Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 19185 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Secure Corporate E-Mail -> fails to Connect to Exchange (just Android)

JosipBacinger

Helo,

Im testing Sophos Secure E-Mail bevor I deploy it in our company.

I installed SMC 6.1. behind a Firewall and WAF in the same internal network as my Exchange 2016 Server. On SMC I made Sophos Secure Workspace profiles on SMC with Sophos Secure E-Mail and that works fine within iPhones.

When I try to do a same thing on an Android (LG G90 with Android 5.0.2 and LG Gate 4.0.0.), this fails!

Android Sophos Secure E-Mail gives me this message on thy way to connect with my Exchange:

"App-Fehler: Server ist nicht erreichbar. Bitte überprüfen Sie Ihre Server-Eingaben"  which means:

"App-Error: Server is not reachable. Please check your Server-Properties"

Server - Properties must be correct, because connection by iPhone with same properties works just fine!

There are no error inputs on SMC logs.

On my Sophos WAF i get this Error:

016:05:24-11:21:33 waf reverseproxy: id="xxx" srcip="127.0.0.1" localip="127.0.0.1" size="112" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="858" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"

2016:05:24-11:21:38 waf reverseproxy: [Tue May 24 11:21:38.347981 2016] [mpm_worker:notice] [pid 1870:tid 3073603264] AH00297: SIGUSR1 received. Doing graceful restart

2016:05:24-11:21:38 waf reverseproxy: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroMdm2016com] does not exist

2016:05:24-11:21:38 waf reverseproxy: [Tue May 24 11:21:39.000600 2016] [mpm_worker:notice] [pid 1870:tid 3073603264] AH00292: Apache/2.4.10 (Unix) OpenSSL/1.0.1k configured -- resuming normal operations

2016:05:24-11:21:38 waf reverseproxy: [Tue May 24 11:21:39.000640 2016] [core:notice] [pid 1870:tid 3073603264] AH00094: Command line: '/usr/apache/bin/httpd'

2016:05:24-11:21:38 waf reverseproxy: [Tue May 24 11:21:39.000676 2016] [mpm_worker:warn] [pid 1870:tid 3073603264] AH00291: long lost child came home! (pid 8523)

2016:05:24-11:21:38 waf reverseproxy: [Tue May 24 11:21:39.000701 2016] [mpm_worker:warn] [pid 1870:tid 3073603264] AH00291: long lost child came home! (pid 8524)

2016:05:24-11:21:39 waf reverseproxy: id="xxx" srcip="127.0.0.1" localip="127.0.0.1" size="112" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="792" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"



This thread was automatically locked due to age.
  • 0

    Hi Josip,

    is your email server maybe using a self-signed certificate?
    If so, please have a look at this KBA which explains how to get Sophos Secure Email working on Android as well.

    Hope that helps.

    Best regards
    Stefan

  • 0 in reply to SDU

    helo Stefan,

    I did it, as you said, I deployed a Exchange-Server certificate to Android-Device, but unfortunately with no further access....

    Im getting still the same error by connecting the Secure E-Mail to my account. (Access data are the same as on iPhone where works)

    My Exchange Server is in a private network, behind WAF and SMC

  • 0 in reply to JosipBacinger

    I'm not able to correct install my self signed certificate on my Android device. Install routine proceed correctly, but there is no added certificate in Android's memory (Security->Certificate->User).

  • 0 in reply to JosipBacinger

    this can be observed as BUG and should be fixed in next Version! because Android ist not able to save a self signed SSL certificate in user or system certificate storage.

    90% of all Exchange Server runs on self signed SSL, cause they works in internal networks and are not publicated directly in internet an so they dont need an public SSL certificate.

    please replay or forward

    josip

  • 0 in reply to JosipBacinger

    Hi Josip,

    let me explain that issue to you.

    Within Sophos Secure Email for Android, the verification of the SSL certificate is stricter than in the iOS version.

    Therefore, you must import the certificate presented to the SSE app when connecting to the email server URL which is configured in your "Corporate email" policy.
    If you want to use the EAS Proxy functionality provided by Sophos Mobile Control, you should use the SMC Server URL. If you want the app to directly communicate with your email server, a URL must be entered which forwards traffic to your email server.

    Now in both cases, if one of the two URLs uses a self-signed certificate, the root certificate must be installed on the device. This can be done either manually or by deploying it via Sophos Mobile Control

    If the URL is not using a self-signed certificate, then the SSL certificate must be properly configured (e.g. providing a complete certificate chain).

    Tools to verify the SSL certificate are available online (e.g. https://www.sslshopper.com/ssl-checker.html or https://www.ssllabs.com/ssltest/)

    Depending on your setup you must adjust the SSL certificate accordingly to get Sophos Secure Email for Android to connect to the server.

    If you still experience an issue, feel free to raise a support request for further analysis.

    Best regards
    Stefan

  • 0 in reply to SDU

    Thank you Stefan,

    in truth, it was a Certifiacte problem. We use SMC Server as EAS Proxy to Exchange, therfore I muss take a SMC Server URL to connect from mobile device.

    This URL has an public SSL certificate, but I was still getting a SSL-failure. SSL check has discover that an intermediate cert has been missing. (chain was not complete).
     After I add a missing intermediate cert to device (upload), secure container could connect to server and works fine.

    Just one unlovely thing as result, if one or more certificate installed by user, device (android) repetedly reports "Network monitoring: A third party is capable of monitoring your network activity, including emails, apps, and secure websites. A trusted credential installed on your device is making this possibe."

Unfiltered HTML