The Geek Lamp is lit.
I had a loong evening a couple of weeks ago struggling to get my shiny new Motorola Droid (running Android 2.1) to synchronize Contacts, Calendar and Mail with my Microsoft Exchange 2007 server. Although I love the phone as a stand-alone phone, obviously for work purposes the ability to sync and sync properly with Exchange is a make-or-break feature.
There have been numerous reports of issues with Exchange synchronization and Droids. I spent the better part of yesterday afternoon and well into the night pouring over them. In the end my problem was simply a faulty configuration of the firewall rule that prevented the Droid from making an SSL connection to our server on port 443. Doh!
In fact, most of the issues I read about seem to involve server configuration problems, not Droid feature related. Once I got my server configuration and firewall settings sorted, everything worked a treat with no third party applications required.
If you are an end-user without control of your company’s servers, most of this will be useless to you. For Exchange admins, here is the rundown.
System Requirements
- Exchange 2000 Not supported.
- Exchange 2003 Service Pack 2 required. I would recommend at least R2. But if you don’t have R2 and it doesn’t work, you are probably going to want to upgrade to 2007 anyway.
- Exchange 2007 Service Pack 2 required.
Sync Methodology
Droid prefers Exchange ActiveSync. This will produce the best results with regards to synchronization of sub-folders and inclusion of attachments.
SSL is supported. Forms-based authentication with Active Sync is not. See the awesome Daniel Petri for a breakdown of your options and implementation. They are basically: turn off forms-based authentication (bad!), install a dedicated front-end server (very good but expensive), create a virtual OWA directory that does not require FBA (okay but kind of tricky).
Also not supported: Pasword security and remote wipe. (As of Android 2.1) Be aware that these are deal-breakers for many businesses that have strict regulatory requirements.
Client Certificates are a bit of a problem. There are work-arounds. Manual install of certs can be an issue. The consensus seems to be to configure Outlook Web Access to push a certificate to the client. Then use the Droid browser to go the OWA site and accept the cert.
Configuration
The official Motorola Exchange configuration settings are here. It breaks down like this:
- Exchange 2003 SP3
- In Exchange System Manager expand Global Settings. Select Mobile Services and get properties.
- Make sure the Enable Unsupported Devices box is checked. Click the Device Security button.
- In the Device Security dialog check the bottom option, Allow access to devices that do not fully support password settings. Note, this will not affect devices that support the other features. They will still be enforced.
- Exchange 2007 SP2
- Open Exchange Management Console, expand Organization Configuration, then Client Access
- You will need to either change or create a new Active Sync Mailbox Policy by checking the box, “Allow non-provisionable devices.” This setting and policy will not affect other devices that do fully support Exchange security policies. They will continue to function normally.
- If you changed the default policy you are done, otherwise proceed to the next step.
- Now go to Recipient Configuration and select the mailbox(es) that you wish to allow Droid access. Select the mailbox properties, then the mailbox features tab, select Active Sync and click the properties button.
- If you created a new policy, apply the new non-provisioned device policy to this mailbox. Apply, close all windows.
Once I got that all done the Droid mail, calendar and contacts all synchronized flawlessly, including sub-folders using the native programs. I get my attachments properly and the push synchronization works fairly well. Sometimes I do have to manually refresh the link. I haven’t tried out-of-office yet.
For some users whose Excahnge servers and profiles are just too… weird for the native Droid apps, Nitro Desk makes a very good third-party Exchange sync and mail-calendar-contact-task management app called Touchdown. A 30 day demo is free on the Marketplace but the full version is $19.99.
Troubleshooting
- The Exchange Remote Connectivity Analyzer is awesome. It provides a test bed for the authentication methodologies available to Droid and gives connection logs that can help pinpoint problems. In my case it was the tool that told me that the server was not responding to requests to set up the SSL connection.
- In order for folders to sync they have to be nested within the Inbox. Folders outside of that hierarchy may not sync at all.
