Mail for Exchange

(Turning the logging ON)
m (same translation error)
Line 167: Line 167:
-
If you use PR1.0 (sales release) it is hardly advised to update to PR1.1.  
+
If you use PR1.0 (sales release) it is strongly advised to update to PR1.1.  
See [http://wiki.maemo.org/Maemo_5/PR1.1 PR1.1 summary] for additional details and update instructions.
See [http://wiki.maemo.org/Maemo_5/PR1.1 PR1.1 summary] for additional details and update instructions.

Revision as of 14:08, 5 February 2010

Contents

Mail For Exchange (MfE)

For general informatipon on synchronising your N900 with a mail or calendar server, please see the sync page

This page answers questions which are commonly asked by new N900 MfE users. It is mostly based on the analysis of the MfE support thread.

The current version of the page addresses two versions of MfE:

See How can I check what version of the software is installed in my N900? for steps to check what version of the software is installed in your device.

If you use PR1.0 (sales release) it is strongly advised to update to PR1.1. See PR1.1 summary for additional details and update instructions.

Compatibility

What server versions are supported by N900 MfE client?

PR 1.0

Microsoft Exchange 2007 with service packs on top. MS Exchange 2010 also works fine according to users reports.

In more technical terms, only EAS protocol 12.1 is supported and implementation is tested against MS Exchange 2007 servers. See How can I check what versions of EAS protocol are supported by my server? to check what EAS protocols are supported by your server.

PR 1.1

  • Microsoft Exchange 2007 with and without service packs on top. MS Exchange 2010 also works fine according to users reports.
  • Microsoft Exchange 2003.

In more technical terms, EAS protocols 2.5, 12.0 and 12.1 are supported and implementation is tested against MS Exchange 2003 and 2007 servers. See How can I check what versions of EAS protocol are supported by my server? to check what EAS protocols are supported by your server.

What server versions are NOT supported by N900 MfE client?

PR 1.0

  • Microsoft Exchange 2003 is not supported.
  • Microsoft Exchange 2007 without service packs is not supported.

The only way to get MfE working with these servers is to install PR.1.1 update which is highly recommended.

PR 1.1

  • All non-MS services, although there has been reported success synchronizing with Google and other non-MS services.

Why is feature XXX present in MfE for S60 but not for the N900?

S60 and Maemo MfE are different implementations.

The table below tries to summarize the most important differences between S60 and Maemo MfE implementations.

Feature S60 status Maemo status
E-Mail YES, subfolders are not synced YES, subfolders are synced
Calendar YES YES
Tasks YES YES
Notes  ? NO
Meeting invitations replying YES NO
Private appointments YES NO
Corporate address book (GAL) YES YES (*)
Exchange servers support 2003, 2007 2003, 2007
Autodiscover YES YES
Provisioning support Partly YES NO

(*) This feature is supported in PR1.1 release but not in PR1.0 (sales release).

Lack of provisioning support in MfE for the N900 is the most common cause of problems with corporate Exchange servers in North America. See Provisioning for additional details.

Known issues

Provisioning

N900 is considered to be "non provisioning device" from Exchange server point of view. It basically means that it can not be managed from Exchange server - administrator can not wipe your device, request you to use autolock and so on. Basically, all the provisioning data received from the server is ignored and the server is informed that N900 MfE does not support this feature.

Exchange administrator can configure the server in 2 ways - he/she can allow to use non-provisioning devices or disallow. In the second case N900 MfE will not work as server will reject the connection.

Post with Exchange server 2003 management console

GAL support for Exchange 2003

PR 1.1

Corporate phone book support is broken for PR 1.1 release. Wait for the next MfE software update to fix it. It is broken only for Exchange 2003 servers (in more technical terms, for the EAS protocol 2.5).

SSL-related errors

The error message is displayed "Exchange server requires secure connection or account is disabled".

This infamous error message is caused by the fact that server certificate is untrusted from Maemo MfE client PoV.

Possible root causes and workarounds:

Server certificate is either self-signed or signed by the non-trusted authority (root certificate is not visible in N900 "Certificates" application).

In this case, the server certificate shall be added to N900 certificate storage. Check this message and the thread after it for additional details.

Keep in mind - self-signed certificate shall have "CA" field. Otherwise, N900 certificate manager will not allow to install it. This message tells how to check does certificate has "CA" field or not.

