In the haze of excitement over getting the latest and greatest from Android, sometimes we forget that some people actually depend on their phones and tablets for work. Within the professional world, mobile access to email tends to be vital. For better or worse, an overwhelming number of businesses and organizations rely on servers running Microsoft Exchange (or other software implementing the protocol) to handle their email and calendar needs. Unfortunately, a minefield of bugs in KitKat's Exchange support are leaving many stranded without access to their employer's servers.



Unlike a typical Bug Watch, documenting a single bug is nearly impossible. Too many similar symptoms have been reported, and many are obviously related, but they are all varied enough to indicate multiple issues are at play.

Our list of issues starts off with several people simply unable to set up a connection to their Exchange account, despite having no complications with versions of Android prior to KitKat. Usually these people are presented an unhelpful error message reading "Can't connect to server." No particular theme exists among those suffering this problem, but it turns out that some people could resolve it by using the domain\username syntax instead of entering an email address.

If you're able to get past the initial account setup and download your email, you might find it a bit disconcerting that new messages never seem to arrive. Not only are you being left out of the loop, this is likely to also produce a continuously repeating sync error, resulting in rapid battery drain. This problem can be very sneaky because it doesn't always present immediately, but can take a few hours or even days before the sync errors start to occur. Several people have suggested toggling sync off and back on, minor changes to settings, and re-entering certificates, but most of these fixes only appear to refresh the connection for a short period of time before it begins to fail again.

In reality, the variations in complaints probably stem directly from the differences in how each server is configured and what versions of software they are running. Between corporate policies, firewalls, certificates, and numerous other details, there are just too many variables affecting the complaints made by most users.

So far, these symptoms seem to occur regardless of CA certs, even if absolutely none are used. However, a new nag screen is turning up for some users, and it was added intentionally by Google. If you install a private CA certificate for use with VPNs or other privately encrypted networks, you're likely to be greeted by a warning message stating "network may be monitored." This wouldn't be so bad, except that each subsequent reboot displays another message to say "network may be monitored by an unknown third party." An engineer has already stepped in and declared this is intentional, but others are making a case for why they believe this is bad behavior. The discussion can be found here.

Possible Contributing Factor

A few users have noticed that their problems occurred due to corporate policies enforcing SD Card Encryption. In a strange turn of events, even full-disk encrypted Nexus devices might still be reporting that SD Card Encryption is not supported. If you've got a little pull with your IT department, you might be able to convince them to bend the rules a little bit and create a slightly relaxed policy like another user did.


The source of this trouble seems to be tied into the way KitKat's Exchange apk produces or stores certificates and credentials. Most people upgrading from Jelly Bean are saying that existing certificates continue to work without a problem, but newly created connections are experiencing issues. Unfortunately, using the old apks to initialize the account on Android 4.4 hasn't been a particularly successful strategy for most people, but it may stand a chance of working.

Another sign that Android's built-in Exchange support is at fault becomes more obvious when some users have tried various 3rd-party apps. Those with custom implementations of the Exchange protocol are working as expected, while those that call out to Google's implementation are suffering the same complications as described above.


Sadly, nobody has discovered a proper fix for most of these issues. I've described a couple of solutions to specific cases above, but they aren't really the core problems here. Fortunately, there are still some workarounds that might work for a few users, at least until the real issue is resolved. The easiest option is to simply switch from Push to Pull with a reasonable interval. This will have your phone polling the server for updates, which is more processor and data intensive, but it should be more reliable. Even though this consumes more power, it certainly won't run your battery down as quickly as the sync error loop. Take note, some people are saying this still isn't reliable for them, so pay close attention if you're going this route.

The next fastest alternative is to switch to using the IMAP protocol. Plenty of corporate servers support this as an alternative to Exchange. You'll be losing calendar support and a few email features, so this definitely isn't for everybody, but it is an option. Assuming this option is available to you, it's still free and the trouble to set it up is minimal.

Finally, I have to mention - no, recommend - an option that won't be very popular. As I said earlier, some people are using 3rd-party apps with custom Exchange support. They aren't cheap as Android apps go, but they work and give you a lot more than the stock Mail app is ever likely to provide. This is one of the advantages of Android, you can usually replace the pieces that aren't working for you. I haven't personally used either of these apps, but a few people in the forums have mentioned them, so I'm including links to NitroDesk, Inc. and Emtrace Technologies, Inc. Both vendors offer trial versions of their apps and currently charge $20 for an unlock key that works across their respective product lines. If you want to run KitKat and it's absolutely vital that you have working Exchange support for your job, it might just be worth the investment. Even if you only run the trials for a bit, you can probably make it until Google gets its own code fixed.


The issue tracker for these bugs is assigned to Paul Westbrook, a regular submitter to both the Email and Exchange apks. While there haven't been any updates from Google engineers, the assignment means that these Exchange bugs will get some attention if they aren't already fixed internally. With the number of reports generated by users, it's obvious there are widespread issues, so an update probably isn't too far away.

Update: About 45 minutes after this post went live, the AOSP Issue Tracker for this bug was updated to 'FutureRelease' status, meaning a fix should exist and will be released in an upcoming version of Android. Given the short timespan, it's likely that the issue was already handled internally, but the public-facing website just hadn't been changed to represent this information. It's great to see Google is on top of it. Of course, since there is no specific timeframe for an OTA, business users might still have to wait for a bit to see this issue ironed out. Until then, everybody can fall back to the workarounds listed above.

Thanks, Kevin Bulebush, Kanishk Singh, and Mohit Jivani.

Sources: AOSP Issue Tracker, XDA, Google Product Forum