New phone, new hassles. Same old same old. Due to a corporate discount opportunity, I’ve picked up a nifty little HTC Apache PDA/Phone attached to the local monopoly carrier’s EVDO system. Sweet, I thought, MS Exchange activesync over EVDO will mean I’m never out of touch.
Activesync under Windows Mobile 5.0 is streets ahead of PocketPC 2003SE (the previous OS), allowing for clean syncronisation with multiple ‘partners’, and remote sync with Exchange 2003 over SSL. Great stuff, except the SSL sync does not allow for wildcard SSL certificates. Crazy as it sounds, corporations that use a wildcard cert (e.g. *.corporation.com) to cover multiple SSL sites (e.g. mail, webmail, activesync) will not be able to provide mobile sync support to WM5 devices.
Thankfully there is a workaround. As long as you have permissions on your device, you can modify the registry such that Activesync will not check the validity of an SSL certificate before commencing an SSL connection. The security implications of this are obvious, but as long as you trust your system admins, and bank on the fact that no one will hijack your server’s sync DNS address, then it should be fine. So, grab your PPC registry editor of choice, navigate to HKCU\Software\Microsoft\Activesync\Partners\, determine which of the ‘Partners’ subkeys is your mobile exchange server (hunt through and you should see your mobile Exchange URL under one of the keys), then add a DWORD value named ‘Secure’ with a value of 0. Bingo.
Ugly hack, but it worked for me.? Unsure if this is a WM5 global thing, or just for HTC devices, or even just for this one HTC Apache.