Windows Mobile 6 Exchange/VPN Woes

As I mentioned previously, I recently purchased a SmartPhone from T-Mobile. I played around for some time trying to get my VPN to work setup, and no matter what I did, I was unable to connect to anything internal to my work’s network. Most importantly, I couldn’t connect to the inside interface of our Exchange server. I suspect that 90% of the time, the VPN would be used for e-mail, so I pursued the concept of using the Windows Mobile option to check my Exchange e-mail through the OWA (Outlook Web Access) page. Since I can normally check my mail from anywhere through a web browser this way I figured it would be no problem. Unfortunately, Windows Mobile expects the OWA to be a direct sub-domain with no extra folders at the end of the URL. Our company routes the OWA through the company Extranet and consequently, the URL to access it is something like https://www.domain.com/Exchange/ – which I enter and hit save. Windows Mobile would only keep the name www.domain.com saved in it’s settings, which obviously wouldn’t work. Even entering the information through ActiveSync and setting it up that way caused the same problem. (This was also the case in Windows Mobile 5, I was really hoping it would work once I upgraded to WM6, but no luck.)

So I went back to the VPN idea, since it is the correct solution for my environment anyway. After searching through all of the support pages on T-Mobile and not finding any documentation on properly setting up a VPN on the phone, I turned to Google and searched the web. I could not find any documentation or solutions – even on Microsoft’s site – which is still focusing on Windows Media 5. I did find this though:

The procedure for Windows Mobile based Smartphones is again different:

* (It is even so different that I don’t know how to do it! Microsoft has made it completely non-intuitive to start a connection. It probably has something to do with the “Source network” and the “Destination network” mentioned above. If you know how to do it, contact me!)
* The following was provided to me by Marko Clemente. Enable your wireless connection. Edit the settings of your wireless connection and select “Private/Work network” (not: “Internet”). Create your L2TP/IPsec connection as described in the previous section. At the “Connects from:” setting, select “Work”. At the “Connects to:” setting, select “The Internet”. You may also have to use an IP address as your server address, not a FQDN.

If the connection fails or a time-out occurs you get a fairly generic error window: “VPN server problems. Verify your username and password, and try again. If the problem continues, turn the device off and try again”. (Typical for Microsoft! :-) This is a catch-all error message and its cause can be anything: a missing certificate, wrong username, wrong password, VPN server cannot be found, incorrect IP address, hostname does not resolve etc. There is very little logging and error reporting on Windows Mobile devices. It’s probably easier to start by examining the logs on the VPN server. You could even follow Microsoft’s advice and turn the device off and on. One user reported that soft-resetting the Windows Mobile device may resolve the problem (remember: a hard reset wipes all your data so that is probably not what you are looking for).

If you find that the VPN is disconnected immediately after you try to access network resources on the VPN, you may have got to fiddle with your device’s Connection Manager settings. The Connection Manager that Microsoft implemented has a flawed logic and defies Internet routing standards. It has led many people to despair. Some tips are available on the Pocket PC Magazine website.

So, I decided to be a typical end-user and tried calling the vendor. After a couple minutes with their front line support, and one attempt at telling me to go to my IT dept to find out the VPN settings, the technician passed me onto to the next level of support. I talked to a guy in their “third level” support for about 50 minutes, listening to him struggle through random documentation on different OS versions and phones, before declaring that “they were unable to support me any further”, that “since [I was] able to connect to the Internet, obviously the phone was working”. I asked to have the problem escalated and was told that there was nothing else that they could do. I expressed my distaste in their ability to support their product and got off the phone.

So now I’m back to square one. My next angle will be looking for additional programs that I might be able to install to give me the information I need. Something like a network manager (so far I haven’t found away to connect or enable the VPN) or perhaps an Event/Log Viewer of some kind that might give me an idea of what is not configured correctly. There is also still some hope that Microsoft has buried in it’s developers documentation how the VPN is supposed to work.

UPDATE (July 2007): I found that our Exchange Administrators had an IMAP4 connection setup, so I used that and haven’t gone back to figure out the rest.

UPDATE (Dec 2007): Our Exchange Administrators have now upgraded the Exchange servers from Exchange 2000 to the new Exchange 2007 with much better support for SmartPhones with ActiveSync. It is awesome! I love it! Along with the the upgrade the Exchange OWA has it’s own FQDN, without the requirements of adding the OWA subdirectory. ActiveSync connects right up to it and you can sync your e-mail on whatever schedule you want or manually. (Although unless you are traveling or something, it uses more battery then it is worth to have it sync as soon as you have a new message – what is often referred to as Push Mail.)

T-Mobile Dash

So I just recently got a new phone and have upgraded to a SmartPhone with Internet access, etc., so that I can check my e-mail from anywhere. I got the T-Mobile Dash, starting playing with it and then found that I could upgrade the OS from Windows Mobile 5 to 6 for free. I went ahead and upgraded, which was supposed to delete all the data off of my phone, which was good, since I had setup all kinds of stuff that didn’t really work they way I wanted it to. The biggest problem was that somehow I had set the phone to check my e-mail and then send it to me as a text message (I still have no idea how I managed to do that, since I wanted it to come over the Internet plan as e-mail. from what I can tell, the feature was probably called e-mail triggers or something.)

