11-23-17 12:05 AM
27 12
tools
  1. salbass's Avatar
    I finally got home and unwrapped my Priv. I was excited because my company's Exchange only allows Android or iOS to receive mail. I've been using Touchdown mail app side loaded on my Z10 due to this because Touchdown allows you to override the Devicetype Setting to Android.

    My assumption was that since the Priv is stock Android then it would send that devicetype. Assumption is wrong and I'm back right where I started. I am pretty upset because I was excited to get some form of the hub back again but looks like I can't. Anyone else run into this? Any workarounds that Android IS has to get my corporate mail again?

    Thanks!

    Posted via CB10
    jonty12 likes this.
    11-11-15 02:29 PM
  2. chrisgatguis's Avatar
    Have you informed them? And explained the type of phone you are using? Seems like a strange way round to have it (we are the opposite way round).

    Posted via CB10
    11-11-15 02:32 PM
  3. Andrew4life's Avatar
    I think your company has to manually accept new device connections. Might want to just give your IT department a call

    Posted via CB10
    11-11-15 02:37 PM
  4. bobshine's Avatar
    Make sure also you haven't reached the device limite

    Posted via CB10
    11-11-15 02:38 PM
  5. salbass's Avatar
    I have called them and that's the way they created it. I can add it through Gmail and that works but I can't see the account through the hub. This is so depressing!

    Posted via CB10
    11-11-15 05:45 PM
  6. jonty12's Avatar
    I finally got home and unwrapped my Priv. I was excited because my company's Exchange only allows Android or iOS to receive mail. I've been using Touchdown mail app side loaded on my Z10 due to this because Touchdown allows you to override the Devicetype Setting to Android.

    My assumption was that since the Priv is stock Android then it would send that devicetype. Assumption is wrong and I'm back right where I started. I am pretty upset because I was excited to get some form of the hub back again but looks like I can't. Anyone else run into this? Any workarounds that Android IS has to get my corporate mail again?

    Thanks!

    Posted via CB10
    I hate to celebrate your bad news, but this may be excellent news for me!

    My company is the opposite... they'll take exchange connections through BB10 and iOS (I've been using BB10 since 2013) but Android has to be through Touchdown. If I use Touchdown I lose the majority of why I use BB (BB calendar, Hub, etc.). If this identifies the device as BB, I'm good to go! If it identifies as Android, there's no point in getting it.
    11-11-15 05:50 PM
  7. salbass's Avatar
    Huh? Why would you not just get a BB10 device?? If I had my choice I would want the whole BB10 experience. I got the android because it would identify itself as an Android but have the productivity (well as close as you can get) to a BlackBerry.


    Posted via CB10
    11-11-15 05:56 PM
  8. jonty12's Avatar
    Huh? Why would you not just get a BB10 device?? If I had my choice I would want the whole BB10 experience. I got the android because it would identify itself as an Android but have the productivity (well as close as you can get) to a BlackBerry.


    Posted via CB10
    I have a Z30 currently. Too many needed apps aren't available at this stage. It was fine 6 months ago, but many now require Android 4.4 or above to function or never worked. If I didn't need them, there'd be no question. I MUCH prefer BB10 as an OS.
    11-11-15 06:00 PM
  9. cognac_sipper's Avatar
    I think I would run into the same problem..... So if I use an app for exchange like type mail I am guessing it would not show up in the hub....
    11-11-15 06:09 PM
  10. conite's Avatar
    I have called them and that's the way they created it. I can add it through Gmail and that works but I can't see the account through the hub. This is so depressing!

    Posted via CB10
    Hopefully it will be added soon. I know they are madly updating the HUB with bug fixes and new features.

    PassportSQW100-4/10.3.2.2789
    11-11-15 06:11 PM
  11. SeltzerWater's Avatar
    Hopefully it will be added soon. I know they are madly updating the HUB with bug fixes and new features.

    PassportSQW100-4/10.3.2.2789
    Haven't seen an update in days. What did you mean by madly?

