Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
 ·North State Commun..
1 edit | [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones
Nice |
|
|
ArchAngel21x
MacFan Pro
Premium
join:2001-10-28
Lincoln, NE | Re: [iPhone] 3.1 breaks Exchange Sync
Thanks for the heads up. I will wait on the update. |
|
Daemon
Premium
join:2003-06-29
San Francisco, CA
 ·Comcast
2 edits | reply to Matt
Happens at my work too. I suspect it's an exchange server setting requiring encryption on the device, which works fine for blackberries and iPhone 3GS's, which support it.
In iPhone 3.0 and earlier, iPhones simply ignored the policy setting, but now the 3GS supports it, it's a subtle move telling enterprises that if they want encryption, upgrade to 3GS.
I'm not sure if Exchange even has a 'use encryption if you have it, otherwise don't' setting. It might be 'don't care at all' versus 'have to have it'. My work is not going to be happy if they have to relax the encryption requirement on all mobile devices.
The apple discussion thread is hilarious. It's a combination of 'me too', 'help', and 'delete the account and re-add' posts. Nothing constructive.
edit: »technet.microsoft.com/en-us/libr···484.aspx
I'm almost sure I'm right now. There are both 'enable device encryption' and 'require device encryption' boxes. All my server admin has to do is keep the former and disable the latter and things should work again.
This is NOT a bug on Apple's part. Administrators that really want to FORCE encryption probably do not want old iphones connecting. The old behavior, of simply ignoring the policy, was a bug. From a bit of basic googling, it seems the new setting was added in 2007 SP1, so it seems like 3.1 just updates to a new revision of active sync. So maybe it was not technically a bug when 3.0 came out, but it would be now.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC | Hrm, luckily I'm the Exchange 2007 Admin and I do believe there is a policy setting for encryption on mobile devices. I always assumed that my iPhone honored that setting ... I'm going to investigate now. |
|
Daemon
Premium
join:2003-06-29
San Francisco, CA
·Comcast
| said by Matt  :Hrm, luckily I'm the Exchange 2007 Admin and I do believe there is a policy setting for encryption on mobile devices. I always assumed that my iPhone honored that setting ... I'm going to investigate now. See my edit above, which was a simulpost with yours.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
1 edit | 
Activesync Policies |
said by Daemon :said by Matt :Hrm, luckily I'm the Exchange 2007 Admin and I do believe there is a policy setting for encryption on mobile devices. I always assumed that my iPhone honored that setting ... I'm going to investigate now. See my edit above, which was a simulpost with yours. Yep, I just turned it off and now I can connect.
For any Exchange 2007 Admins, you need to go into your Organization Configuration - Client Access, right click the policy you have configured for your Exchange Activesync Mailbox Policies, and disable Require encryption on the device.
I'm not that concerned about it, because remote wipe is still supported, but I can see how there will be an outcry about it, especially since there was no advance warning that anything previous to the 3GS would suddenly fail. That setting is the default in Exchange 2007. |
|
Daemon
Premium
join:2003-06-29
San Francisco, CA
·Comcast
1 edit | said by Matt : That setting is the default in Exchange 2007. Previous versions of Microsoft would have thought 'requiring X when not all devices in Y may support X would break stuff, so we'll disable it by default for maximum compatibility'. New Microsoft says 'leaving X off by default may cause many people to never enable it, leaving things less secure, so we'll turn it on by default'.
My perspective is the new M.O. is a good thing-- make people acutely aware that allowing compatibility may cause security holes.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| said by Daemon :said by Matt : That setting is the default in Exchange 2007. Previous versions of Microsoft would have thought 'requiring X when not all devices in Y may support X would break stuff, so we'll disable it by default for maximum compatibility'. New Microsoft says 'leaving X as an option by default may cause many people to never enable it, leaving things less secure, so we'll turn it on by default'. My perspective is the new M.O. is a good thing-- make people acutely aware that allowing compatibility may cause security holes. I agree. Also, as far as I know, there are only two mobile devices that support Activesync anyway, Windows Mobile and the iPhone, so it's completely possible Apple and Microsoft didn't communicate on this one. I still wouldn't be surprised to see a 3.1.1 that reverts to ignoring that setting on pre-3GS models.
It would certainly make me happier.  |
|
Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY | reply to Matt
Thanks for the tip. I just checked our Exchange server and Encryption was already disabled, so it looks like I won't be getting a bunch of calls tomorrow afterall.
--
University of Southern California - Class of 2010. Fight On! |
|
godlikesme
@unisys.com
| reply to Matt
Not to jump the gun here or anything but I think this may be grounds for a class-action lawsuit for 3G owners. I purchased the 3G back in December of 2008 only because I was told it supported MS Exchange. There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. Had I known that I would never have purchased the iPhone -or I at least would have waited until a newer model that did support hardware encrption was released. For apple to just have the iPhone 3G ignore the policy and make users think everything was fine is wrong. In hindsight it appears as if they released a half-baked product that barely met the minimum requirements to support MS Exchange in order to get it into corporate customers hands and turn up the heat on RIM before it was too late. In the last year Apple probably started getting called out on the issue of hardware encryption which was a huge (but understated) feature of the 3GS. My guess is that they probably didn't want to make a big fuss about the importance of hardware encryption at the 3GS launch because it would have prompted 3G owners to question what their fate would be once the policy was enforced. Apple on their end didn't want to spoil the launch party with angry 3G customers so they decided to wait on actually updating the software on the iPhone OS until sometime later when more people would start using the 3GS.
