Compartilhar via

Security permission was insufficient to update your device error on Motorola Q Devices

  • Artigo

[Today's tip comes to us courtesy of James Frederickson]

So you got a new Motorola Q phone from Verizon Wireless and you are trying to install a Certificate and you are getting the following error:

Security permission was insufficient to update your device

 Here is some information that will help you connect your Motorola Q to Exchange Server 2003 using OMA, providing your server is set up for Windows Mobile devices.

The phone needs a root CA to access your Exchange server when using SSL. The Motorola Q phone has some certified certificates already built into the phone.

To view them on the Q -- go to:

[START]-->[Settings]-->{more}-->[Security]-->[Certificates]-->{root}

If the listed certificates are not the current certificate that you use on your exchange, then you need a Root CA from your exchanger server to add to your Q phone. Self signed Root CAs are ok.  {See below for information on certificates}

 

To install the certificate (cert)

Download VZW_spaddcert.exe from: 

https://www.microsoft.com/downloads/details.aspx?familyid=5D7E27EE-4654-480C-876D-442AED8F47AE&displaylang=en 

Knowledgebase Article:

https://support.microsoft.com/kb/841060/en-us

 

Instructions:

  1. Create a "Storage" folder in the root directory. (Must be called Storage)
  2. Copy VZW_spaddcert.exe file to the Q.
  3. Copy your root <xxx>.cer to the storage folder.
  4. Execute VZW_spaddcert.exe and select the cert.
  5. Soft reset (reboot) the phone.

 Setting up the Motorola Q phone

 

Click on [START]-->ActiveSync--Menu-->[Configure Server OR Add Server Source] Server Address is the name of you mail server or IP Address that is seen from the Internet.

 

example--> mail.contoso.com

[x] If using SSL port 443 or another one that has been defined as the

SSL port

[NEXT]

Username:[] Password: Domain:[]  [x] Save password

 

The Domain can be checked by doing a (control-alt-del) on your computer and checking Logon information username and domain. This information must be the same as what will be used on the Q phone.

Choose the data that you want to synchronize: contact--calendar--email--tasks

[Finished]

[SYNC]

Done

Comments

  • Anonymous
    January 01, 2003
    PingBack from http://www.keyongtech.com/4215002-motorola-q-activesync-problems

  • Anonymous
    January 01, 2003
    PingBack from http://www.keyongtech.com/5016618-certifcate-reset-error-cannot-get/2

  • Anonymous
    July 25, 2006
    Indeed, this works fine. I've been looking for a solution to these troubles for a while, funny enough, there's no other article on the net yet that tells you you need the certificate in place. I just figured it out myselve a few days ago.

    Some things i'lld like to add:
    - If your server isued an certificate to itsself (so not through a third party certificate manager), you should export the root certificate. In some occasions i noticed that IIS uses a sub-certificate, so make realy sure you got the root certificate or it wont work!.
    - To export the root certificate, open 'Certification Authority' (under administrative tools, or add the snapin into a new mmc) on your server. Right click on the root certificate and choose 'properties'. On the genral tab, you can see the root certificate, just select it and click on 'view certificate'.
    In the newly opend window you can double check you selected the root certificate if you take a look at the 3 tab. Now that you are sure, go back to the second tab, and click on 'copy to file'. the wizard for exporting the certificate will open. Click Next. Select 'der encoded binary x.509 (.CER)' and click next. enter a filename where you want the store the certificate in., click next and click finish.

    Testing the exported file (to make sure you wont have isues with it). Take any pc that hasnt got the certificate installed yet. (to verify you can open owa through https, if you get prompted to accept the certificate, its not installed yet)
    Ok, now to verify you successfuly exported the certificate, you can double click on it. to install the certificate on the local machine, click 'install certificate'. In the wizzard click next. Select 'Place all certificates in the following store'. Click 'browse'. Select 'show physical stores'. Under 'trusted root certificate autothorities' select 'local computer' (this way you install it in the right place). click 'ok', click 'next', click 'finish'. A popup will apear stating that the import worked (hopefully ;) )

    Now, to make sure the certificate worked, close the browser, and reopen it (to be sure). Surf to the https site of your OWA. Now IE wont prompt you to accept the certificate. If IE still prompts you, you exported the wrong certificate.

    - Another thigh i'lld like to suggest, is not to select the 'require secure channel (SSL)' option in IIS manager under 'default web site', properties on 'exchange', directory security tab, 'secure communications', 'edit'. Why, internaly IIS communicates throughout its virtual folders. that's done using http, and not https. so if you enable that option, loads off other stuff might fail to work. (like RPC over HTTPS fi)

    Also, exporting and importing the certificate  is something you'll need to do aswell if you want to use RPC over HTTPS.

    Hope this helped anyone trying to figure out why it doesn't work.

  • Anonymous
    July 25, 2006
    Nico,

    Excellent points, all.  Thank you so much for taking the time to post this!

    ---Mark

  • Anonymous
    July 26, 2006
    The comment has been removed

  • Anonymous
    August 01, 2006
    There is an alternate method to install the self signed SBS certificate. Take a look at this article -http://www.stevereno.net/weblog/sbs/index.php?/sbs/verizons_motorola_q_smartphone_installing_sbs_self_signed_certificate/