    Posted via the CrackBerry App for Android
    11-12-15 05:37 AM
  12. salbass's Avatar
    I have a case open. Waiting to hear back. Oddly, if I setup the Exchange account under the stock Gmail app that works perfectly. Just not seeing it in the hub, have to go into Gmail. I wonder why they didn't make Device Type an option to choose which device header to send?



    Posted via CB10
    11-12-15 02:16 PM
  13. c_bryant34's Avatar
    I have a case open. Waiting to hear back. Oddly, if I setup the Exchange account under the stock Gmail app that works perfectly. Just not seeing it in the hub, have to go into Gmail. I wonder why they didn't make Device Type an option to choose which device header to send?



    Posted via CB10
    When you try setting it up in the Hub are you getting an error of some sort? Like a required policy, etc?
    11-13-15 12:16 AM
  14. salbass's Avatar
    Yes I get an email to my regular in box saying that the Exchange policy is blocking it due to Device Type.

    Here is the email

    Your mobile*device*won't be able to synchronize with the server via Exchange ActiveSync because of an access policy defined on the server.

    Information about your mobile*device:

    Device*model:BlackBerry
    Device*type:BlackBerryDevice*
    ID:androidc1878451514
    Device*OS:
    Device*user agent:BlackBerry-STV100-3/5.1.1
    Device*IMEI:
    Exchange ActiveSync version:14.1
    Device*access state:BlockeDevice*access state reasoneviceRule

    Posted via the CrackBerry App for Android
    11-13-15 01:16 PM
  15. Steve Rizla's Avatar
    Our company is running BES 10 and we have users running BB10 and IOS devices.

    I'm the only one running Android as i'm a developer and I get to test new things.

    For me, I skip BES altogether and just use ActiveSync. On my Nexus 5, I used the Outlook App. I added the Priv yesterday using the Hub instead. As soon as i added the account I got a warning about policies.

    Here is what I see when I go to 'manage' my device through OWA:
    Status: OK
    First sync:
    11/12/2015 10:10 PM
    Last successful sync: 11/13/2015 1:27 PM
    Folders synced: 7

    Device name:
    STV100-3
    Device model: STV100-3
    Phone number: Not Available
    Mobile network:
    Device type: BlackBerry
    Device ID:
    Device IMEI:

    Device OS:
    Android 5.1.1
    Device language: Not Available
    User agent: BlackBerry-STV100-3/5.1.1

    Access state:
    Access Granted
    Access set by: Global Permissions

    Policy applied:
    Default - Applied in full
    Policy updated: 11/12/2015 10:12 PM
    ActiveSync version: 14.1
    11-13-15 01:32 PM
  16. salbass's Avatar
    Yeah but your company supports BlackBerry as a platform. My specifically only allows Android and iOS, therefore I thought if I bought the Priv I could access my company email again.

    If I use the Hub App I can't but if I use Gmail Exchange App then it works.

    Looks like the Hub is still faking things out to the MdM and saying it is a blackberry phone instead of an Android phone. I wish they could just make it an option to select.

    Posted via the CrackBerry App for Android
    11-13-15 01:55 PM
  17. c_bryant34's Avatar
    Yeah but your company supports BlackBerry as a platform. My specifically only allows Android and iOS, therefore I thought if I bought the Priv I could access my company email again.

    If I use the Hub App I can't but if I use Gmail Exchange App then it works.

    Looks like the Hub is still faking things out to the MdM and saying it is a blackberry phone instead of an Android phone. I wish they could just make it an option to select.

    Posted via the CrackBerry App for Android
    Thanks for the heads up. I'll discuss with the engineering team.
    salbass likes this.
    11-17-15 01:32 AM
  18. salbass's Avatar
    Thanks for the heads up. I'll discuss with the engineering team.
    Thanks - here are some screenshots - one is from the Android Hub and the other is the Gmail App on my Priv - this shows you the difference. Hub doesn't work, Gmail does, same device! Please fix this somebody!WARNING : Priv still is blocked by Exchange BB Rules-hub-email-account.pngWARNING : Priv still is blocked by Exchange BB Rules-priv-gmail-exchange-app.png
    11-21-15 12:42 AM
  19. sportline's Avatar
    OMG. Is it the same case with office 365 account, or any Microsoft account?

