dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
34225
share rss forum feed


Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12

1 edit

[iPhone] 3.1 breaks Exchange Sync for pre-3GS phones


Nice
I upgraded to 3.1 and now I receive the message you see in the screenshot. Apparently I'm not the only one: »discussions.apple.com/thread.jsp···10166076


MIABye
Premium
join:2001-10-28
united state

Re: [iPhone] 3.1 breaks Exchange Sync

Thanks for the heads up. I will wait on the update.


Daemon
Premium
join:2003-06-29
Berkeley, CA
Reviews:
·Comcast
·webpass.net

2 edits

1 recommendation

reply to Matt3

Happens at my work too. I suspect it's an exchange server setting requiring encryption on the device, which works fine for blackberries and iPhone 3GS's, which support it.

In iPhone 3.0 and earlier, iPhones simply ignored the policy setting, but now the 3GS supports it, it's a subtle move telling enterprises that if they want encryption, upgrade to 3GS.

I'm not sure if Exchange even has a 'use encryption if you have it, otherwise don't' setting. It might be 'don't care at all' versus 'have to have it'. My work is not going to be happy if they have to relax the encryption requirement on all mobile devices.

The apple discussion thread is hilarious. It's a combination of 'me too', 'help', and 'delete the account and re-add' posts. Nothing constructive.

edit: »technet.microsoft.com/en-us/libr···484.aspx

I'm almost sure I'm right now. There are both 'enable device encryption' and 'require device encryption' boxes. All my server admin has to do is keep the former and disable the latter and things should work again.

This is NOT a bug on Apple's part. Administrators that really want to FORCE encryption probably do not want old iphones connecting. The old behavior, of simply ignoring the policy, was a bug. From a bit of basic googling, it seems the new setting was added in 2007 SP1, so it seems like 3.1 just updates to a new revision of active sync. So maybe it was not technically a bug when 3.0 came out, but it would be now.

--
-Ryan
sig for sale! Only one previous owner, lovingly cared for



Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12

Hrm, luckily I'm the Exchange 2007 Admin and I do believe there is a policy setting for encryption on mobile devices. I always assumed that my iPhone honored that setting ... I'm going to investigate now.


Daemon
Premium
join:2003-06-29
Berkeley, CA
Reviews:
·Comcast
·webpass.net

said by Matt3:

Hrm, luckily I'm the Exchange 2007 Admin and I do believe there is a policy setting for encryption on mobile devices. I always assumed that my iPhone honored that setting ... I'm going to investigate now.
See my edit above, which was a simulpost with yours.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for


Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12

1 edit


Activesync Policies
said by Daemon:

said by Matt3:

Hrm, luckily I'm the Exchange 2007 Admin and I do believe there is a policy setting for encryption on mobile devices. I always assumed that my iPhone honored that setting ... I'm going to investigate now.
See my edit above, which was a simulpost with yours.
Yep, I just turned it off and now I can connect.

For any Exchange 2007 Admins, you need to go into your Organization Configuration - Client Access, right click the policy you have configured for your Exchange Activesync Mailbox Policies, and disable Require encryption on the device.

I'm not that concerned about it, because remote wipe is still supported, but I can see how there will be an outcry about it, especially since there was no advance warning that anything previous to the 3GS would suddenly fail. That setting is the default in Exchange 2007.

Daemon
Premium
join:2003-06-29
Berkeley, CA
Reviews:
·Comcast
·webpass.net

1 edit

said by Matt3:

That setting is the default in Exchange 2007.
Previous versions of Microsoft would have thought 'requiring X when not all devices in Y may support X would break stuff, so we'll disable it by default for maximum compatibility'. New Microsoft says 'leaving X off by default may cause many people to never enable it, leaving things less secure, so we'll turn it on by default'.

My perspective is the new M.O. is a good thing-- make people acutely aware that allowing compatibility may cause security holes.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for


Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12

said by Daemon:

said by Matt3:

That setting is the default in Exchange 2007.
Previous versions of Microsoft would have thought 'requiring X when not all devices in Y may support X would break stuff, so we'll disable it by default for maximum compatibility'. New Microsoft says 'leaving X as an option by default may cause many people to never enable it, leaving things less secure, so we'll turn it on by default'.

My perspective is the new M.O. is a good thing-- make people acutely aware that allowing compatibility may cause security holes.
I agree. Also, as far as I know, there are only two mobile devices that support Activesync anyway, Windows Mobile and the iPhone, so it's completely possible Apple and Microsoft didn't communicate on this one. I still wouldn't be surprised to see a 3.1.1 that reverts to ignoring that setting on pre-3GS models.