Unfortunately, there is no way to disable certificates check at the client side in the current MfE releases (both PR1.0 and PR1.1).

PR1.0

Disclaimer:

The content of this section is applicable only for sales release (PR1.0). If you use this release, it is highly recommended to upgrade the software to PR1.1 instead of following the advices below.

Troubleshooting

How can I check what version of the software is installed in my N900?

  • Open "Settings" view
  • Scroll to the "General" section
  • Open "About product" applet
  • Check the "Version" string

Versions strings versus releases:

Version Release
1.2009.42-11 PR 1.0 (sales)
2.2009.51-1 PR 1.1


If you use PR1.0 (sales release) it is strongly advised to update to PR1.1. See PR1.1 summary for additional details and update instructions.

How can I check what versions of EAS protocol are supported by my server?

  1. Take the logs following the steps described in the section How can I turn the logging ON or OFF?
  2. Grep (search) for "MS-ASProtocolVersions:" in the logs. It will contain the EAS protocol versions supported by your server.

How can I turn the logging ON or OFF?

Warning:

Before sending the logs to somebody (including Nokia) or publishing them, check that the log files do not contain any data which you treat as private or confidentional!


Turning the logging ON

  1. Install syslog and reboot the device
  2. open terminal
  3. Execute the command: sudo gainroot
  4. Execute the command: cat /dev/null > /var/log/syslog
  5. Execute the following commands:
     gconftool-2 -s --type=int /apps/activesync/AsDaemon/Syslog/MinLogLevel 0
     gconftool-2 -s --type=int /apps/activesync/modest/Syslog/MinLogLevel 0
     gconftool-2 -s --type=int /apps/activesync/AsProvider/Syslog/MinLogLevel 0
     gconftool-2 -s --type=int /apps/activesync/AsBackup/Syslog/MinLogLevel 0
     gconftool-2 -s --type=int /apps/activesync/asapplet/Syslog/MinLogLevel 0
     gconftool-2 -s --type=int /apps/activesync/AsStatusApplet/Syslog/MinLogLevel 0
  1. Reboot the device
  2. Initiate the synchronization session

/var/log/syslog will contain the logs. In order to filter only activesync-specific logs the following command can be used:

     grep activesync /var/log/syslog

In order to copy the activesync log to your computer follow the steps below:

  1. Make sure your N900 is not connected to any other device (including your desktop computer) through USB
  2. Open xterm (if it is not opened yet)
  3. Issue the command sudo gainroot (if it was not issued yet)
  4. Issue the command: grep activesync /var/log/syslog > /home/user/MyDocs/activesync.log
  5. Close xterm
  6. Connect your N900 to the computer through USB
  7. Wait while flash drive(s) will appear in your computer
  8. Find activesync.log in one of the disk drives
  9. Copy it to your computer
  10. Remove the file from N900
  11. (Safely) disconnect N900 from the computer

Turning the logging OFF

In order to turn the logs OFF, execute the following commands from xterm:

    gconftool-2 -u /apps/activesync/AsDaemon/Syslog/MinLogLevel
    gconftool-2 -u /apps/activesync/modest/Syslog/MinLogLevel
    gconftool-2 -u /apps/activesync/AsProvider/Syslog/MinLogLevel
    gconftool-2 -u /apps/activesync/AsBackup/Syslog/MinLogLevel
    gconftool-2 -u /apps/activesync/asapplet/Syslog/MinLogLevel
    gconftool-2 -u /apps/activesync/AsStatusApplet/Syslog/MinLogLevel

After device reboot the logs will not be collected.

Extended logging

There is the extended logging option for getting logged all data which are transmitted and received by ActiveSync protocol. This option requires as-daemon logging to be turned on as described above. Then, as-daemon process needs to receive USR2 signal. This also can be done from a device console:

    $ ps ax | grep as-daemon

This command will produce output like this:

   1503 user 25756 S /usr/sbin/as-daemon -D --pidfile=/var/lock/as-daemon

where 1503 is the <pid> value needed for the next command. The next command is kill -USR2 <pid>, so for this case, it is:

    $ kill -USR2 1503

After that, extended logging is turned on and ready to be used. This option does not survive over reboots. It can be turned off by sending the same kill -USR2 <pid> command again.