    Posted via CB10
    11-21-15 02:17 AM
  20. c_bryant34's Avatar
    OMG. Is it the same case with office 365 account, or any Microsoft account?

    Posted via CB10
    No, just very specific cases where an IT admin only "whitelists" certain types of devices for activating on an exchange server.
    salbass likes this.
    11-22-15 04:04 PM
  21. chang69's Avatar
    Thanks - here are some screenshots - one is from the Android Hub and the other is the Gmail App on my Priv - this shows you the difference. Hub doesn't work, Gmail does, same device! Please fix this somebody!Click image for larger version. 

Name:	hub-email-account.PNG 
Views:	214 
Size:	33.4 KB 
ID:	381473Click image for larger version. 

Name:	priv-gmail-exchange-app.PNG 
Views:	215 
Size:	47.4 KB 
ID:	381474
    Thanks for the screenshot. This probably explains why the hub has the required SD card encryption problem, whilst the gmail app doesn't.
    salbass likes this.
    11-22-15 04:53 PM
  22. Omnitech's Avatar
    I wonder why they didn't make Device Type an option to choose which device header to send?

    Because the whole point of such mechanisms is to somewhat reliably determine what sort of device is connecting to the Exchange server, so the server can decide what to do with the connection. If it were trivial for everyone to circumvent that mechanism, then the mechanism would be pointless. See below.


    Yeah but your company supports BlackBerry as a platform. My specifically only allows Android and iOS, therefore I thought if I bought the Priv I could access my company email again.

    Looks like the Hub is still faking things out to the MdM and saying it is a blackberry phone instead of an Android phone. I wish they could just make it an option to select.

    The whole thing going on here is because Exchange servers have policy settings that allow Exchange admins to decide what kind of devices can or cannot connect to their server. The usual problem here IMHO is not that the device cannot easily "spoof" another device, nor is it that the Priv (apparently, according to this thread) identifies itself as a BlackBerry hardware device to the Exchange server (Which is normal and standard behaviour, and note that according to Steve Rizla's post it does properly reflect that it's running Android OS, which is also exactly as it should be), it is because your company's Exchange administrators have a lame policy set that blocks it, most likely because they simply don't know any better, or don't care.

    95% of the time that I see cases like this where BlackBerries cannot connect to an Exchange server, it is because the people running the server are clueless that it's even an issue, or they simply don't care. Someone either left something on a default setting, or thought it would be cool to set a restrictive policy, even though it probably doesn't accomplish what they think it accomplishes anyway. Or they simply don't want to think about anything but iPhones and certain Android models, because it makes (or they think it makes) their job easier.

    Privs are very rare devices right now, there has never been an Android hardware device with a BlackBerry hardware ID, and there are probably only about 3,000 of them out there in the world, meaning you are almost certainly the only employee that has ever tried to connect one to your company's email infrastructure.

    So my suggestion is talk to your Exchange admin(s), ask them to stop blocking anything that identifies as a BlackBerry, or just specifically whitelist the Priv. If they won't budge on that, then it's out of your hands.

    Trying to spoof a "traditional" Android device is inadvisable for a variety of reasons, including the fact that one of the key reasons for the existence of such policies is because a thorough Exchange Admin knows that each platform and device has quirks, and sometimes those quirks will cause their system problems - like when iOS 8 had a nasty bug that crashed Exchange servers all over the place because Apple devices were blowing up their logfiles. (In such cases an Exchange admin can conveniently block those troublemaking devices using that same policy, to help protect their infrastructure until the vendor - in this case Apple - fixes their bug.) BlackBerry should not masquerade as a "generic" Android - because the MUA that is connecting to the Exchange server is not the generic Android MUA, it is a custom mail app written by BlackBerry.

