New features in Windows Mobile 6.1

New Task Manager Program

The new Task Manager program makes it possible for a user to stop programs that are running on the device. The user also can view a list of active programs or processes and monitor memory and CPU usage

Automatically Configuring GPRS Settings

Windows Mobile can be set to configure GPRS Settings automatically, which provides users with basic Web data access on first boot by using the Automatic Data Configuration (ADC) application. When automatic GPRS configuration is enabled, the ADC application matches the GSM code of the inserted SIM card to a group of provisioning settings and then provisions the device with these settings:

Valid APNs (Access Point Names)
User names and passwords, if required
IP/DNS addresses, if required
Information about the proxy server

The settings are provisioned when the device is booted, when a different SIM card is detected, or when a user chooses to repair the connection.

Note:
When the SIM pin is enabled, the Automatic Data Configuration application does not launch in boot mode.

Enabling Automatic GPRS Configuration

Automatic GPRS data configuration can be added to an image by including the IMGDATACONFIG flag, which will be used at MAKEIMG time. The following table shows the settings for this flag.

Flag	Description
IMGDATACONFIG	When set to 1, GPRS settings are configured to automatically provide basic Web access after a system boot. When set to any other value, or when not set, GPRS settings are not configured in this manner. The flag is not set by default.

The ADC functionality is configured in a standalone package that is not included in Windows Mobile 6 Standard and Windows Mobile 6 Professional images by default.

Note:
The Automatic Data Configuration application may not function properly when dealing with read-only network connections.

GPRS Configuration Modes

The ADC application can run in either of two modes, Repair mode or Boot mode. It runs at boot time in Boot mode when a new SIM card is detected Otherwise, the user can run the application in Repair to repair dropped connections in Windows Mobile 6 Standard and Windows Mobile 6 Professional images.

In Boot mode, the ADC application has a nominal computing overhead that is added to the total boot time. The ADC application is visible to the user only after the device is unlocked.

The user can run the ADC application in Repair mode either from the Connections Control Panel menu under Settings or from the WelcomeCenter.

HC25 Rel 2 GPS Feature

HC25 GPS on WAP G2

Intermediate drive should work with GPS in HC25.

HC25 GPS on iKon

Not exposed since the Navman GPS is better. It is used internally.

PBAP not supported

The WM6.1 feature "Bluetooth Phone Address Profile" is not supported.

Wireless Manager Control Panel

Previously, we were not using Microsoft's Wireless Manager control panel as the Summit driver was not properly power managed. With the latest Summit driver, this is no longer an issue.

With the move to WM 6.1, it has been decided to now use Microsoft's Wireless Manager. Although the new control panel does look prettier, it does come with a few caveats:

GPS can not be configured from the control panel. The add-on cab must be installed and the power control panel used to configure GPS.

If no radios are configured in the device, the control panel will not launch. The icon will still be present but clicking on it will not open the dialog (presumably because there is nothing available to configure). This will happen in the case of no WWAN radio, Bluetooth disabled in BooSt and the WiFi slot powered off

Also, the Today screen Wireless plug-in has been enabled as there is no longer a reason to not include it and it is also needed for LTK test 9530

LTK

There are new LTK tests specific to WM6.1. Configuring the database is different for WM6.1. Instead of RTM, AKU1 needs to be selected. None of the current SRs for WM6 apply to WM6.1. We will have to re-apply. We will nee to set up a new SharePoint site. Most of the N/A and hardware limitations still apply. The new tests have been tested by the Software department (Ajmal, October LTK) and we pass all of the new tests. Ajmal has worked through most of the LTK for WM6.1. SCR 19517 is the only outstanding LTK SCR for WM6.1.

Add Cursor Support for WM6 (SCR 19397)

This is required for "Internet Explorer Mobile 6" (IEMO6). IEMO6 enables the cursor and allows keyboard navigation using the cursor. IEMO6 is the only application on WM6 that uses the cursor.

Since cursor support seems to be working in WM6.1 (AKU1.4), the USB mouse component has also been added to the image. This is Microsoft's mouse HID support which works with this cursor support.

Note that the cursor changes were made to the shared display driver, but cursor support is still not included in WinCE 5.0 SYSGEN. The original changes for USB_MOUSE have all been removed.

In IEMO6 - the cursor appears when the arrow keys are pressed and disappears when the screen is tapped or screen is switched to a different application.

