Mobile Windows News |  Podcasts |  Videos | Search | Forums | Site News

ActiveSync 4.1 Troubleshooting guide published March 22, 2006 [General] | By Edward J. R. ActiveSync is an application for Windows XP for synchronization of data between PC and Windows Mobile device and application that makes it possible to copy files to the device by drag and drop. Unfortunately Microsoft is not innovative enough (even now, 4 years after first MS Smartphone was launched) to embed "logical disk" feature in Windows Mobile, so that people could copy files without the need for ActiveSync... so for all users of Windows Mobile ActiveSync is a must. Jason Langridge from Microsoft UK writes: In Activesync 4.1 we changed the sync model from a serial type sync to an RNDIS model for synchronisation. This change whilst very positive for most customers has caused some issues with those companies using Personal Firewalls as the device appears like a network connection talking to your PC. ... so we publish here a guide to resolve these issues: * * * * * Troubleshoot ActiveSync 4.1 problems This document recommends best practices to IT departments for configuring their local environments for Windows Mobile-based devices connecting to PCs running ActiveSync 4.1. The recommended practices should pose a relatively small security risk. Following are solutions to problems connecting to a PC that is running ActiveSync 4.1. Problem: Windows Mobile-based devices cannot connect to PCs running ActiveSync 4.1. Potential cause: A firewall application may be blocking ActiveSync processes and/or ports. Solutions: 1. Add the following processes to the application exception list of the firewall utility: Wcescomm.exe WcesMgr.exe RAPIMgr.exe CEAPPMGR.exe Many firewall vendors provide application exception lists that already contain ActiveSync processes. Following is an example of an application exception list within Windows Firewall. Additionally, open port 26675 (open inbound TCP port) in the firewall utility for all applications. You should also specify the scope for the port. Scope is either "*" (for all networks) or a comma-separated list that contains any combination of the following: IP addresses, such as 10.0.0.1 Subnet descriptions, such as 10.2.3.0/24 The string "local subnet" Security risk: Low. 2. Open the following ports for all applications in the firewall utility: 990 – open inbound TCP port 999 – open inbound TCP port 5678 – open inbound TCP port 5679 – open outbound UDP port 5721 – open inbound TCP port 26675 – open inbound TCP port Security risk: Moderate. The ports remain open and applications on the host PC that use these ports are more vulnerable to external attacks. To further reduce risk, specify the scope for port 26675 as described in solution 1. Potential cause: An antivirus application may be blocking ActiveSync processes. Solution: Configure the antivirus application to allow the following processes: CeAppMgr FormInst DBAccess Security risk: Low. Configure the antivirus application to allow scripting to enable Windows Mobile-based devices to sync with Microsoft Outlook on the PC. Security risk: Moderate. Potential cause: IPSec or other IT policy or startup script under which new network interfaces are not allowed. Solution: Deploy an IPSec policy to workstations that allow 169.254.x.x traffic. 169.254.x.x is a local link address that is not routable (if your network enforces this as a local link). This is similar to “split-tunneling” that allows printers to start up on a network. This policy should not be deployed to high-security servers such as domain controllers; it should be deployed only to workstations where it is reasonable that a user would attempt to run ActiveSync. Security risk: Low. To attack a workstation to which the IPSec policy described above has been deployed, the attacker would need either physical access to the workstation’s network cabling or remote administrator-level access to the network switch through which the workstation connects. With such access, the attacker could cause the workstation to get an automatically configured IP address on its Ethernet network interface, and then use the attacker’s computer to communicate through that interface. Potential cause: ActiveSync bypasses the default Layered Service Provider (LSP) in the Windows TCP/IP handler. Solution: When other applications install additional LSPs, it can cause earlier versions of ActiveSync to have trouble connecting to the device. To avoid that problem, ActiveSync 4.1 now binds only to the Microsoft TCP/UDP provider, bypassing any subsequently installed LSPs. However, you may want to force ActiveSync to use the default LSP; for example, when it is necessary for firewall protection. After doing this, you may then have to add ActiveSync processes to the firewall application exception list. This is described in solution 1 in this document. To force ActiveSync 4.1 to use the default LSP, set the REG_DWORD value of the following registry key to any value other than zero. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services\AllowLSP Security risk: Low. This setting is used only by ActiveSync processes. * * * * * Source and more information on this topic (including this guide in Word format) is available here. Post your comment (free registration is required to post, but if you register you can edit your posts later) << Previous Story Next Story >>

Some of our Reviews (phones): Some of our Reviews (software): 3G video calling Live Messenger MS Push Email SlingPlayer over WiFi SlingPlayer over UMTS Opera browser

Mobile Windows News |  Podcasts |  Videos | Search | Forums | Site News

Submit news | About us | Contact us | Windows Mobile podcasts | All Windows Mobile news | RSS/XML Feed

Our friends: MoDaCo, CoolSmartphone.com, SmartphoneThoughts, MSMobileNews, Bink.nu - Microsoft news,  pdaPhoneHome.com.

Copyright © 2002-2008 by msmobiles.com. All rights reserved.
This site is not affiliated with Microsoft Corporation.