Corporate Security (Firewall or Virus Scan) conflict
27 May 2008
Note: This information is provided as a reference and does not imply that Juniper Systems will provide full support for the use of any specific third-party hardware or software with a Juniper Systems product.
Firewalls, VPNs (Virtual Private Networks), virus scan programs, and other parts of a corporate (enterprise) security system can interfere with ActiveSync (Windows Mobile Device Center) connections. The results may be that your connection drops immediately or that you are unable to explore your mobile device. Another common problem caused by these programs is that ActiveSync/WMDC appears as though it is constantly trying to create a connection (the green circle does not stop spinning).
If your Field PC has Windows Mobile 5.0 or higher installed, you can try changing the USB ActiveSync/WMDC drivers from Network (RNDIS) to Serial (PPP) by following these steps:
- Tap on Start > Settings > Connections > "USB to PC" icon.
- Uncheck the "Enable advanced network functionality" checkbox.
- Tap OK.
- Connect USB.
Or more technically, if you are using a common firewall application, installing the latest ActiveSync (version 4.5) or WMDC (version 6.1) should automatically configure your firewall to allow mobile device connections. Though this does not always happen. Download links are listed at the following web page.
If you installed WMDC / ActiveSync before installing a common firewall application, ActiveSync 4.x provides a troubleshooter utility which may resolve the issue following these steps:
- Open Microsoft ActiveSync on your desktop PC.
- Click on the Help menu > Troubleshooter for ActiveSync.
- Follow the instructions provided in the "Troubleshooter for ActiveSync" wizard.
For information on how to manually configure a firewall application to allow ActiveSync/WMDC connections, please visit the Desktop Firewall Applications section of Microsoft`s website at:
For a list of TCP/IP ports that ActiveSync/WMDC requires, visit the following website at:
For additional help, visit the following websites:
In the worst case (such as if you are using an uncommon firewall application), you will need to manually add the following folders, programs, processes, services, TCP port, and Windows registry key to be allowed by (or to be treated as exceptions to) your firewall:
- C:\Windows\WindowsMobile (for Windows Mobile Device Center)
- ActiveSync Application (C:\Program Files\Microsoft ActiveSync\WCESMgr.exe)
- ActiveSync Connection Manager (C:\Program Files\Microsoft ActiveSync\wcescomm.exe)
- ActiveSync RAPI Manager (C:\Program Files\Microsoft ActiveSync\rapimgr.exe)
- ActiveSync Service (TCP port 26675)
- [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost]
- Static IP address 192.168.55.101
Virus scan programs sometimes come with a mobile device scan feature. Disable this feature while establishing the initial ActiveSync/WMDC connection and partnership. You then may be able to re-enable the feature for later connections.
In security, enable for Svchost/WcesComm:
Outgoing UDP, remote address 169.254.2.1, remote port 5679
Incoming TCP, remote address 169.254.2.1, local port 990
When connecting the handheld, you should find a new IP address on the desktop computer connected to the device, which you can obtain through the command "ipconfig":
Ethernet adapter Local Area Connection 9:
Connection-specific DNS Suffix . :IP Address. . . . . . . . . . . . : 169.254.2.2Subnet Mask . . . . . . . . . . . : 255.255.255.0IP Address. . . . . . . . . . . . : fe80::8200:60ff:fe0f:e800%13Default Gateway . . . . . . . . . :
The device actually will obtain an IP address as well, which is usually 169.254.2.1. So now, when you want to connect to the Desktop's HttpListener, you would make a HttpWebRequest with the url being http://169.254.2.2:12345 assuming your HttpListener listens on port 12345.