TechNet Blogs > The Windows Server Essentials and Small Business Server Blog > Security permission was insufficient to update your device error on Motorola Q Devices
Server & Tools Blogs > Server & Management Blogs > The Windows Server Essentials and Small Business Server Blog
Live Now on Server & Tools Blogs
Menu
SBS-Related Links
EPS Team Blogs
Disclaimer
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Recent Posts
Tags
More
Archives
Archives
More

Security permission was insufficient to update your device error on Motorola Q Devices

Security permission was insufficient to update your device error on Motorola Q Devices

24 Jul 2006 2:28 PM
  • Comments 6

[Today's tip comes to us courtesy of James Frederickson]

So you got a new Motorola Q phone from Verizon Wireless and you are trying to install a Certificate and you are getting the following error:

Security permission was insufficient to update your device

 Here is some information that will help you connect your Motorola Q to Exchange Server 2003 using OMA, providing your server is set up for Windows Mobile devices.

The phone needs a root CA to access your Exchange server when using SSL. The Motorola Q phone has some certified certificates already built into the phone.

To view them on the Q -- go to:

[START]-->[Settings]-->{more}-->[Security]-->[Certificates]-->{root}

If the listed certificates are not the current certificate that you use on your exchange, then you need a Root CA from your exchanger server to add to your Q phone. Self signed Root CAs are ok.  {See below for information on certificates}

 

To install the certificate  (cert)

Download VZW_spaddcert.exe from: 

http://www.microsoft.com/downloads/details.aspx?familyid=5D7E27EE-4654-480C-876D-442AED8F47AE&displaylang=en 

Knowledgebase Article:

http://support.microsoft.com/kb/841060/en-us

 

Instructions:

  1. Create a "Storage" folder in the root directory. (Must be called Storage)
  2. Copy VZW_spaddcert.exe file to the Q.
  3. Copy your root <xxx>.cer to the storage folder.
  4. Execute VZW_spaddcert.exe and select the cert.
  5. Soft reset (reboot) the phone.

 Setting up the Motorola Q phone

 

Click on [START]-->ActiveSync--Menu-->[Configure Server OR Add Server Source] Server Address is the name of you mail server or IP Address that is seen from the Internet.

 

example--> mail.contoso.com

[x] If using SSL port 443 or another one that has been defined as the

SSL port

[NEXT]

Username:[] Password: Domain:[]  [x] Save password

 

The Domain can be checked by doing a (control-alt-del) on your computer and checking Logon information username and domain. This information must be the same as what will be used on the Q phone.

Choose the data that you want to synchronize: contact--calendar--email--tasks

[Finished]

[SYNC]

Done

Comments
  • Nico
    25 Jul 2006 3:15 AM
    Indeed, this works fine. I've been looking for a solution to these troubles for a while, funny enough, there's no other article on the net yet that tells you you need the certificate in place. I just figured it out myselve a few days ago.

    Some things i'lld like to add:
    - If your server isued an certificate to itsself (so not through a third party certificate manager), you should export the root certificate. In some occasions i noticed that IIS uses a sub-certificate, so make realy sure you got the root certificate or it wont work!.
    - To export the root certificate, open 'Certification Authority' (under administrative tools, or add the snapin into a new mmc) on your server. Right click on the root certificate and choose 'properties'. On the genral tab, you can see the root certificate, just select it and click on 'view certificate'.
    In the newly opend window you can double check you selected the root certificate if you take a look at the 3 tab. Now that you are sure, go back to the second tab, and click on 'copy to file'. the wizard for exporting the certificate will open. Click Next. Select 'der encoded binary x.509 (.CER)' and click next. enter a filename where you want the store the certificate in., click next and click finish.

    Testing the exported file (to make sure you wont have isues with it). Take any pc that hasnt got the certificate installed yet. (to verify you can open owa through https, if you get prompted to accept the certificate, its not installed yet)
    Ok, now to verify you successfuly exported the certificate, you can double click on it. to install the certificate on the local machine, click 'install certificate'. In the wizzard click next. Select 'Place all certificates in the following store'. Click 'browse'. Select 'show physical stores'. Under 'trusted root certificate autothorities' select 'local computer' (this way you install it in the right place). click 'ok', click 'next', click 'finish'. A popup will apear stating that the import worked (hopefully ;) )

    Now, to make sure the certificate worked, close the browser, and reopen it (to be sure). Surf to the https site of your OWA. Now IE wont prompt you to accept the certificate. If IE still prompts you, you exported the wrong certificate.

    - Another thigh i'lld like to suggest, is not to select the 'require secure channel (SSL)' option in IIS manager under 'default web site', properties on 'exchange', directory security tab, 'secure communications', 'edit'. Why, internaly IIS communicates throughout its virtual folders. that's done using http, and not https. so if you enable that option, loads off other stuff might fail to work. (like RPC over HTTPS fi)

    Also, exporting and importing the certificate  is something you'll need to do aswell if you want to use RPC over HTTPS.

    Hope this helped anyone trying to figure out why it doesn't work.
  • 25 Jul 2006 5:34 PM
    Nico,

    Excellent points, all.  Thank you so much for taking the time to post this!

    ---Mark
  • Nico
    26 Jul 2006 3:10 AM
    My pleasure. After reading it all over I see I made quite alot of typo's. English aint my native language, but i should have done better.

    You dont have to allow this to be posted publicaly though.

    Maybe I can send you some articles by mail sometime. So, if you would like to post it, you could fix the typo's for me. TBH, i cant be arsed to start my own blog. I aint got that much time on my hands.

    Drop me an e-mail if you are interested: Nico@noid.Be

    Again, please just delete this post ;)

    Nico.
  • Steve Downs
    1 Aug 2006 6:53 PM
    There is an alternate method to install the self signed SBS certificate. Take a look at this article - http://www.stevereno.net/weblog/sbs/index.php?/sbs/verizons_motorola_q_smartphone_installing_sbs_self_signed_certificate/
  • Motorola Q ActiveSync problems | keyongtech
    18 Jan 2009 11:52 AM

    PingBack from http://www.keyongtech.com/4215002-motorola-q-activesync-problems

  • Certifcate reset error - cannot get to OWA - Page 2 | keyongtech
    9 Mar 2009 7:07 AM

    PingBack from http://www.keyongtech.com/5016618-certifcate-reset-error-cannot-get/2

Page 1 of 1 (6 items)