Nokia Mail for Exchange, Exchange and Client Certificates

June 13th, 2009

problem: Mail for Exchange on Nokia mobile phones should authenticate using Client Certificates and username/password against Active Sync of Exchange 2003, to make sure that username/password is not enough to access corporate data.

solution

  1. Create client certificates for the Nokia phones. I did it using Microsoft Certificate server. To do so, go to http://ca-servername/certsrv and "Request a certificate", "User certificate" and hit the submit button (this will create a certificate and the associated private key for the authenticated user). Then hit "Install this certificate" and "yes". Now start "certmgr.msc" (Start\run) and select "Certificate/Current User". Under Personal/Certificates you should find your newly created certificate. Right-click, "All Tasks", "Export...", select "Yes, export the private key" and provide an export password (keep in mind, that you need to enter it on the Nokia phone). Store the .pfx somewhere
  2. Transfer the .pfx file using Nokia PC Suite to the mobile phone
  3. On the nokia phone go: "Menu", "Office", "File Manager" and open the just transferred .pfx file
  4. Enter the export password and select "Save"
  5. Provide a keystorage password (Schlüsselspeicher-Passwort in german). This MUST have a length of 6.
  6. Ok and return to the home screen
  7. Now go: "Menu", "System", "Settings", "General", "Security", "Certificate Management", "Personal Certificates", "Options", "Move to Phone Certificates", "Yes" and enter the keystorage password. This makes sure, the user does not have to enter the password for the private key at every sync.
  8. Configure Mail for Exchange as usual. You should find enough information on google/bing on this topic.

To actually authenticate Mail for Exchange/Phone using the certificate I used ISA 2004.
Create an SSL Listener and enable Authentication using Certificates. Make sure the root certificate (or the cert used for signing your client certs) is installed as "Trusted root certificates" in the "Computer Certificates". I then authenticated against Active Directory and ISA will use NTLM/Integrated Security to authenticate as the actual user against Active Sync. On the Exchange Front-End IIS on the "Microsoft-Server-ActiveSync" directory "Integrated Authentication" must be enabled. I forgot if the ISA server must be trusted for delegation for this scenario, but if you have any trouble, check the logs and google/bing for "Trusted for delegation ISA spn".

Note: this setup still requires the username and password to be correctly configured in Mail for Exchange.

Posted in Exchange, isa, Nokia | 5 Comments »

M-Audio Transit USB installation on Windows 7 build 7100

May 19th, 2009

To install the M-Audio Transit USB driver (Transit_5.10.00.5125v3.exe) on Windows 7 build 7100, mark the executable to run in Vista SP2 compatiblity mode.

Posted in sysop | No Comments »

Mass Install of System Center Operations Manager 2007 Management Package

May 16th, 2009

Download all packages into a folder

for %i in (*.msi) do msiexec /qn /i "%i"

Posted in sysop | No Comments »

CardTerminals.List()

February 25th, 2009

Sample code to list all CardTerminalson your machine:

import javax.smartcardio.*;


public class main

{

	public static void CardTerminalsList(String[] args) throws Exception

	{

		for(CardTerminal ct : TerminalFactory.getDefault().terminals().list())

		{

			System.out.println("Name: '" + ct.getName() + "'");

		}

	}

}

Posted in coding | No Comments »

Unicode on Windows Command Prompt

February 23rd, 2009

chcp 65001

Posted in sysop | No Comments »

Latitude XT2 more items

February 3rd, 2009

In my daily Latitude XT2 search on dell.com another item popped up: Protective Carrying case.

Oh Dell, why do you just leak those things and not release it :(

Although no working n-trig pen under Windows 7 sounds like a no-go.

Posted in hardware | No Comments »

ISA 2006 and Active Directory Replication

January 29th, 2009

environment: The following servers are in place AD1, ISA1, ISA2, AD2. AD1 is behind ISA1; AD2 is behind ISA2; ISA1 and ISA2 are connected via VPN.

ISA 2006 (without SP1)

problem: during dcpromo

The operation failed because:

Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=net on the remote AD DC ad1.contoso.net. Ensure the provided network credentials have sufficient permissions.

"The remote procedure call failed."

solution: Go to to ISA1 and ISA2. Right mouse click the rule responsible for VPN traffic. Select "Configure RFC protocol" and uncheck "Enforce strict RPC compliance"

Updating to ISA 2006 SP1 finally fixed it.

Posted in isa | No Comments »

Latitude XT2 and Windows 7

January 24th, 2009

Based on the release of the manual the most interesting question is: will the multi touch features work in Windows 7?

Update: Thanks to a comment I found the beta package over at n-trig.

BUT it doesn't support 64bit and no pen support (=no Math Input Panel!!!)

Posted in windows 7 | 1 Comment »

VPN connected machine, Active Directory and DNS

January 16th, 2009

environment: AD Server in Sub-Net A, Client in Sub-Net B

problem: Client can't find logon server

solution: I configured 2 dns server. The first one was the remote AD server, the second one a public one.
For some reason Windows favored the public one and could not resolve the logon server. Removing the public one helped.

Posted in sysop | No Comments »

Windows Vista R2 aka Windows 7

January 15th, 2009

I installed it on a Dell XPS Gen2.
The installation took +2h (I guess because of 3 different Visual Studio I have installed and who knows what else).

After restart my display resolution was capped at 1280x1024. This happend because my graphic card (Geforce 6800 Ultra, Dell-branded :( ) was detected as Standard VGA Adapter.

First I called at Microsoftie and complained. Then I started the Device Manager, chose the Standard VGA Adapter and clicked Update Driver. Couple of minutes later the NVidia Driver was downloaded and installed. Know the system works.

Experience so far:

  • Math Input Panel is as cool as I expected. Outputs MathML. Need to check how to integrate this with MediaWiki and I can't wait to get a Latitude XT2.
  • Explorer died once during file copy
  • New task bar is nice.
  • Had to upgrade to Skype 4.0 beta - confusion!
  • Daemon tools is NOT working anymore

Posted in vista | No Comments »

« Older Entries
Newer Entries »