My grandfather always says to work “smarter and not harder” which is 1930’s speak for be more efficient.
Why couldn’t Microsoft have listened to him (and all the other grandpa’s of the world who say the same aphorism)?
I had a user come in the other day with a Windows Mobile HTC Touch Pro 2. They wanted to hook up to EAS and have all the whiz bang features that my Palm Pre and all the whiz bang features that iPhones are able to have…synchronizing calendar, contacts, and email. This user is by no means very technical. They need a way to plug in their email address and server name and have it just work…much in the way that it does for the Palm Pre and iPhone.
The user dropped off the phone to me to handle this for them of course so I entered in all the information and went to connect it. Promptly, I received the following message:
“your exchange server requires a personal certificate for authorization”
I anticipate this for some phones…on some phones you have to copy across a root certificate in order to have them connect to a SSL enabled CAS from the internet. This would be my first phone that I’ve run across that didn’t automatically import the certificate. Now, let me begin by saying this is probably one of the dumbest things I’ve ever heard of before (not automatically importing the certificate) because if you’re connecting to the exchange server and authenticating…you should trust whatever certificate is setup by your administrator automatically. Locally here on our PC’s in the enterprise, we’ve automatically trusted the certificate from servers we can authenticate with passwords to.
As an example, if Microsoft treated their Domain Controllers in an AD Forest the same way…we’d be getting pop-ups anytime I regenerated a certificate on a DC. We don’t get those because if a computer is authenticated and the server changes, we don’t want our users getting popups they can’t explain or understand. We used group policy to silently negotiate the certificate exchange in the background. We did the same for OWA when it is accessed internally.
But a smart phone running Windows Mobile? Heck NO! You have to manually copy the certificate over and import it manually…you’re not given the opportunity to authenticate and import automatically. Nothing takes place in the background…even if you are ON THE DOMAIN. The behavior gives you no other alternative.
I thought this would be fine…but it’s not. There isn’t a way for me to get access to the filesystem of the phone. I plug it in via USB. It can’t install it because it can’t find drivers. I use the software included with the phone and it wants to synchronize locally with Outlook…but the user that is using this phone DOESN’T HAVE OUTLOOK nor do they have their own PC, so why would they want to install software just to be able to get files onto their phone? Why would I?
In this instance, this phone is locked down…which is fine in a corporate environment. But this is a personal phone and there is no corporate Windows Mobile plan we have here. I need it to be as easy as an iPhone. I need it to be as easy as my Palm Pre. I need to type in the information and have it connect and start working immediately. It doesn’t. Microsoft needs to work smarter and not harder on this.
I wasted 2 hours yesterday trying to get a certificate copied over to the device and I still can’t do it. I pretty much gave up in frustration and figured I’d file an issue and see what someone can tell me…there comes a point though where security and usability collide in an awesome display of stupidity…and I think this is the case here.
I’m sure everyone is saying “You’re a dummy then! It’s easy, you just perform action X and they Y and it works!” and to that I ask that you leave a comment on how you get it working…remember, I can’t copy files to this device…it won’t let me. So tell me how to get it done without copying files to the device or how to hack the device so I can copy files to it and I’ll agree with you by saying “yes, I am a dummy”. Documentation on this problem and solution are non-existent…google and live were not my friends on this topic. So please tell me how wrong I am…I want to be proved wrong and fix this.
In the meantime, please Microsoft, work smarter and NOT harder. Making things this difficult to do simple things is dumb. My boss doesn’t care about all the technical details. She just knows that she took her iPhone in and I had it up and running in about 10 minutes. And now she knows that one of her directors asked for the same functionality in a Windows Mobile phone and 2 hours later I told him I couldn’t get it to work. Here it is 2 days later and I still can’t get it to work. Making it so competitors systems work better on your own product is comparable to shooting yourself in the foot with a canon.
Temp connect to an e-mail account such as Gmail. Send cert to that e-mail account. Open the file from the e-mail and install the cert. Delete the Gmail account from the phone then connect to exchange. You can also use Bluetooth to send a file to the phone if possible.