Corporate Security (Firewall or Virus Scan) conflict

27 May 2008

Note: This information is provided as a reference and does not imply that Juniper Systems will provide full support for the use of any specific third-party hardware or software with a Juniper Systems product.

Description

Firewalls, VPNs (Virtual Private Networks), virus scan programs, and other parts of a corporate (enterprise) security system can interfere with ActiveSync (Windows Mobile Device Center) connections. The results may be that your connection drops immediately or that you are unable to explore your mobile device. Another common problem caused by these programs is that ActiveSync/WMDC appears as though it is constantly trying to create a connection (the green circle does not stop spinning).

Solution

If your Field PC has Windows Mobile 5.0 or higher installed, you can try changing the USB ActiveSync/WMDC drivers from Network (RNDIS) to Serial (PPP) by following these steps:

  1. Tap on Start > Settings > Connections > "USB to PC" icon.
  2. Uncheck the "Enable advanced network functionality" checkbox.
  3. Tap OK.
  4. Connect USB.

Or more technically, if you are using a common firewall application, installing the latest ActiveSync (version 4.5) or WMDC (version 6.1) should automatically configure your firewall to allow mobile device connections. Though this does not always happen. Download links are listed at the following web page.

Downloads for WMDC / ActiveSync

If you installed WMDC / ActiveSync before installing a common firewall application, ActiveSync 4.x provides a troubleshooter utility which may resolve the issue following these steps:

  1. Open Microsoft ActiveSync on your desktop PC.
  2. Click on the Help menu > Troubleshooter for ActiveSync.
  3. Follow the instructions provided in the "Troubleshooter for ActiveSync" wizard.

For information on how to manually configure a firewall application to allow ActiveSync/WMDC connections, please visit the Desktop Firewall Applications section of Microsoft`s website at:

http://www.microsoft.com/windowsmobile/help/activesync/default.mspx

For a list of TCP/IP ports that ActiveSync/WMDC requires, visit the following website at:

http://support.microsoft.com/kb/259369/en-us

For additional help, visit the following websites:

In the worst case (such as if you are using an uncommon firewall application), you will need to manually add the following folders, programs, processes, services, TCP port, and Windows registry key to be allowed by (or to be treated as exceptions to) your firewall:

Virus scan programs sometimes come with a mobile device scan feature. Disable this feature while establishing the initial ActiveSync/WMDC connection and partnership. You then may be able to re-enable the feature for later connections.

 

Nov 2017

In security, enable for Svchost/WcesComm:

Outgoing UDP, remote address 169.254.2.1, remote port 5679

Incoming TCP, remote address 169.254.2.1, local port 990

When connecting the handheld, you should find a new IP address on the desktop computer connected to the device, which you can obtain through the command "ipconfig":

Ethernet adapter Local Area Connection 9:

Connection-specific DNS Suffix . :IP Address. . . . . . . . . . . . : 169.254.2.2Subnet Mask . . . . . . . . . . . : 255.255.255.0IP Address. . . . . . . . . . . . : fe80::8200:60ff:fe0f:e800%13Default Gateway . . . . . . . . . :

The device actually will obtain an IP address as well, which is usually 169.254.2.1. So now, when you want to connect to the Desktop's HttpListener, you would make a HttpWebRequest with the url being http://169.254.2.2:12345 assuming your HttpListener listens on port 12345.