It would certainly make me happier.


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to Matt3

Thanks for the tip. I just checked our Exchange server and Encryption was already disabled, so it looks like I won't be getting a bunch of calls tomorrow afterall.
--
University of Southern California - Class of 2010. Fight On!



godlikesme

@unisys.com
reply to Matt3

Not to jump the gun here or anything but I think this may be grounds for a class-action lawsuit for 3G owners. I purchased the 3G back in December of 2008 only because I was told it supported MS Exchange. There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. Had I known that I would never have purchased the iPhone -or I at least would have waited until a newer model that did support hardware encrption was released. For apple to just have the iPhone 3G ignore the policy and make users think everything was fine is wrong. In hindsight it appears as if they released a half-baked product that barely met the minimum requirements to support MS Exchange in order to get it into corporate customers hands and turn up the heat on RIM before it was too late. In the last year Apple probably started getting called out on the issue of hardware encryption which was a huge (but understated) feature of the 3GS. My guess is that they probably didn't want to make a big fuss about the importance of hardware encryption at the 3GS launch because it would have prompted 3G owners to question what their fate would be once the policy was enforced. Apple on their end didn't want to spoil the launch party with angry 3G customers so they decided to wait on actually updating the software on the iPhone OS until sometime later when more people would start using the 3GS.

Either way, this is bad news for all the 3G corporate users out there and something must be done. Anyone for starting a petition?



ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4

Hardly a class-action lawsuit case here.


Daemon
Premium
join:2003-06-29
Berkeley, CA
Reviews:
·Comcast
·webpass.net
reply to godlikesme

said by godlikesme :

Not to jump the gun here or anything but I think this may be grounds for a class-action lawsuit for 3G owners. [snip] There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. [snip] Either way, this is bad news for all the 3G corporate users out there and something must be done. Anyone for starting a petition?
Sorry, but not documenting that a feature is absent is not grounds for a class action lawsuit. The iPhone also didn't support MMS for a long time, still requires multiple inboxes instead of a unified inbox, is not linux compatible, etc etc. Should we start several class action lawsuits?
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for


godlikesme

@unisys.com
reply to ptrowski

With all due respect, why not?

If an official workaround cannot be provided that meets the security standards of all IT departments then how are iPhone 3G owners going to access MS Exchange email?

I am not saying that Apple's decision to enforce the encryption policy is wrong. On the contrary, it's a very positive step in the right direction and will only increase the iPhone's prominence in the corporate world for both current and potential customers.

The issue I have with Apple was their approach.

The whole transition to digital TV provides the perfect example. People really had no excuse for not knowing about it and if they went out and purchased a TV set without a digital tuner it was their own damn fault. If however, consumers would have been misled or if the government never told anyone that analog TV would be turned off and continued to let consumers blindly purchase soon-to-be obsolete televisions, that would be flat out wrong.

At least with digital TV if the consumer was totally out of touch with society or in a coma for the last few years they could always purchase a converter box or get cable if they had to.

But with the iPhone 3G -no such luck. Asking the IT department of a major corporation or government agency to relax it's security settings for individual users would be like forcing TV stations to continue broadcasting in analog.

You are entitled to your opinion but I feel pretty cheated.



darcilicious
Cyber Librarian
Premium
join:2001-01-02
Forest Grove, OR
kudos:4

said by godlikesme :

You are entitled to your opinion but I feel pretty cheated.
And that's all it takes to win file a class action suit.


godlikesme

@unisys.com
reply to Daemon

True, but for starters people have already started filing lawsuits against AT&T for the whole MMS thing and as for whether or not I'm justified in suing a company for not documenting or supporting a feature is not my argument. All of the things you mentioned can be supported with software updates. My argument is that Apple sold me a product that will never support hardware encryption just like it will never have a digital compass. The only difference is that I knew the 3G didn't have a digital compass and that it's absence won't prevent me from using Google Maps after future updates are applied. Although after this experience I'm not so sure.

Apple stated that the iPhone 3G supports MS Exchange. It may do a poor job of doing it and there may be many features that it does not currently implement but none of them actually prevent me from accessing my corporate email. This 3.1.1 update completely screws iPhone 3G owners. Period.



Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12

1 edit

1 recommendation

reply to godlikesme

said by godlikesme :

I purchased the 3G back in December of 2008 only because I was told it supported MS Exchange. There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email.
I know this may sound Troll'ish, so I apologize, but just because your IT Department can't use Google doesn't mean you can start a class action lawsuit. A simple Google search shows that the iPhone 3G doesn't support data encryption with Exchange: »www.google.com/#hl=en&source=hp&···7f87ed47

The iPhone supports Exchange just fine, what it doesn't support is a single feature added in SP1 as Daemon See Profile noted. No one is forcing Exchange-based organizations to use pre-3GS iPhones. You can't sue or start a class-action lawsuit because you didn't perform due diligence before deploying iPhones in your organization.

What you can do is fire the member of your IT staff who didn't perform the necessary research, or lied and said the device supported encryption when in fact it never has, if encryption is that important to you.



ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4

1 recommendation

Great post, Matt.



godlikesme

@unisys.com
reply to darcilicious

Maybe I am over-reacting a bit. It's barely been 24 hours since the update was released and I should at least give Apple a chance to respond to the issue.

If a reasonable solution can be implemented then great. I would be totally amicable to some form of settlement that would either allow me to get out of my contract without penalty or upgrade to a 3GS for free or at a reduced price. I am a reasonable person. I have been using my current iPhone for almost 10 months and it wouldn't be fair for me to demand a "free iPhone 3GS". Perhaps Apple could have some sort of "Exchange for Exchange (i.e. MS Exchange)" program.



ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4

said by godlikesme :

Maybe I am over-reacting a bit. It's barely been 24 hours since the update was released and I should at least give Apple a chance to respond to the issue.

If a reasonable solution can be implemented then great. I would be totally amicable to some form of settlement that would either allow me to get out of my contract without penalty or upgrade to a 3GS for free or at a reduced price. I am a reasonable person. I have been using my current iPhone for almost 10 months and it wouldn't be fair for me to demand a "free iPhone 3GS". Perhaps Apple could have some sort of "Exchange for Exchange (i.e. MS Exchange)" program.
Give it some time. But I would expect that your forms of settlement would come around once hell freezes over.
--
"So, Lone Starr, now you see that evil will always triumph because good is dumb."

Have you been touched by his noodly appendage? »www.venganza.org


Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12
reply to godlikesme

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one. You can disable forced encryption and your phone will work fine, so this is a non-issue. I know for Windows Mobile phones, you can still enable encryption on the device itself. It's likely you could even create two different Activesync Policies on your Exchange Server, one specifically for your iPhone devices that doesn't force encryption and another for other mobile devices that does force it.

I'd like to see Apple release 3.1.1 that reverted to ignoring the setting, but that is the most I would expect to see them offer.



Homunculus
Pipsquack
Premium
join:2000-12-14
Dar al-Harb
reply to Matt3

Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones

Good job Apple!



godlikesme

@unisys.com
reply to Matt3

Re: [iPhone] 3.1 breaks Exchange Sync

All good points Matt. But I can't believe all the people out there who are screaming bloody murder about something like MMS which the lack thereof does not exactly qualify as "missing a critical component" nor does it stop anything from working. It is such an over-hyped feature in the first place!!! Again, I think the absence of new email notifications for messages in subfolders is a much, much, much bigger issue than anything people are complaining about right now. As much as I want Flash, I can "somewhat" understand the issues that might be causing the delay but with the whole subfolder thing there's just no excuse.

I don't want to get too off topic and I do see your point about putting some of the onus on my IT department but don't you think that it's just a tad bit misleading for Apple to announce to the world that the iPhone supports MS Exchange and for a 14 months there are no major hiccups until all of a sudden they push an update that actually enforces hardware encryption without even so much as a warning? If the iPhone is capable of preventing me from accessing my corporate email now because my device doesn't support hardware encryption couldn't a similar test have been performed prior to applying the update in order to warn me in advance?

Getting back to the whole "blame the IT department" I still feel that the information regarding hardware encryption should have been much, much, much more prominent -I'm talking "cigarette label prominent". If this was something that Apple knew they would ultimately have to succumb to then they should have kept customers informed at the time of purchase. There was no reason for anyone to expect that one day their email would work and the next day it wouldn't.


said by godlikesme :

Again, I think the absence of new email notifications for messages in subfolders is a much, much, much bigger issue than anything people are complaining about right now. As much as I want Flash, I can "somewhat" understand the issues that might be causing the delay but with the whole subfolder thing there's just no excuse.
Wrong. You CAN be notified when mail is pushed to a subfolder on the iPhone. To enable this:

tap Settings > Mail, Contacts, Calendars > Fetch New Data > Advanced > [select the account that is Push enabled]

In that window you should see an option to select the folders to push new email to, the default is for the Inbox ONLY.

