• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
    • Stephen Foskett
      • My Publications
        • Urban Forms in Suburbia: The Rise of the Edge City
      • Storage Magazine Columns
      • Whitepapers
      • Multimedia
      • Speaking Engagements
    • Services
    • Disclosures
  • Categories
    • Apple
    • Ask a Pack Rat
    • Computer History
    • Deals
    • Enterprise storage
    • Events
    • Personal
    • Photography
    • Terabyte home
    • Virtual Storage
  • Guides
    • The iPhone Exchange ActiveSync Guide
      • The iPhone Exchange ActiveSync Troubleshooting Guide
    • The iPad Exchange ActiveSync Guide
      • iPad Exchange ActiveSync Troubleshooting Guide
    • Toolbox
      • Power Over Ethernet Calculator
      • EMC Symmetrix WWN Calculator
      • EMC Symmetrix TimeFinder DOS Batch File
    • Linux Logical Volume Manager Walkthrough
  • Calendar

Stephen Foskett, Pack Rat

Understanding the accumulation of data

You are here: Home / Everything / Apple / How iPhone OS 3.1 Locked Some Out Of Exchange, And How To Fix It

How iPhone OS 3.1 Locked Some Out Of Exchange, And How To Fix It

December 1, 2009 By Stephen Leave a Comment

This blog post is probably out of date. If you want to set up Exchange ActiveSync, you should instead consult one my guides:
iPhone Exchange ActiveSync Setup iPad Exchange ActiveSync Setup
iPhone ActiveSync Troubleshooting iPad ActiveSync Troubleshooting

icon_lock20090625 Is your non-3GS iPhone locked out of your Exchange 2007 ActiveSync server after upgrading to iPhone OS 3.1? It’s a feature, not a bug! Here’s how to get older iPhones up and running with Exchange Server 2007 SP1!

What’s The Problem?

Microsoft Exchange Server 2007 SP1 added a feature to require mobile ActiveSync devices to encrypt data, enhancing security. Before iPhone OS 3.1, all iPhones incorrectly told the Exchange server that they supported on-device encryption. This allowed all iPhone hardware to function with Exchange 2007 SP1 servers that required device encryption. But original and 3G iPhones do not support device encryption, undermining corporate security policies.

The iPhone 3GS hardware actually does support device encryption, and iPhone OS 3.1 correctly reports this capability. But iPhone OS 3.1 also (correctly) reports that earlier hardware (the original iPhone and the iPhone 3G) does not support device encryption, so some Exchange 2007 SP1 servers refuse to allow them to connect. Oops!

What’s The Solution?

There are four possible solutions, three of which require IT assistance. Your Exchange administrator can research the meaning and implications of these options:

  1. Disabling device encryption allows all iPhones to connect, but does not force any Exchange ActiveSync device to encrypt data. This is not a great solution from a security perspective, so don’t bother trying to convince IT to implement it!
  2. Allowing non-provisionable devices enables all iPhones to connect but weakens security in general, allowing each device to enforce or ignore policies. This is a slightly better solution, since encrypting devices like the iPhone 3GS will encrypt, but it’s still not a great idea.
  3. Creating a special policy for “old” iPhones and applying it selectively is probably more acceptable. Administrators can allow certain users to ignore the device encryption policy but still apply it to all others. This commandlet (from Krypted) will create such a policy:
    New-ActiveSyncMailboxPolicy -Name iPhone -AllowNonProvisionableDevices $true
  4. Upgrading to an iPhone 3GS is probably the best answer. IT doesn’t need to get involved (as long as you know how to configure Exchange ActiveSync) and no security policies need to be weakened to make it work.

You might also want to read these other posts...

  • How To Connect Everything From Everywhere with ZeroTier
  • Liberate Wi-Fi Smart Bulbs and Switches with Tasmota!
  • Tortoise or Hare? Nvidia Jetson TK1
  • Electric Car Over the Internet: My Experience Buying From…
  • Introducing Rabbit: I Bought a Cloud!

Filed Under: Apple Tagged With: ActiveSync, encryption, Exchange, Exchange 2007, iPhone, iPhone 3GS, iPhone OS 3.0, iPhone OS 3.1, Microsoft Exchange, policies

Primary Sidebar

Data will expand to fill all available storage capacity

Stephen Foskett

Subscribe via Email

Subscribe via email and you will receive my latest blog posts in your inbox. No ads or spam, just the same great content you find on my site!
 New posts (daily)
 Where's Stephen? (weekly)

Download My Book


Download my free e-book:
Essential Enterprise Storage Concepts!

Recent Posts

How To Install ZeroTier on TrueNAS 12

February 3, 2022

Scam Alert: Fake DMCA Takedown for Link Insertion

January 24, 2022

How To Connect Everything From Everywhere with ZeroTier

January 14, 2022

Electric Car Over the Internet: My Experience Buying From Vroom

November 28, 2020

Powering Rabbits: The Mean Well LRS-350-12 Power Supply

October 18, 2020

Tortoise or Hare? Nvidia Jetson TK1

September 22, 2020

Running Rabbits: More About My Cloud NUCs

September 21, 2020

Introducing Rabbit: I Bought a Cloud!

September 10, 2020

Remove ROM To Use LSI SAS Cards in HPE Servers

August 23, 2020

Test Your Wi-Fi with iPerf for iOS

July 9, 2020

Symbolic Links

    Featured Posts

    The Rack Endgame: A New Storage Architecture For the Data Center

    September 3, 2014

    The Myths of Standardization

    December 15, 2011

    On the Death of Innovation, or “These Kids These Days!”

    May 21, 2012

    Scaling Storage At The Client

    November 25, 2013

    How Smart Is the Mondaine Helvetica Smart Watch?

    December 30, 2015

    10 Mysteries The Lost Finale Definitively Settled

    May 25, 2010

    Why Are PCIe SSDs So Fast?

    June 12, 2013

    How to Get Me to Write about Your Company or Product

    March 15, 2012

    Follow the Yellow Brick Road to the Software-Defined Future

    November 29, 2012

    FCoE vs. iSCSI – Making the Choice

    May 20, 2011

    Footer

    Legalese

    Copyright © 2022 ยท Log in