Apple’s iOS has gotten a deservedly bad reputation for its Exchange ActiveSync implementation. But, to their credit, things seem to be fairly stable with the latest iOS 7.0.4 update. On the other hand, Google seems to have largely gotten a free pass on the quality of its EAS implementation; in fact, for quite some time Android didn’t include EAS functionality, although some individual vendors did. The latest release, 4.4 (or “KitKat”, a particularly nasty type of candy, at least in the US), includes EAS as part of the core OS, but it appears to have some bugs, including at least one that I am still trying to get a good understanding of.
First, there appears to be a problem with client certificate authentication, i.e. it doesn’t work. To Google’s credit, they maintain a public bug-tracking system where everyone can see the bug report and status, at least of this particular bug. Imagine a world where Microsoft and Apple were similarly transparent about bugs in their major products… OK, back to reality; Google of course doesn’t do the same for their proprietary products, just for open-source efforts such as Android. On the other hand, this kind of public reporting lets people show their ignorance; check out this thread, where a couple of engineers for a competing product show that they haven’t read the protocol specs in detail (hint: see this discussion of WindowSize to spot the flaw in their argument).
Anyway, Tony pointed out this particular problem to the Exchange community just before Thanksgiving. Recently I was contacted by a customer who was seeing another widespread KitKat issue: devices persistently pounding the server with EAS Sync commands, over and over and over and… well, you get the idea. Although I haven’t seen a clear cause identified, Google claims to have fixed this problem in the 4.4.1 update (see the reply by Ersher in page 24 of this thread), so the question becomes whether all the users claiming to be affected by this bug have upgraded.
Actually, the question becomes at what point Exchange administrators begin to proactively block new mobile device OS releases! While I’m not quite ready to declare a fatwa on all new device releases, it is beginning to look at though organizations with diverse BYOD populations might be well served to establish some kind of criteria for staging support of new releases. Apple, Microsoft, and Google all offer developer access to new OS releases, often months in advance, so one possibility is to establish a pool of test devices for new OS releases— something which many sites already do with new desktop OS releases. The logistics of working out such a program might be challenging, but I think the effort might be well worth it if it prevents unpleasant surprises caused by device-side EAS misbehavior.
There’s another, perhaps less palatable, option on the horizon. Now that we have OWA for Devices (known colloquially as Mobile OWA, or MOWA, within Microsoft), if you were so inclined you could block all iOS device access and require your users to use MOWA. Since there’s no MOWA version for Android yet (and there may never be; Microsoft hasn’t given any hints), this wouldn’t be a comprehensive solution, and it would likely aggravate users to a high degree… but as improvements in MOWA performance and capability roll out, it might become a more viable option.
(side note: speaking of aggravation, it’s amazing how aggravated Google’s customers get when they don’t receive an official answer from Google in the time frame they expect. At least Google gives official answers in their support forums, something you are unlikely to see happen much in the support fora offered for iOS and Windows Phone!)
One thing I’d like to see emerge is something akin to collaborative spam filtering— when I report a message as spam to my filtering service, that message is filtered for other subscribers too. It seems like BoxTone or another company might be able to offer a subscription service to customers that gives them early alerts to wide-scale problems reported by other customers, such as regional outages in a carrier network or a pattern of sync misbehavior for a specific device family. I know I’d be happy to pay money for a service that would give me early warning of apparent problems with new device software releases— what about you?
24 responses to “Android 4.4/KitKat Exchange ActiveSync problems; fixed in 4.4.1?”
4.4.2 fixes the issue. No more problems installing, tunning and syncing exchange.
Not for Nexus 7 LTE. The issue is still standing
Hi, I am using 4.4.2 , i have configured email under active sync using one tier authentication. While configured it was working fine, but since last three days unable to sent email ( its remain in Outbox). However with other mail client it works fine.
Not fixed in 4.4.2 – Many users are still reporting the problem, and many who had claimed it was fixed are now reporting they spoke to soon as it has stopped working again. This issue is becoming a joke.
As an almost unrelated side note (regarding sw quality): Any idea when Microsoft will support cert based auth for their latest (!) phone OS?
http://download.microsoft.com/download/D/B/2/DB2D539D-7F4D-46BC-944B-A69EDA43D975/Windows%20Phone%208%20Certificates.pdf might be of use. WP8 doesn’t support arbitrary client SSL certs though.
Still not working @ Nexus 5 😦
Please, read my blog record on this issue. Maybe it will help.
If you’ve got an android running version 4.4 (KitKat), you may have run into the issue of it no longer syncing Exchange ActiveSync. This is an issue that is acknowledged by Google, but they don’t consider it an urgent issue. Well, Art here at Lanlogic wasn’t satisfied with that answer, and, after updating his MotoX to 4.4.2, decided to call Motorola support for assistance with this issue after scouring the internet for any sort of resolution and not finding anything.
After getting escalated to tier two support, he spoke with an engineer who had him do the following from the native email app:
1.Settings> Accounts> Corporate
2.Tap the three dots on the top right corner and select “sync now”
3.Swipe down from the top of the screen to show recent notifications
4.Find and tap on the security alert and select the option to activate now
Once he did so, his Exchange email started to sync. This also worked on his Nexus 7 so it’s safe to assume that this will work on any device running Android OS version 4.4.2.
How did Joe Foos update Moto X to 4.4.2? My phone and Motorola’s website isn’t showing any updates for Moto X, still at 4.4
My email still isn’t working. I can’t believe that this isn’t a top priority. Email is one of the most important reasons people use a smartphone, and this being broken is a huge issue. I rely on my email for work and this is a major problem, not being able to communicate through my phone anymore…
Still not sending. This issue started after 4.3 update and is still not sending after 4.4.2 update on HTC one.
For HTC One Owners: I tried everything I could find online, delete/add accounts, etc etc. Here’s what finally worked: Go to Back up/reset (create a back up if you haven’t already). Then Reset phone, I chose to keep music and photos. Once I restored the backup, all worked perfectly and has been for the past 24 hours.
Tried back up and reset twice. Still unable to send mail.
After sense 6 update on HTC One M7 email was fixed. For non htc i recommend cloudmagic.
i have a Samsung Note III and the problems still remains….
the exchange problem is still there with Android 4.4.4. in Nexus 5. Don’t know how to solve this with workarounds since I have tried almost every solution.
Only thing working: use another mail client such as maildroid 😦
Yes, this is still an issue with 4.4.4. I didn’t have an issue when I first got the phone this spring – it’s only a recent update that broke it for me. Exchange 2003, 2007, and 2010 accounts on my phone all go to Outbox.
I’m running 4.4.2 on a Galaxy S5. Another issue I haven’t seen discussed is the inability to unsync contacts. In previous OS releases, Outlook personal contacts would disappear when you unsynced them. No more. Of course, it’s only a major problem when you have 100 (like me). To purge them you have to:
1) Unsync the contacts at the account level. (uncheck the box)
2) Manually unlink each contact (if any happen to be linked).
3) Delete the Exchange contact. Be careful to pick the right one.
Wow, Ron, that sounds like a bit of a hassle. I haven’t run into that problem because I haven’t tried unsyncing before– time to give that a shot.
I have problem with a user of a Nexus 5 and his device randomly going crazy and making 100 of thousands connect attempts driving my transactions log generation through the roof. We use BoxTone so that may even play a part in it. Having the user reprovisioned to see if we can rope this in
same problem for my Honor 6 H60-L12 with 4.4.2 😦
I just bought Lenovo Yoga Tablet Pro 2 13″ with KitKat. My IOS devices work fine with Exchange; but I cannot get KitKat to work for Exchange email / calendars….