    BlackBerry actually wrote a knowledgebase article to instruct Exchange admins how to whitelist traditional BlackBerry devices to ensure they work, but strangely even though that document shows a last update of 2015-10-28, it still doesn't include a Priv item in the list. But you may want to check it out anyway because the basic concept is the same and a competent and willing admin can easily adapt it as long as they know what model number the device identifies with. (As we can in both Steve Rizla's post and your screenshots where it shows the identification strings that are showing up in your Exchange servers)

    How to whitelist BlackBerry 10 smartphones and BlackBerry PlayBook tablets for use with Exchange ActiveSync Gatekeeping
    Last edited by Omnitech; 11-23-15 at 10:48 AM.
    11-23-15 10:37 AM
  23. salbass's Avatar
    Because the whole point of such mechanisms is to somewhat reliably determine what sort of device is connecting to the Exchange server, so the server can decide what to do with the connection. If it were trivial for everyone to circumvent that mechanism, then the mechanism would be pointless. See below.





    The whole thing going on here is because Exchange servers have policy settings that allow Exchange admins to decide what kind of devices can or cannot connect to their server. The usual problem here IMHO is not that the device cannot easily "spoof" another device, nor is it that the Priv (apparently, according to this thread) identifies itself as a BlackBerry hardware device to the Exchange server (Which is normal and standard behaviour, and note that according to Steve Rizla's post it does properly reflect that it's running Android OS, which is also exactly as it should be), it is because your company's Exchange administrators have a lame policy set that blocks it, most likely because they simply don't know any better, or don't care.

    95% of the time that I see cases like this where BlackBerries cannot connect to an Exchange server, it is because the people running the server are clueless that it's even an issue, or they simply don't care. Someone either left something on a default setting, or thought it would be cool to set a restrictive policy, even though it probably doesn't accomplish what they think it accomplishes anyway. Or they simply don't want to think about anything but iPhones and certain Android models, because it makes (or they think it makes) their job easier.

    Privs are very rare devices right now, there has never been an Android hardware device with a BlackBerry hardware ID, and there are probably only about 3,000 of them out there in the world, meaning you are almost certainly the only employee that has ever tried to connect one to your company's email infrastructure.

    So my suggestion is talk to your Exchange admin(s), ask them to stop blocking anything that identifies as a BlackBerry, or just specifically whitelist the Priv. If they won't budge on that, then it's out of your hands.

    Trying to spoof a "traditional" Android device is inadvisable for a variety of reasons, including the fact that one of the key reasons for the existence of such policies is because a thorough Exchange Admin knows that each platform and device has quirks, and sometimes those quirks will cause their system problems - like when iOS 8 had a nasty bug that crashed Exchange servers all over the place because Apple devices were blowing up their logfiles. (In such cases an Exchange admin can conveniently block those troublemaking devices using that same policy, to help protect their infrastructure until the vendor - in this case Apple - fixes their bug.) BlackBerry should not masquerade as a "generic" Android - because the MUA that is connecting to the Exchange server is not the generic Android MUA, it is a custom mail app written by BlackBerry.

    BlackBerry actually wrote a knowledgebase article to instruct Exchange admins how to whitelist traditional BlackBerry devices to ensure they work, but strangely even though that document shows a last update of 2015-10-28, it still doesn't include a Priv item in the list. But you may want to check it out anyway because the basic concept is the same and a competent and willing admin can easily adapt it as long as they know what model number the device identifies with. (As we can conveniently see in Steve Rizla's post where it shows the identification strings that are showing up in his Exchange server)

    How to whitelist BlackBerry 10 smartphones and BlackBerry PlayBook tablets for use with Exchange ActiveSync Gatekeeping
    Thanks for your detailed reply but I disagree. It is not the hardware that is providing the DeviceType it's the software. So if you use the Gmail App for exchange the Priv identifies itself as Android. Actually all the mail apps in the store I've tried identify themselves as Android and work. Actually Touchdown a very popular App recommended by most mail Admins it allows you to change the DeviceType t
    String to whatever you want by default it's Touchdown.