When USB mouse is plugged in, the cursor does not appear until the mouse is moved. When the screen is tapped the cursor will disappear until the mouse is moved again. When the USB mouse is removed, the cursor may not disappear until the screen is tapped.

Getting Started Disk

There will be a new Getting Started disk for WM6.1. It has its own LTK tests that software will run. There is not much we can change. It is created by adding links to pictures and icons into an XML file.

SystemCenter Mobile Device Manager Support

Formerly called "Yona". This is a remote configuration server from Microsoft for WM6.1. I need to add more information about it. It has similar capabilities to MCC. It is complex to set up. Several Microsoft servers need to be configured to make it work. Doug Wood has worked on it a bit. The new LTK tests should ensure that WM6.1 will work with the System Center Mobile Device Manager.

Mobile VPN

Windows Mobile provides the Mobile VPN as a virtual private network (VPN) component. The Mobile VPN enables remote access from a Windows Mobile powered device to

The following table describes some specific features of the Mobile VPN.

Feature area	Description
Automatic establishment	The VPN is established automatically when it is enabled. If there is a disconnection, the VPN reconnects automatically. In order to conserve battery power, the reconnection retry process follows an exponential backoff algorithm.
Always on and push support	The VPN tunnel is always on when it is enabled. When the VPN client detects network address translation (NAT) traversal in the network, it will send periodically keepalives to maintain the virtual connection over the network elements. Keepalives are sent as specified in the interval that is set by the administrator, or according to the NAT time-out interval detected. This depends on the administrator configuration. In order to extend battery power, keepalive resend timers are reset when there is traffic flowing over the VPN.
Roaming considerations	The VPN is always on, even when the device is roaming. In a roaming scenario, you can configure the VPN not to send keepalives in NAT traversal detection situations. In this case, push is not supported. In a roaming scenario, VPN is always connected on demand. This is regardless of how you configure the VPN in relation to sending keepalives in NAT traversal detection situations.
Stability	Mobile VPN will always connect over the best possible connection to the Internet that is available at the point of establishment. After it is connected, the Mobile VPN will not automatically swap to another base connection, even if it is better. This is for stability reasons, as reconnection incurs traffic disruptions.
Relation to base connection	The Mobile VPN will propagate the characteristics of the base connection over which it is established. For example, if the base connection supports Wake on Incoming, the VPN will support Wake on Incoming.
Configuration	Initial configuration is performed during enrollment with the System Center Mobile Device Manager. Reconfiguration is performed from Group Policy console by using the OM DM protocol.
Authentication	The authentication of the Mobile VPN endpoints performs based on certificates. The client certificates are configured during enrollment with the System Center Mobile Device Manager.
Security	Internet access is not enabled while the Mobile VPN is enabled but disconnected. Internet access is enabled when the Mobile VPN is disabled.

Mobile VPN Provisioning

The Mobile virtual private network (VPN) is provisioned during domain enrollment with the System Center Mobile Device Manager. The initial provisioning settings include VPN gateway and certificate related information that is used for the mutual authentication of the VPN client and gateway.

The Mobile VPN is not active by default in Windows Mobile 6 devices.

Initial Provisioning

The following table describes the settings that must be set during enrollment with the System Center Mobile Device Manager.

Setting	Description
ActivateVPN	Specifies whether or not the VPN should be activated. This parameter should not be used after enrollment.
VPNServerName	Specifies the fully qualified name of the VPN gateway or the IP address of the corporate VPN gateway.
CTLHash	Specifies a string of characters representing the Certificate Authority certificate hash, which is used to validate the VPN Gateway certificate.
ClientCertSearchCriteria	Specifies the search criteria for the client certificate.

Continuous Provisioning

The System Center Mobile Device Managers administrator customizes Mobile VPN settings from the Group Policy console through the extension for Mobile VPN.

The following table describes the settings and policies that can be customized for continuous provisioning.