"Matt" said something about blaming the IT guys for not knowing that pre-3Gs the iPhone didn't support Exchange encryption, fine. But why didn't Apple make it known or mention this themselves beforehand? As an "IT guy" I'm forced to deal with a fleet of 3G users in the field that can't access their e-mail in real time because that's the phone the CEO demanded despite my assertion that it's not the best choice.

Business as usual for Apple just may cost me my job.


NOVA_Guy
ObamaCare Kills Americans
Premium
join:2002-03-05
reply to Daemon

I don't understand how this isn't a bug, if it works fine on the 3GS and fails elsewhere.

Or does this signal that Apple is only interesting in providing crippleware to non 3GS phones? I guess sales of the 3GS didn't go as well as expected for them then, so they have to try to force communities of users to upgrade, whether or not the users feel that it's necessary or even a good deal.
--
Obama lies. His public option forces people into paying more for less coverage, and provides government paid abortion and euthanization while denying treatment and coverage to many others. Read the fine print, it's worse than an cell phone contract.



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to Matt3

Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones

This is not about encryption between the Exchange server and the mobile.

This is about encrypting the cached emails stored on your phone. The same emails that are not encrypted when cached in your web browser when using Outlook Web Access. The same emails that are most likely NOT encrypted when cached in Outlook.

So any company that takes the mobile device encryption without enforcing the same for laptops running Outlook or webmail is fooling itself, and likely doesn't understand the policy impact of accepting Microsoft's default settings.

Not all mobile devices, phones or laptops, are configured to encrypt the email stored (cached) locally on the device. And not all mobile devices (Windows Mobile included) are capable of encrypting locally stored emails.



Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12
reply to NOVA_Guy

Re: [iPhone] 3.1 breaks Exchange Sync

The 3GS has a hardware encryption chip, pre-3GS phones do not.



godlikesme

@unisys.com
reply to ytilanigiroo

I have all those settings configured. I know all about how the push stuff works. Trust me I have researched this subject to death. What I have noticed is that Apple has been incorporating fixes to address this issue in recent releases but hasn't come full circle. When the iPhone 2.2 OS was all the rage the only time you were notified about new messages with the red new message indicator was when they were in your inbox. In addition, no new messages in any of the subfolders were retrieved unless you navigated into each subfolder and clicked refresh. In the next OS release you were no longer required to navigate to each subfolder to refresh their contents. In the release that followed that the phone would vibrate when new messages in both the inbox and/or subfolders came through.

To date however, the only time you actually see any form of "visual" indicator on the mail application icon is when new messages are in the inbox -not subfolders.



godlikesme

@unisys.com
reply to Matt3

I have no control over my Exchange server. I work for a company with like 30,000 employees.

Let's go with the argument that I didn't do my research. However, enforcing hardware encryption was the approach Apple should have taken all along. It would have removed any doubt as to whether or not a customer's MS Exchange servers required it. I would have tried to access my email and received the message I am getting now and known right there and then that the device was not compatible. That would have given me a fair chance to decide whether or not I still wanted to make the purchase. That would have been the right thing to do. Could my IT department have done more research? Perhaps. Could Apple have been more transparent regarding the lack of hardware encryption and it's long-term ramifications? Definitely.

Just to be clear, I could live with a 3.1.2 update that didn't require hardware encryption.

By the way, it's nice to be able to have an intelligent discussion with people and have different opinions without getting flamed like I often see people react on other message boards.



Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12

I agree it was irresponsible of Apple to ignore the setting until now and as I stated earlier, I was under the assumption it WAS honoring the setting. However, I didn't seek a definitive answer when I bought my iPhone, so I hold myself, not Apple, responsible.

Could Apple have been clearer that it didn't support encryption? Absolutely. Do I fault them or think in the grand scheme of things they are ultimately responsible for it? I don't. The information was out there, I just chose not to look for it, so shame on me.



ExchAdmin

@inlink.com
reply to godlikesme

As an Exchange admin, with lots of iPhone users, I was concerned that we would have this issue. It turns out that these encryption settings are _not_ the default on Exchange 2007 SP1, just an optional feature, so our iPhone 3G users have had no difficulties. I hate to say it... but the real problem is not Apple or Microsoft, but your Exchange Adminstrator.