2)  Grep (search) for "MS-ASProtocolVersions:" in the logs. It will contain the EAS protocol versions supported by your server.

How can I turn the logging ON or OFF?
Warning:

Before sending the logs to somebody (including Nokia) or publishing them, check that the log files do not contain any data which you treat as private or confidentional!

Turning the logging ON

 * 1) Install syslog and reboot the device
 * 2) open terminal
 * 3) Execute the command: sudo gainroot
 * 4) Execute the command: cat /dev/null > /var/log/syslog
 * 5) Execute the following commands:
 * 6) gconftool-2 -s --type=int /apps/activesync/AsDaemon/Syslog/MinLogLevel 0
 * 7) gconftool-2 -s --type=int /apps/activesync/modest/Syslog/MinLogLevel 0
 * 8) gconftool-2 -s --type=int /apps/activesync/AsProvider/Syslog/MinLogLevel 0
 * 9) gconftool-2 -s --type=int /apps/activesync/AsBackup/Syslog/MinLogLevel 0
 * 10) gconftool-2 -s --type=int /apps/activesync/asapplet/Syslog/MinLogLevel 0
 * 11) gconftool-2 -s --type=int /apps/activesync/AsStatusApplet/Syslog/MinLogLevel 0
 * 12) Reboot the device
 * 13) Initiate the synchronization session

/var/log/syslog will contain the logs. In order to filter only activesync-specific logs the following command can be used:

grep activesync /var/log/syslog

In order to copy the activesync log to your computer follow the steps below:


 * 1) Make sure your N900 is not connected to any other device (including your desktop computer) through USB
 * 2) Open xterm (if it is not opened yet)
 * 3) Issue the command sudo gainroot (if it was not issued yet)
 * 4) Issue the command: grep activesync /var/log/syslog >  /home/user/MyDocs/activesync.log
 * 5) Close xterm
 * 6) Connect your N900 to the computer through USB
 * 7) Wait while flash drive(s) will appear in your computer
 * 8) Find activesync.log in one of the disk drives
 * 9) Copy it to your computer
 * 10) Remove the file from N900
 * 11) (Safely) disconnect N900 from the computer

Turning the logging OFF
In order to turn the logs OFF, execute the following commands from xterm:

gconftool-2 -u /apps/activesync/AsDaemon/Syslog/MinLogLevel gconftool-2 -u /apps/activesync/modest/Syslog/MinLogLevel gconftool-2 -u /apps/activesync/AsProvider/Syslog/MinLogLevel gconftool-2 -u /apps/activesync/AsBackup/Syslog/MinLogLevel gconftool-2 -u /apps/activesync/asapplet/Syslog/MinLogLevel gconftool-2 -u /apps/activesync/AsStatusApplet/Syslog/MinLogLevel

After device reboot the logs will not be collected.

Extended logging
There is the extended logging option for getting logged all data which are transmitted and received by ActiveSync protocol. This option requires as-daemon logging to be turned on as described above. Then, as-daemon process needs to receive USR2 signal. This also can be done from a device console:

$ ps ax | grep as-daemon

This command will produce output like this:

1503 user 25756 S /usr/sbin/as-daemon -D --pidfile=/var/lock/as-daemon

where 1503 is the value needed for the next command. The next command is kill -USR2, so for this case, it is:

$ kill -USR2 1503

After that, extended logging is turned on and ready to be used. This option does not survive over reboots. It can be turned off by sending the same kill -USR2 command again.

Warning:

Before sending the logs to somebody (including Nokia) or publishing them, check that the log files do not contain any data which you treat as private or confidentional!

Pre-setting EAS protocol to be used on sync/ disable auto-negotiation
In certain scenarios it might be useful to disable MfE's built in auto-negotiation function on what sync protocol (EAS 2.5, 12.0 or 12.1) to be used during syncs and use a pre-defined default one instead. Some users report error messages/ fails in sync when trying to establish a connection with e.g. a Scalix Groupware server. For the time being (until solved on either side) a workaround has been established by presetting the sync protocol to EAS 2.5 manually. Scalix Groupware Server with Scalix-AS-1.0.2-addon has been reported working with EAS 2.5 on basic sync (calendar, contacts and email). Before forcing MfE to use a specific protocol version make sure it is supported on the server-side.

To force MfE to use a particular protocol follow these steps:


 * 1) Start MfE configuration wizard entering the credentials on the first page and press "next". Do not enter the server address on page 2 yet!
 * 2) Open xterm and execute: sudo gainroot
 * 3) Execute the following commands:
 * 4) gconftool-2 -s --type=string /apps/activesync/ActiveSyncAccount1/use_version 2.5
 * 5) gconftool-2 -s --type=string /apps/activesync/ActiveSyncAccount1Temp/use_version 2.5
 * 6) Now continue MfE setup wizard and enter server address. Click next and follow the procedure to finish the wizard.

To check whether your changes have succesfully been submitted make sure you have syslog installed and type in xterm:

sudo gainroot tail -f /var/log/syslog | grep "Created factory"

There won't be a output right away but when


 * credentials are verified
 * first sync started
 * Wizard setup completed

you should be able to see *Created factory for version 2.5* on the terminal. Pressing Ctrl+C will bring you back to the shell.

To disable the preset/ return to auto-negotiation it is recommended to delete the MfE-account and create a new one with the wizard from scratch.

Of course the above described way will also let you set EAS 12.0 or 12.1 as default protocols. Simply change the values on use_version in the respective gconftool commands.

Debugging possible certificate errors on self-signed certificates
You might experience an error message like "Either exchange server requires a secure connection or your account is disabled". This mostly occurs when syncing on secure connections when using a self-signed certificate and/or missing certificate authority (CA) tag in the respective field.

A quick way to check whether your certificate info gets rosolved properly by the maemo OS is a cli-tool called "cmcli".

Note: This is a system-wide certificate check - not a MfE-specific issue!

Please open terminal and type:

cmcli -T common-ca -v : to check with one of the 118 pre-installed certificate authorities or cmcli -t ssl-ca -v : when the chain of trust ends with a user-installed certificate.

The missing tags have to be replaced with your personal server-address and respective port number (mostly 443 on SSL connections) data.

For instance: cmcli -T common-ca -v localhost:443

The output should read something like this: 0115e5345e4dd64855ed1e3d44060be25f26c2e6 nixu-jum trust chain(1): b5567d6c9eef05f07966d98eb2a85716bff4e80d Maemosec test CA    Verified OK

or

0115e5345e4dd64855ed1e3d44060be25f26c2e6 nixu-jum Verification failed: self signed certificate

depending whether the verification fails or not.

How can I use my corporate address book (GAL) ?
At first, check that you use PR1.1 or later release of the software. Check also the known problem of Exchange 2003 implementation.

It is possible to search for a contact in your corporate address book using "Contacts" application.

Follow these steps to add the contact from your corporate address book to the N900 address book:


 * Open "Contacts" application
 * Select "Get Contacts" option from the menu
 * Choose "Import Mail Exch. contacts"
 * Enjoy!