Windows Mobile 6 Exchange/VPN Woes

As I mentioned previously, I recently purchased a SmartPhone from T-Mobile. I played around for some time trying to get my VPN to work setup, and no matter what I did, I was unable to connect to anything internal to my work’s network. Most importantly, I couldn’t connect to the inside interface of our Exchange server. I suspect that 90% of the time, the VPN would be used for e-mail, so I pursued the concept of using the Windows Mobile option to check my Exchange e-mail through the OWA (Outlook Web Access) page. Since I can normally check my mail from anywhere through a web browser this way I figured it would be no problem. Unfortunately, Windows Mobile expects the OWA to be a direct sub-domain with no extra folders at the end of the URL. Our company routes the OWA through the company Extranet and consequently, the URL to access it is something like – which I enter and hit save. Windows Mobile would only keep the name saved in it’s settings, which obviously wouldn’t work. Even entering the information through ActiveSync and setting it up that way caused the same problem. (This was also the case in Windows Mobile 5, I was really hoping it would work once I upgraded to WM6, but no luck.)

So I went back to the VPN idea, since it is the correct solution for my environment anyway. After searching through all of the support pages on T-Mobile and not finding any documentation on properly setting up a VPN on the phone, I turned to Google and searched the web. I could not find any documentation or solutions – even on Microsoft’s site – which is still focusing on Windows Media 5. I did find this though:

The procedure for Windows Mobile based Smartphones is again different:

* (It is even so different that I don’t know how to do it! Microsoft has made it completely non-intuitive to start a connection. It probably has something to do with the “Source network” and the “Destination network” mentioned above. If you know how to do it, contact me!)
* The following was provided to me by Marko Clemente. Enable your wireless connection. Edit the settings of your wireless connection and select “Private/Work network” (not: “Internet”). Create your L2TP/IPsec connection as described in the previous section. At the “Connects from:” setting, select “Work”. At the “Connects to:” setting, select “The Internet”. You may also have to use an IP address as your server address, not a FQDN.

If the connection fails or a time-out occurs you get a fairly generic error window: “VPN server problems. Verify your username and password, and try again. If the problem continues, turn the device off and try again”. (Typical for Microsoft! :-) This is a catch-all error message and its cause can be anything: a missing certificate, wrong username, wrong password, VPN server cannot be found, incorrect IP address, hostname does not resolve etc. There is very little logging and error reporting on Windows Mobile devices. It’s probably easier to start by examining the logs on the VPN server. You could even follow Microsoft’s advice and turn the device off and on. One user reported that soft-resetting the Windows Mobile device may resolve the problem (remember: a hard reset wipes all your data so that is probably not what you are looking for).

If you find that the VPN is disconnected immediately after you try to access network resources on the VPN, you may have got to fiddle with your device’s Connection Manager settings. The Connection Manager that Microsoft implemented has a flawed logic and defies Internet routing standards. It has led many people to despair. Some tips are available on the Pocket PC Magazine website.

So, I decided to be a typical end-user and tried calling the vendor. After a couple minutes with their front line support, and one attempt at telling me to go to my IT dept to find out the VPN settings, the technician passed me onto to the next level of support. I talked to a guy in their “third level” support for about 50 minutes, listening to him struggle through random documentation on different OS versions and phones, before declaring that “they were unable to support me any further”, that “since [I was] able to connect to the Internet, obviously the phone was working”. I asked to have the problem escalated and was told that there was nothing else that they could do. I expressed my distaste in their ability to support their product and got off the phone.

So now I’m back to square one. My next angle will be looking for additional programs that I might be able to install to give me the information I need. Something like a network manager (so far I haven’t found away to connect or enable the VPN) or perhaps an Event/Log Viewer of some kind that might give me an idea of what is not configured correctly. There is also still some hope that Microsoft has buried in it’s developers documentation how the VPN is supposed to work.

UPDATE (July 2007): I found that our Exchange Administrators had an IMAP4 connection setup, so I used that and haven’t gone back to figure out the rest.

UPDATE (Dec 2007): Our Exchange Administrators have now upgraded the Exchange servers from Exchange 2000 to the new Exchange 2007 with much better support for SmartPhones with ActiveSync. It is awesome! I love it! Along with the the upgrade the Exchange OWA has it’s own FQDN, without the requirements of adding the OWA subdirectory. ActiveSync connects right up to it and you can sync your e-mail on whatever schedule you want or manually. (Although unless you are traveling or something, it uses more battery then it is worth to have it sync as soon as you have a new message – what is often referred to as Push Mail.)

1 comment

Leave a Reply to Kevin Pendleton Cancel reply

Your email address will not be published. Required fields are marked *