    The only android App on the Priv that doesn't say Android is BlackBerry and trust me as this device gets popular then you will see this being a big issue if the Hub doesn't work like all the other Android mail apps.

    Posted via the CrackBerry App for Android
    11-23-15 11:03 AM
  24. Omnitech's Avatar
    Thanks for your detailed reply but I disagree. It is not the hardware that is providing the DeviceType it's the software. So if you use the Gmail App for exchange the Priv identifies itself as Android. Actually all the mail apps in the store I've tried identify themselves as Android and work. Actually Touchdown a very popular App recommended by most mail Admins it allows you to change the DeviceType t
    String to whatever you want by default it's Touchdown.

    The only android App on the Priv that doesn't say Android is BlackBerry and trust me as this device gets popular then you will see this being a big issue if the Hub doesn't work like all the other Android mail apps.

    I'm well aware that Touchdown allows device ID spoofing.

    Every EAS client that connects to an Exchange server has unique characteristics. Exchange ActiveSync protocol over the years has become a very complex protocol, that has not only gone through several different generations where its functionality has been greatly expanded and changed, but every client that connects to it has its own idiosyncracies, and these clients could be in use for many years without an update to more modern versions of the protocol. These differences can cause problems with the connection, and/or the mail client, and/or the server. Here is a document from a 3rd-party vendor which makes its own server implementation of EAS, which points-out one key reason why it's important to know precisely which sorts of devices are connecting to your EAS server:

    Setting a compatible Exchange ActiveSync version for specific mobile devices

    Getting back to the Apple bug I mentioned earlier: if it were not the case that Exchange admins could reliably determine which devices were causing problems on their Exchange server infrastructure and selectively block them from causing havoc, there would have been a heck of a lot more angry staff and management, harried I.T. staff, lost money and productivity when that Apple bug blew up a bunch of Exchange servers around the world a couple years ago:

    iOS 6.1 banned from corporate servers due to Exchange snafu (Updated) | ZDNet
    Excessive transaction log growth with iOS 6.1 devices | Paul's Down-Home Page

    So once again: there are good reasons why the device ID should not be spoofed, especially in cases where one is running an "unusual" EAS client (eg BlackBerry Priv, with EAS mechanisms written by BlackBerry and not Google, with very little field experience compared to even the proprietary EAS clients on Android out there), or else if you think you have problems now, wait until your I.T. staff finds out that you were intentionally circumventing their email controls and shuts down any device you try to connect.

    Especially because the "fix" is quite simple on the admin side, as explained previously. If they aren't interested in doing that for you (and any other Priv user that wants to connect), then that is their way of telling you that you have to either get one of the "blessed" devices or forget about it.


    Oh and lastly: I'd be willing to bet that for every Priv owner that wants a generic "Android" identity on the device to connect to an email infrastructure that short-sightedly blocks BlackBerries, there are 3 Priv owners that want to have it identify as "BlackBerry" because their organization is a longtime BlackBerry user which has already whitelisted Blackberries, but perhaps not iPhones.
    11-23-15 11:36 AM
  25. salbass's Avatar
    I'm well aware that Touchdown allows device ID spoofing.

    Every EAS client that connects to an Exchange server has unique characteristics. Exchange ActiveSync protocol over the years has become a very complex protocol, that has not only gone through several different generations where its functionality has been greatly expanded and changed, but every client that connects to it has its own idiosyncracies, and these clients could be in use for many years without an update to more modern versions of the protocol. These differences can cause problems with the connection, and/or the mail client, and/or the server. Here is a document from a 3rd-party vendor which makes its own server implementation of EAS, which points-out one key reason why it's important to know precisely which sorts of devices are connecting to your EAS server:

    Setting a compatible Exchange ActiveSync version for specific mobile devices

    Getting back to the Apple bug I mentioned earlier: if it were not the case that Exchange admins could reliably determine which devices were causing problems on their Exchange server infrastructure and selectively block them from causing havoc, there would have been a heck of a lot more angry staff and management, harried I.T. staff, lost money and productivity when that Apple bug blew up a bunch of Exchange servers around the world a couple years ago:

    iOS 6.1 banned from corporate servers due to Exchange snafu (Updated) | ZDNet
    Excessive transaction log growth with iOS 6.1 devices | Paul's Down-Home Page

    So once again: there are good reasons why the device ID should not be spoofed, especially in cases where one is running an "unusual" EAS client (eg BlackBerry Priv, with EAS mechanisms written by BlackBerry and not Google, with very little field experience compared to even the proprietary EAS clients on Android out there), or else if you think you have problems now, wait until your I.T. staff finds out that you were intentionally circumventing their email controls and shuts down any device you try to connect.

    Especially because the "fix" is quite simple on the admin side, as explained previously. If they aren't interested in doing that for you (and any other Priv user that wants to connect), then that is their way of telling you that you have to either get one of the "blessed" devices or forget about it.


    Oh and lastly: I'd be willing to bet that for every Priv owner that wants a generic "Android" identity on the device to connect to an email infrastructure that short-sightedly blocks BlackBerries, there are 3 Priv owners that want to have it identify as "BlackBerry" because their organization is a longtime BlackBerry user which has already whitelisted Blackberries, but perhaps not iPhones.
    Again, I think you should look at the screen shots I have attached. There are other attributes that already explain what the device is besides devicetype.

    Please explain why Gmail the App that came with my Priv (as well as any other App for exchange mail I download set devicetype as Android and once again this is on my Priv) and let's me get my corporate mail fine as well as applies the appropriate security policies fine BUT the Hub App on the SAME device is sending a hard coded string of BlackBerry and thus gets blocked.

    SAME device but Hub is sending a hard coded devicetype. Device model is all the same between the different apps which I think maybe you are referring to. Once again please look at the screen shots I have attached and maybe you will understand what I am saying.

    Anyway main point is the Hub Product Manager has commented on this thread that they are going to update the Hub to give us the option of setting the Android devicetype.

    Hope it comes soon because it's annoying to move between hub and Gmail. I just want to stay in Hub.

    Also the apple example you gave is theSS. When you ask what OS is powering the Priv is it BlackBerry or Android? I would say Android and thus the correct devicetype should be the same. Remember the Hub is an android App that is installed. Just because the author is BlackBerry doesn't change the fact that it is an Android App.

    If I bought an S6 or a Nexus and in the future wanted to install BlackBerry Hub on it I would run into the same issue as I am now.

    Why would I buy another Android device when this is a stock Android phone with some preloaded launchers and productivity software made by BlackBerry. The OS is still Android.

    Also the Hub PM has acknowledged that this is a good feature to have and will give an OPTION to select device type. I think that will make the App flexible and work like all the other mail Apps do in the Android store.


    Posted via the CrackBerry App for Android
    Last edited by salbass; 11-23-15 at 12:09 PM.
    11-23-15 11:52 AM
27 12

Similar Threads

  1. WiFi calling EE UK with priv
    By prlarkin in forum BlackBerry Priv
    Replies: 15
    Last Post: 06-21-16, 03:08 PM
  2. Transfer Priv to Priv
    By MrEvets in forum BlackBerry Priv
    Replies: 5
    Last Post: 11-12-15, 05:39 AM
  3. For people who ordered the PRIV on October 23rd
    By Akamali in forum BlackBerry Priv
    Replies: 7
    Last Post: 11-11-15, 04:01 PM
  4. Why is my Starbucks app not working on my Priv?
    By CrackBerry Question in forum BlackBerry Priv
    Replies: 2
    Last Post: 11-11-15, 03:23 PM
LINK TO POST COPIED TO CLIPBOARD