Setting	Description
DisplayName	Specifies the display name for the Mobile VPN connection to the company network.
VPNServerName	Specifies the fully qualified name of the VPN gateway or the IP address of the corporate VPN gateway.
UserSwitchable	Specifies whether the user can enable and disable the company's security access. If the value is set to TRUE, then the user can enable and disable the encrypted channel. If the value is set to FALSE the user is prohibited from doing this. Default value is TRUE.
WWANConnection	Defines the name of WWAN connection that the Mobile VPN uses to connect. The WWAN's connection profile must be valid and associated with a non-blocked APN. If the administrator does not specify this setting, the Mobile VPN will use the default Internet connection as its base connection.
WWANFailOver	Specifies whether the Mobile VPN will use the default WWAN connection if the WWAN connection specified by the WWAN Connection parameter is invalid or belongs to a blocked APN. It is important to note that if the Mobile VPN connects over a different connection, addition charges may be incurred. If the administrator does not specify this setting, the Mobile VPN will use the default connection if the specified connection is invalid.
WWANRoamingKeepalive	If the VPN is established over a network that requires network address translation (NAT), keepalives will be sent periodically to maintain the VPN connection. The WWANRoamingKeelaive setting specifies whether the client will send VPN keepalive packets when the device is roaming and the wireless wide area network (WWAN) connection is being used. If this value is set to TRUE then the keepalive packets will be sent. If this value is FALSE the keepalive packets will not be sent. Default value is FALSE. If keepalive is on then the VPN connection is always on, even when roaming. If keepalive is off while roaming, the device may not be reachable for incoming traffic from the corporate network continuously but will reestablish itself automatically when there is outgoing traffic.
NATKeepaliveInterval	Specifies the network address translation (NAT) keepalive interval in seconds.
DataEncryptionAlgorithms	The encryption algorithms that can be configured are Advanced Encryption Standard (AES) and 3DES. By default both algorithms are allowed. Note: At least one of the data encryption algorithms must be enabled and at least one common data encryption algorithm must be supported by the gateway for the Mobile VPN connection to succeed.
KeyExchangeAlgorithms	Specifies the Diffie-Hellman key negotiation algorithms that are allowed. The supported groups are group 2 (1024 bits), group 5 (1536 bits), and group 14 (2048 bits). By default, all groups are allowed. Note: At least one of the algorithms must be enabled and at least one algorithm must be supported by both the client and the gateway. If the client and the gateway do support any groups in common, the Mobile VPN connection will not succeed.
ProxyName	A company can choose to have all Internet access pass through a proxy server to filter, audit, or restrict access. This setting specifies the fully qualified name or IP address of the company proxy. If you do not specify a proxy server, the Windows Mobile powered device will forward all internet traffic to the Mobile VPN gateway for routing. By default, no proxy server is specified.

Mobile VPN User Experience

The Mobilevirtual private network (VPN) Application user interface (UI) provides real time information on the status of the Mobile VPN connection. You can access the Mobile VPN application UI through the Control Panel. To open the Mobile VPN application UI select Start, select Settings, and then select Connections. On touch screen mobile devices, Mobile VPN application UI is in Settings, on the Connections tab.
To view the Mobile VPN Detailed Status Screen:

Select Start, select Settings, and then select Connections to open the Connections window.
Double-click Mobile VPN to open the Mobile VPN Control Panel.
If you are accessing Mobile VPN Control Panel on Windows Mobile 6 Professional or Windows Mobile 6 Classic, select the icon labeled as Mobile VPN to open the Mobile VPN detailed status screen. If you are accessing the Connections Control Panel on a smart phone, select the Mobile VPN menu item to open the Mobile VPN detailed status screen.

Note:
If Mobile VPN is not activated on your mobile device, the Mobile VPN application link will not be displayed.

The following table describes the elements of the Mobile VPN detailed status screen.