So imagine my surprise, when after the upgrade I start getting text messages again from my e-mail address that I hadn’t even setup yet after the upgrade! Come to find out, all of the e-mail information is stored on T-Mobile’s servers. (You can even log into their web interface to check your mail if you don’t like the interface your ISP gives you.)  They setup your email account on their servers and then “push” out new messages to you as text messages. It took forever to find how to modify this on T-Mobile’s site, so I’ll save you the hassle and give the link here (make sure you login to my.t-mobile.com first):

https://my.t-mobile.com/PartnerServices.aspx?service=MyEmail

I ended up deleting the account and will set it back up again through the phone. I’m hoping this time I choose the right answers so it just downloads my mail through POP3 like I originally wanted.  I still can’t figure out who really likes having t-mobile send them a text message every single time they get an email, night or day – especially, if you receive paging alerts that you actually need to get.

Next task? Figure out how to get the VPN options to work correctly so I can check my work e-mail remotely….

Valid return code from system()

In the past when programming in Perl, and used the system() call or function to run something on the local OS, I would use something like this:

$rc = system($command);
if ($rc){ print "$command returned $rc\n";}

Recently, I was reviewing someone else’s code and noticed that they did the same thing this way:

system($command);
if (($? >> 8) != 0) { print STDERR "$command exited with code $?, aborting\n";}

I was curious why they were using a bitwise shift right to the system’s return code. After some research, I found that this is the proper way to find the actual response from the command you ran. The reason for this is that the system call relies on the operating system’s wait() call. The wait call returns 16 bits (two bytes), the bottom 8 bits (or low byte) contains system information (kill signals, program dumps, etc.) and the top 8 bits (or high byte) contains the actual exit value of the command. So by shifting the result 8 positions, the extra low byte information is removed and you are left with the important value about success or failure of the external command.

This should be uniform across all operating systems, but here is the important sections from the man page for the wait call on a Solaris 9 machine:

o If the child process stopped, the high order 8 bits of status will contain the number of the signal that caused the process to stop and the low order 8 bits will be set equal to WSTOPFLG.

o If the child process terminated due to an _exit() call, the low order 8 bits of status will be 0 and the high order 8 bits will contain the low order 8 bits of the argument that the child process passed to _exit(); see exit(2).

o If the child process terminated due to a signal, the high order 8 bits of status will be 0 and the low order 8 bits will contain the number of the signal that caused the termination. In addition, if WCOREFLG is set, a “core image” will have been produced; see signal(3HEAD) and wstat(3XFN).

Netmasks (Subnet Masks), CIDR, and Hosts

 

Netmask Inverse /CIDR Usable IP Addresses
0.0.0.0 255.255.255.255 /0 4,294,967,294
128.0.0.0 127.255.255.255 /1 2,147,483,646
192.0.0.0 63.255.255.255 /2 1,073,741,822
224.0.0.0 31.255.255.255 /3 536,870,910
240.0.0.0 15.255.255.255 /4 268,435,454
248.0.0.0 7.255.255.255 /5 134,217,726
252.0.0.0 3.255.255.255 /6 67,108,862
254.0.0.0 1.255.255.255 /7 33,554,430
255.0.0.0 0.255.255.255 /8 16,777,214
255.128.0.0 0.127.255.255 /9 8,388,606
255.192.0.0 0.63.255.255 /10 4,194,302
255.224.0.0 0.31.255.255 /11 2,097,150
255.240.0.0 0.15.255.255 /12 1,048,574
255.248.0.0 0.7.255.255 /13 524,286
255.252.0.0 0.3.255.255 /14 262,142
255.254.0.0 0.1.255.255 /15 131,070
255.255.0.0 0.0.255.255 /16 65,534
255.255.128.0 0.0.127.255 /17 32,766
255.255.192.0 0.0.63.255 /18 16,382
255.255.224.0 0.0.31.255 /19 8,190
255.255.240.0 0.0.15.255 /20 4,094
255.255.248.0 0.0.7.255 /21 2,046
255.255.252.0 0.0.3.255 /22 1,022
255.255.254.0 0.0.1.255 /23 510
255.255.255.0 0.0.0.255 /24 254
255.255.255.128 0.0.0.127 /25 126
255.255.255.192 0.0.0.63 /26 62
255.255.255.224 0.0.0.31 /27 30
255.255.255.240 0.0.0.15 /28 14
255.255.255.248 0.0.0.7 /29 6
255.255.255.252 0.0.0.3 /30 2
255.255.255.254 0.0.0.1 /31 0
255.255.255.255 0.0.0.0 /32 1

Postfix commands

Check your queues (quick hack for more then mailq):

for i in active deferred hold incoming; do echo -n $i:; find /var/spool/postfix/$i -type f | wc -l; done

Force queue to re-process mail:

postqueue -c /path/to/postfix/ -f

Rebuild alias database:

postalias /path/to/postfix/aliases

Rebuild transport table:

postmap /path/to/postfix/transport