Chris De Herrera's Windows CE Website

Discuss.Pocket PC FAQ Forum

Add Pocket PC FAQ to your Favorites
RSS    RSS Feeds
Wiki    Lost?
Custom Search
Subscribe    Print
Table of Contents
Mobile Format

[an error occurred while processing this directive]

Pocket PC Magazine Best Site

Website Awards
Website Updates

By Chris De Herrera 
Copyright 1998-2007
 All Rights Reserved
A member of the Talksites Family of Websites

Windows and Windows CE are trademarks of Microsoft
and are used
under license from owner.
CEWindows.NET is not
associated with Microsoft 

All Trademarks are owned
by their respective companies.

Configuring Norton Internet Security and ActiveSync
By Ada Lai, Copyright 2003, 2004
 Version 1.01  Revised 7/7/2004

[an error occurred while processing this directive]

Brief Description

Inability to sync an iPAQ with ActiveSync after installing a firewall


Detailed Description

I have an iPAQ 3765 and run MS ActiveSync 3.6 (Editor's Note: This procedure works with all versions of ActiveSync 3.x - 3.1, 3.5, 3.6 and 3.7.1, Windows XP (including Media Center Edition) and Norton Personal Firewall). I recently installed a high-speed Internet connection, followed by Norton Internet Security (NIS) 2003 so that I could put a personal firewall into place for protection of my system.

Subsequent to setting up the firewall, I tried to sync my iPAQ and the sync failed. When I place my  iPAQ in the sync cradle, it tried to connect, but then disconnected itself immediately. Meanwhile, ActiveSync picked up the signal that the iPAQ was trying to connect and the program started up. However, ActiveSync couldn’t “see” the iPAQ and proceeded to hang in the “Connecting.” mode until I physically removed the iPAQ from the sync cradle. In this scenario, I did not receive any error messages either on my iPAQ or on my desktop. As I kept trying to analyze this problem, I did encounter a few other scenarios with occasional messages, but the one I described was most prevalent.

Thanks to Chris De Herrera, his troubleshooting tips at pointed me to the firewall as the problem.

I then went to the Symantec website and found: 

(If you have trouble using the long link, try -- it’s the printable page version of the first-level display page for the tech note. Alternatively, search the Norton website for doc ID 2003020714580736.)

The tech note at the Symantec website describes a different problem as a failure to connect to the Internet, but the cause of the problem matches the problem I describe here and the solution presented in the tech note solved my problem.



Basically, the solution is to set up three firewall rules within NIS:

  1. A program rule (also referred to as an application rule) for Wcesmgr.exe to Permit access for any type of category (specified as “General”)
  2. An equivalent program rule for Wcescomm.exe to Permit access for any type (“General”) of category.
  3. A General rule with the following settings:
    • Permit, Block, or Monitor: Permit
    • Type of Connection: “Connections to and from other computers”
    • What computers or sites: “Any Computer”
    • Protocol: TCP
    • Types of communications or ports: “Only the types of communication or ports listed below”
    • Filter by: Individually specified ports
    • Ports: 5678 5679   (separated by a space)


The hardest part of implementing this fix is that the NIS documentation doesn’t specifically address the methods for defining these rules, so I have documented the method below:

1.      Launch Norton Internet Security and click on “Personal Firewall”

2.      In the right pane of the screen, click on the Configure button to configure the personal firewall:

3.      Do not change anything on the Personal Firewall tab:

4.      To create the two program (application) rules, click the Program Control tab.

5.      Scroll to the bottom of the Manual Program Control list box.

6.      If there is an entry for WCESMgr.exe, select it and click the Modify button under the list box, then change the settings to Permit All Internet Access for the “General” category.

If there is no entry for this program, then click the Add button under the list box, navigate to the program (for default installations of ActiveSync, the program file will be in C:\Program Files\Microsoft ActiveSync), and add it with the indicated settings.

7.      Repeat the previous step for WCESCOMM.EXE.

When the two program rules have been defined, you should see the following:

8.      To define a general rule, click the Advanced tab:

9.      Click the General Rules button.

10.  When the General Rules dialog displays, click the Add button under the list box.

11.  On the Action tab, click the radio button next to Permit:

12.   Click the Next button of the Connections tab, then click the radio button next to “Connections to and from other computers”:

13.  Click the Next button or the Computers tab, then click the radio button next to “Any computer”:

14.  Click the Next button or the Communications tab, then click the radio button next to “TCP” for the question, “What protocols do you want to permit?”

15.  For the question, “What types of …”, click the radio button next to “Only the types…listed below”:

16.  When the Specify Ports dialog display, click the radio button next to “Individually specified ports”, then specify the port numbers 5678 and 5679 in the data entry box, separated by a single space between the numbers:

17.  Click OK to return to the Communications tab of the Modify Rule dialog. It should now appear as:

18.  Click the Next button or the Tracking tab and leave everything set to the default values:

19.  Click the Next button or the Description tab and enter a descriptive name (such as “ActiveSync Rule”) for the new general rule that is being created.

20.  In the scroll box, select “General” for the category to which the rule will belong.

21.  Click OK to exit the dialog and complete the creation of the general rule.

The three rules have now been created for Norton Internet Security.

Once this was done, I was able to sync successfully.

Additional Notes

  • A while back, I had another problem with ActiveSync that I fixed by defining a second mobile device name. Somehow during my attempts to fix the problem, ActiveSync got reset to the wrong mobile device profile, so my first “successful” sync attempt didn’t sync my Outlook data. I fixed that by starting up ActiveSync on my desktop, then selecting the correct mobile device from the File>Mobile Device menu. You won’t have this problem if you only have a single device defined.
  • For ActiveSync on the desktop, I also have the Passthrough rule specifying that the computer must be connected to the Internet (you can see/set this under the Rules tab of the Tools>Options dialog in ActiveSync). I haven’t tried resetting it to any other option – sometimes when something works, I won’t fool further with it.
  • I had an unexpected and inexplicable bonus from all of this. Prior to installing the firewall, I had been struggling with another problem of unresolved items after sync’ing the iPAQ. I was going to investigate that problem next, but it cleared up when I cleared up the problem with the firewall – go figure! I can’t explain it, but I’m grateful it’s gone.

[an error occurred while processing this directive]

Return to Chris De Herrera's Windows CE Website