Either way, this is bad news for all the 3G corporate users out there and something must be done. Anyone for starting a petition? |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Hardly a class-action lawsuit case here. |
|
Daemon
Premium
join:2003-06-29
San Francisco, CA
·Comcast
| reply to godlikesme
said by godlikesme :
Not to jump the gun here or anything but I think this may be grounds for a class-action lawsuit for 3G owners. [snip] There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. [snip] Either way, this is bad news for all the 3G corporate users out there and something must be done. Anyone for starting a petition?
Sorry, but not documenting that a feature is absent is not grounds for a class action lawsuit. The iPhone also didn't support MMS for a long time, still requires multiple inboxes instead of a unified inbox, is not linux compatible, etc etc. Should we start several class action lawsuits?
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for |
|
godlikesme
@unisys.com
| reply to ptrowski
With all due respect, why not?
If an official workaround cannot be provided that meets the security standards of all IT departments then how are iPhone 3G owners going to access MS Exchange email?
I am not saying that Apple's decision to enforce the encryption policy is wrong. On the contrary, it's a very positive step in the right direction and will only increase the iPhone's prominence in the corporate world for both current and potential customers.
The issue I have with Apple was their approach.
The whole transition to digital TV provides the perfect example. People really had no excuse for not knowing about it and if they went out and purchased a TV set without a digital tuner it was their own damn fault. If however, consumers would have been misled or if the government never told anyone that analog TV would be turned off and continued to let consumers blindly purchase soon-to-be obsolete televisions, that would be flat out wrong.
At least with digital TV if the consumer was totally out of touch with society or in a coma for the last few years they could always purchase a converter box or get cable if they had to.
But with the iPhone 3G -no such luck. Asking the IT department of a major corporation or government agency to relax it's security settings for individual users would be like forcing TV stations to continue broadcasting in analog.
You are entitled to your opinion but I feel pretty cheated. |
|
darcilicious
Cyber Librarian
Premium
join:2001-01-02
Forest Grove, OR | said by godlikesme :
You are entitled to your opinion but I feel pretty cheated.
And that's all it takes to win file a class action suit. |
|
godlikesme
@unisys.com
| reply to Daemon
True, but for starters people have already started filing lawsuits against AT&T for the whole MMS thing and as for whether or not I'm justified in suing a company for not documenting or supporting a feature is not my argument. All of the things you mentioned can be supported with software updates. My argument is that Apple sold me a product that will never support hardware encryption just like it will never have a digital compass. The only difference is that I knew the 3G didn't have a digital compass and that it's absence won't prevent me from using Google Maps after future updates are applied. Although after this experience I'm not so sure. 
Apple stated that the iPhone 3G supports MS Exchange. It may do a poor job of doing it and there may be many features that it does not currently implement but none of them actually prevent me from accessing my corporate email. This 3.1.1 update completely screws iPhone 3G owners. Period. |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
1 edit | reply to godlikesme
said by godlikesme :
I purchased the 3G back in December of 2008 only because I was told it supported MS Exchange. There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. I know this may sound Troll'ish, so I apologize, but just because your IT Department can't use Google doesn't mean you can start a class action lawsuit. A simple Google search shows that the iPhone 3G doesn't support data encryption with Exchange: »www.google.com/#hl=en&source=hp&···7f87ed47
The iPhone supports Exchange just fine, what it doesn't support is a single feature added in SP1 as Daemon noted. No one is forcing Exchange-based organizations to use pre-3GS iPhones. You can't sue or start a class-action lawsuit because you didn't perform due diligence before deploying iPhones in your organization.
What you can do is fire the member of your IT staff who didn't perform the necessary research, or lied and said the device supported encryption when in fact it never has, if encryption is that important to you.
|
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Great post, Matt. |
|
godlikesme
@unisys.com
| reply to darcilicious
Maybe I am over-reacting a bit. It's barely been 24 hours since the update was released and I should at least give Apple a chance to respond to the issue.
If a reasonable solution can be implemented then great. I would be totally amicable to some form of settlement that would either allow me to get out of my contract without penalty or upgrade to a 3GS for free or at a reduced price. I am a reasonable person. I have been using my current iPhone for almost 10 months and it wouldn't be fair for me to demand a "free iPhone 3GS". Perhaps Apple could have some sort of "Exchange for Exchange (i.e. MS Exchange)" program. |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
 ·VOIPo
·Metrocast Communic..
·AT&T DSL Service
·ViaTalk
| said by godlikesme :
Maybe I am over-reacting a bit. It's barely been 24 hours since the update was released and I should at least give Apple a chance to respond to the issue.
If a reasonable solution can be implemented then great. I would be totally amicable to some form of settlement that would either allow me to get out of my contract without penalty or upgrade to a 3GS for free or at a reduced price. I am a reasonable person. I have been using my current iPhone for almost 10 months and it wouldn't be fair for me to demand a "free iPhone 3GS". Perhaps Apple could have some sort of "Exchange for Exchange (i.e. MS Exchange)" program.
Give it some time. But I would expect that your forms of settlement would come around once hell freezes over.
--
"So, Lone Starr, now you see that evil will always triumph because good is dumb."
Have you been touched by his noodly appendage? »www.venganza.org |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| reply to godlikesme
Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one. You can disable forced encryption and your phone will work fine, so this is a non-issue. I know for Windows Mobile phones, you can still enable encryption on the device itself. It's likely you could even create two different Activesync Policies on your Exchange Server, one specifically for your iPhone devices that doesn't force encryption and another for other mobile devices that does force it.
I'd like to see Apple release 3.1.1 that reverted to ignoring the setting, but that is the most I would expect to see them offer. |
|