Status item	Description
Mobile VPN name	Provides the friendly name provided to the VPN.
Status	Enabled: The VPN is currently enabled. Not Available: The VPN is turned off.
CurrentState	Connected: The VPN is currently connected. Disconnected: The VPN is not connected. Connecting: The VPN is trying to connect. Disconnecting: The VPN is trying to disconnect. If the VPN is not connected because of an error, the state will briefly describe the error after the state value by providing one of the following error messages: No data connection available. This error indicates that there are no available connections that VPN can use to connect with the VPN Gateway. Cannot connect to Mobile VPN Gateway. This error indicates that the Mobile VPN cannot connect to the VPN Gateway. Typically, this occurs when the gateway name cannot be resolved to an IP address, when the gateway is unreachable, or when port filtration prevents any communication between the VPN Client and the VPN Gateway. The VPN connection negotiation process has failed. This error indicates that the settings for VPN tunnel security associations do not match. Cannot authenticate with Mobile VPN gateway. This error indicates that the mutual authentication done between the VPN client and VPN gateway has failed. Typically, this is due to security issues with the certificates. An internal error has occurred in Mobile VPN. This message is used to indicate a general error that is preventing connection.
Connection Type	Describes the type of data connection over which the VPN is established or trying to be established. This value is the Internet connection specified for the VPN during provisioning. Possible values include None, Wi-Fi, GPRS, EVDO, and 3G.
Connection Profile	Displays the friendly name of the specific connection profile over which the VPN is established or trying to be established.
Enable	Shown if the administrator policies allow users to enable or disable the Mobile VPN, and if the Mobile VPN is currently disabled. Enables the Mobile VPN.
Disable	Shown if the administrator policies allow users to enable or disable the Mobile VPN, and if the Mobile VPN is currently enabled. Disconnects the Mobile VPN.
Connect	Shown if the Mobile VPN is enabled, but disconnected. Forces the Mobile VPN to reconnect immediately, disregarding the Mobile VPN reconnection interval.

Recommendations for Using Mobile VPN

When active, the Mobile virtual private network (VPN), can have several important impacts on device function.

Important:
Mobile VPN is inactive by default and affects the device only after System Center Mobile Device Manager (MDM) enrollment.

Mobile VPN Best Practices

To help guarantee a seamless integration with Mobile VPN, make sure to consider the following guidelines:

When you write an application that requires network connectivity, the application must request data connectivity through Connection Manager, and listen to notifications that are sent from Connection Manager. For more information, see Connection Manager.
If the application is able to support a proxy server, make sure to include that support when you write the application. To include proxy server support, use Connection Manager to obtain the access type and proxy information, and then pass this data to the WININET InternetOpen function. For more information, see Connection Manager Application Development and HTTP Sessions.
When the Mobile VPN is enabled, any data that is sent over a cellular or Wi-Fi connection and not over the Mobile VPN connection will be blocked.
The Mobile VPN connection provides access only to the Internet, Work, and Sync metanetworks. No other metanetworks are supported. If your application requires another specific metanetwork, it will not work while the Mobile VPN is enabled.

Mobile VPN NDIS Intermediate Driver Installation

During Mobile VPN bootstrap, the Mobile VPN component installs a Network Driver Interface Specification (NDIS) intermediate driver that binds the Mobile VPN to each wide area network (WAN) and each wireless local area network (WLAN) network adapter that is present on the device. After binding, the name of each bound network adapter changes to include the intermediate driver prefix.

For example, after installing an NDIS intermediate driver, the <WiFiAdapterName1> wireless LAN adapter will be displayed as <NDISPrefix>\<WiFiAdapterName1>, where the <NDISPrefix> tag is defined by the NDIS intermediate driver.

For example, if the device has a wireless LAN adapter named WiFiAdapterName1, after installing an NDIS intermediate driver, the name appears as <NDISPrefix>\WiFiAdapterName.

To help ensure a seamless binding process, you need to adhere to the following guidelines:

An application or driver should not hard-code WAN or WLAN network adapter names in registry paths or in code.
An application should verify that the device functions the same way whether or not an intermediate driver is installed. Otherwise, Wi-Fi user interface on the device might not work correctly. The device might take a long time to discover Wi-Fi access points, or it might not retain its Wi-Fi state after being restarted.
The Mobile VPN intermediate driver is designed to bind dynamically to all existing protocol drivers and WAN/WLAN network adapters that are present on the device. For seamless integration with the Mobile VPN intermediate drivers and with any third-party intermediate driver, the protocol drivers and network adapters should not hard-code the bindings that are created between the different layers.

Current limitations of the Mobile VPN intermediate driver

The Mobile VPN intermediate driver has the following limitations:

The Mobile VPN intermediate driver only supports Ethernet II frame types. It does not support the Ethernet 802.3 frame types.
Windows Mobile does not support the use of other intermediate drivers in conjunction with the Mobile VPN intermediate driver. MDM administrators should not install any application that installs an intermediate driver. If an application must use an intermediate driver, ensure the following conditions are met:
- The intermediate driver of your application supports dynamic bindings.
- The Mobile VPN intermediate driver binds directly to the network adapters. The intermediate driver of your application needs to be installed between the protocol adapters and the Mobile VPN intermediate driver.