Warning:

Before sending the logs to somebody (including Nokia) or publishing them, check that the log files do not contain any data which you treat as private or confidentional!

Pre-setting EAS protocol to be used on sync/ disable auto-negotiation

In certain scenarios it might be useful to disable MfE's built in auto-negotiation function on what sync protocol (EAS 2.5, 12.0 or 12.1) to be used during syncs and use a pre-defined default one instead. Some users report error messages/ fails in sync when trying to establish a connection with e.g. a Scalix Groupware server. For the time being (until solved on either side) a workaround has been established by presetting the sync protocol to EAS 2.5 manually. Scalix Groupware Server with Scalix-AS-1.0.2-addon has been reported working with EAS 2.5 on basic sync (calendar, contacts and email). Before forcing MfE to use a specific protocol version make sure it is supported on the server-side.

To force MfE to use a particular protocol follow these steps:

  1. Start MfE configuration wizard entering the credentials on the first page and press "next". Do not enter the server address on page 2 yet!
  2. Open xterm and execute: sudo gainroot
  3. Execute the following commands:
    1. gconftool-2 -s --type=string /apps/activesync/ActiveSyncAccount1/use_version 2.5
    2. gconftool-2 -s --type=string /apps/activesync/ActiveSyncAccount1Temp/use_version 2.5
  4. Now continue MfE setup wizard and enter server address. Click next and follow the procedure to finish the wizard.


To check whether your changes have succesfully been submitted make sure you have syslog installed and type in xterm:

    sudo gainroot tail -f /var/log/syslog | grep "Created factory"

There won't be a output right away but when

  • credentials are verified
  • first sync started
  • Wizard setup completed

you should be able to see *Created factory for version 2.5* on the terminal. Pressing Ctrl+C will bring you back to the shell.


To disable the preset/ return to auto-negotiation it is recommended to delete the MfE-account and create a new one with the wizard from scratch.


Of course the above described way will also let you set EAS 12.0 or 12.1 as default protocols. Simply change the values on use_version in the respective gconftool commands.

Debugging possible certificate errors on self-signed certificates

You might experience an error message like "Either exchange server requires a secure connection or your account is disabled". This mostly occurs when syncing on secure connections by using a self-signed certificate and/or missing certificate authority (CA) tag in the respective field.

A quick way to check whether your certificate info gets rosolved properly by the maemo OS is a cli-tool called "cmcli".

Note: This is a system-wide certificate check - not a MfE-specific issue!

Please open terminal and type:

    cmcli -T common-ca -v <your-server-dns-name-or-ip-address>:<port-number>

to check with one of the 118 pre-installed certificate authorities or

    cmcli -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>

when the chain of trust ends with a user-installed certificate. To be on the safe side, you can actually use both at the same time:

    cmcli -T common-ca -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>


The missing tags have to be replaced with your personal server-address and respective port number (mostly 443 on SSL connections).


For instance: cmcli -T common-ca -v localhost:443


The output should read something like this:

    0115e5345e4dd64855ed1e3d44060be25f26c2e6 nixu-jum
trust chain(1):
  b5567d6c9eef05f07966d98eb2a85716bff4e80d Maemosec test CA
    Verified OK

or

    0115e5345e4dd64855ed1e3d44060be25f26c2e6 nixu-jum
Verification failed: self signed certificate

depending whether the verification succeeds or not.

If the verification fails and you want to see why, you can save the certificates the server sends by giving also the -s switch at the command line. Like this:

    cmcli -T common-ca -sv <your-servers-dns-name-or-ip-address>:<port-number>

This will make the command to write the server certificates and possibly sent intermediate CA certificates into file(s) with the .pem-extension, where the name of each file is the SHA1 hash of the public key in hexadecimal. You can then study these file for instance with the command

    openssl x509 -text -in <certificate-file>

Miscellaneous

How can I use my corporate address book (GAL) ?

At first, check that you use PR1.1 or later release of the software. Check also the known problem of Exchange 2003 implementation.


It is possible to search for a contact in your corporate address book using "Contacts" application.

Follow these steps to add the contact from your corporate address book to the N900 address book:

  • Open "Contacts" application
  • Select "Get Contacts" option from the menu
  • Choose "Import Mail Exch. contacts"
  • Enjoy!