For more information about intermediate drivers, see the Intermediate Drivers, Dynamic Adapter Binding, and Opening an Adapter Underlying a Protocol Driver topics.

Mobile VPN Starts Automatically After Activation

After Mobile VPN is activated for the device, Mobile VPN runs automatically whenever Windows Mobile loads. This might cause the device to take a few seconds longer to load, depending on what device platform is installed. Every device on which Mobile VPN runs must verify that the drivers or applications that run when Windows Mobile is loaded behave consistently, are not time-sensitive, and do not affect the startup time.

Mobile VPN Title Bar Icon

Representational icons in title bar reflect the status of the Mobile virtual private network (VPN). There are four icons. Each icon corresponds to a state, or states, of the VPN. The following table shows these icons.

Icon	State
	VPN connected
	VPN disconnected
	VPN connecting or disconnecting
	VPN disabled

Mobile VPN Non-Touchscreen Device Icons

For non-touchscreen mobile devices, the icons will appear in the leftmost position, sharing the slot with the missed call notification icon. The Mobile VPN icon will be lower in priority than the missed call notification icon. That is, the missed call notification icon will display instead of the Mobile VPN icon when there is a missed call.

Mobile VPN Touchscreen Device Icons

For touchscreen mobile devices, the Connected, Disconnected, and Connecting/Disconnecting icons will appear in the data connection slot, third from the left. These icons have top priority, and will overwrite any other data connection icon. In touchscreen mobile devices, the title bar icons are, in general, selectable. When the Mobile VPN status icon is selected the Connectivity bubble will appear, displaying the list of data connections in the connected state.

The Disabled icon will appear in the notifications slot, second from the left. This icon will have lowest priority, and will not be visible in the notifications slot if any other notifications appear. In this case, when the user clicks on the notifications icon, another title bar will appear at the bottom of the screen that displays the various notification icons applicable. The Disabled icon for Mobile VPN will appear in this lower title bar. If the VPN Disabled icon is selected, a toast will appear in the lower part of the device screen, allowing the user to re-enable the VPN.

IE6 with AKU 1.4

Note:
Please note that it does not look like we are enabling IE6 feature because of some bugs. This could change.

Highlights of Internet Explorer Mobile 6 features include:

Desktop-grade browsing - makes use of the Internet Explorer 6 rendering engine with special optimizations for a mobile reading experience.
This is an Adobe Flash Lite 3.1 plug-in, designed to work with Internet Explorer Mobile 6, and is not a standalone Adobe Flash application.
Improved interaction experience for mobile devices.
Touch panning and mouse cursor navigation.
Text reflow.
User-defined mobile or desktop mode.

Shell

Enhanced Touch/Gestures support: As part of our effort to improve Windows Mobile usability, AKU 1.4 includes enhanced Finger-Touch user experience for device navigation on list views and menus.

Other improvements:

Inclusion of the Chinese Government font GB18030: Microsoft is actively working to obtain certification from the Chinese Government for a GB18030 font in Windows Mobile.

Note:
At this time, the GB18030 font included in AKU 1.4 is not certified for use with Windows Mobile. Accordingly, until specifically notified by Microsoft, versions of Windows Mobile 6.1 software running GB18030 must not be distributed directly or indirectly within or to the geographic boundaries of the People's Republic of China.

New Japanese Sample code Input Method Editor (IME) to enable partners to implement improved input in the Japan market.
Enable charging icon to blink per OEM request.

Phone

New feature that displays the Service Provider Name based on the information stored in the SIM card and the current roaming status of the service.
New layout design that moves the call status string from the bottom of the screen to the top.
- This is especially important for devices on landscape mode. If the user dials an emergency number from the Personal Unlock Key (PUK) Required screen, the emergency call status is displayed.

SMS (Short Message Service)

Improvements on Threaded SMS conversation with unread messages:
- The user is brought to the first unread message and, from there, can scroll through their unread messages.
- The scroll behavior will automatically mark messages as read.

Device Health

Based on MTTF (Mean Time to Failure)/Watson data, Microsoft has resolved the top failure, improving overall device stability and reliability.
Reduced battery use for email.
Improved performance on rotation area.

Windows Update Client

Windows Update for Windows Mobile added support for over-the-air (OTA) .cab distribution.

Knowledge Base