Authentication on a mobile device

Similar Messages

• Authentication Prompt on Mobile Devices

  On my public facing SharePoint 2013 site, I have anonymous authentication enabled, however mobile devices are prompted to authenticate credentials when they visit the site.
  All non-mobile devices the site without receiving the authentication prompt, regardless of the browser it uses. Mobile Browser view is deactivated.
  I did trace the connection through Fiddler and it looks as though I am getting 3 401 errors when the mobile browser tries to load the page. These errors are triggered when the browser tries to access a css and 2 js files. When I traced the connection
  from a pc, I received 404 not found errors when the browser tries to access these files. I'm trying to find where those files are located at, to check to see if they are there or if permissions to that folder/files is the issue, but am still trying to get
  an understanding of where the files are stored (I'm still a SharePoint newbie). Based on the info from Fiddler, they are stored at /ui/1.10.4/jquery-ui.js HTTP/1.1, however I don't see that folder in the site contents and structure when I search the site settings
  of the SharePoint page.
  Lastly, mobile devices had been able to access the page fine for several months, however several server updates and patches were applied to our SharePoint environment recently, which coincided with this issue starting.
  Thank you for any insight you might be able to give!

  Hi,
  According to your description, it continues to prompt for authentication When Windows users tries to connect from mobile devices.
  For your issue:
  Close all instances of your browser, restart your browser.
  If you use apple products with ios8. The problem is Safari. 
  It works fine under ios8 when using Chrome.
  You can change windows authentication  to basic authentication.
  For more information about Troubleshooting HTTP 401 errors in IIS, refer to the article:
  http://msdynamicswiki.com/2014/04/24/troubleshooting-http-401-errors-in-iis/
  Besides, here is a similar post, you can have a look at:
  https://social.technet.microsoft.com/Forums/en-US/34895295-452b-4a89-b59f-6791e485edb2/user-authentication-in-mobile-access?forum=Forefrontedgegeneral
  Best Regards,                                                                                                                  
  Lisa Chen
  Lisa Chen
  TechNet Community Support

• SSID for mobile devices - Authentication?

  Hi
  I need to setup a SSID/VLAN for my mobile devices, primaly apple iphones..
  Right now I just use a standard pre-share wpa key for authentication on the SSID, but I would like the users to have unique logins to the SSID, so I can monitor who is accessing the VLAN.
  I Would like to prevent that users should authenticate with the SSID everyday on their iphones - so i do not think that webauth is the right solution.
  How can this be done? The users credentials can be read from our Active Directory with RADIUS...
  Best Regards,
  Steffen

  Well you didn't even specify what you were using as wireless device....
  But in general, you have to setup WPA2/dot1x also called WPA2 enterprise. Configure your AD as radius server (or use any other like ACS) in the wireless ap/WLC and you're kind of good to go.
  The clients will have to chose one EAP method that is authorized by your radius server and if they save their credentials, authentication will be automatic.

• Questions on mobile device management

  Hi All,
  I'm not sure where to post this question since I couldn't find a forum specific to Afaria, so thought someone here might be able to help.
  1. Afaria mobile device management solution claims that data and content is backed up and can be deleted if a device is stolen or lost. Can this deletion be done if the mobile is switched off of the SIM card has been removed? What is the mechanism of the data deletion process when the device is either ON/OFF?
  2. How does Afaria handle online and offline user authentication? If a mobile app is opened, can Afaria be configured to force the user to enter credentials for authentication? Or should there be a separate login page as a part of the mobile app? (The user's credentials are needed to find his role from LDAP and the rest of the app to work properly, which is y the question).
  Thanks & Regards,
  Vaishnavi

  This forum is fine for Afaria discussions and questions, no worries. 
  1.  If mobile device is switched off or not network connected then Afaria is not able to do anything with that device.  The content though would be secured, encrypted etc. so that there should be no risk as long as the device is switched off.  The "kill device" command that can be sent from Afaria will work if device is turned on and connected to a network.
  2.  Afaria can force quite a lot of things and one of them is regarding the device itself, forcing a password/pin type of unlocking.  The mobile app normally has it's own mechanism for authentication, user name and password.  That is a SUP function and has little to do with Afaria, I don't believe Afaria can force that part of authentication. 
  You can get a good overview of the technical part of Afaria here:  [Afaria Technical White paper|http://www.sybase.com/files/White_Papers/Afaria-Technical-WP.pdf]

• Cisco ISE 1.2.1.198 Guest Portal Vlan Override at Mobile Device (android,IOS) not working

  Hi Guy, 
  In my ISE deployment, once the guest succcesful authenticated will be assign guest VLAN for internet access.
  we are using guest portal to do the vlan override once user authenticated.
  Window 7 Internet explorer (Active X), Chrome (Java Aplet) is working fine.
  but Android,Apple IOS devices unable to release the DHCP and get new DHCP.
  because from ISE and WLC we can see the Vlan have change, how mobile devices initiate dhcp release for Guest Portal
  Kindly advice.
  Regards
  Freemen

  I don't have such documentation nor I could find any on Cisco's site. With that being said, it doesn't mean that it doesn't exist. I just know that Active X is windows specific framework and Java is not supported on either iOS nor Android:
  http://www.java.com/en/download/faq/java_mobile.xml
  The good news is that Cisco appears to be steering away from Java so it is possible that in the future this will be supported. 
  Hope this helps!
  Thank you for rating helpful posts!

• SSO-Logon from mobile device - create logon ticket from WebDynpro for Java

  Hi Experts,
  I'm developing WebDynpro-JAVA application for some warehouse stuff  (runs on a portal system, clients are mobile barcode-scanners with Windows mobile 5.0). JCOs from the portal system to the R/3-backend are confirgured for SSO with Logon-tickets and portal uses LDAP for authentication against a Windows-ADS.
  This works so far ... but my problem is the standard Logon-screen, which is nearly unusable on the mobile device (screen size, layout, etc.). Is there any solution to create logon-tickets directly from the WebDynpro application (using something from com.sap.engine.interfaces.security.auth or similar ?) or any chance to have a special logon screen for mobile devices (parameter sap-wd-client=Pie03Client is ignored for the logon screen).
  Thanks in advance.
  regards,
  Hendrik

  Hi Henrik,
  Did you find the solution to your problem ?
  I'm facing the same issue, so I'd be pleased to know the solution!
  Regards
  Stekam

• Best authentication method for controlling DEVICE access to wlan

  Hello,
  I have a similar question to this thread ( https://supportforums.cisco.com/message/3927713 ) but I'm interested about device control on top of user control. Just like that thread, we are using WPA2-AES Enterprise with PEAP MSCHAPv2, which allow users to log on with their domain credentials. We wanted something simple for our users, so MSCHAPv2 with "single sign on" was optimal to us.
  Problem is, we have a new requirement and we need to implement it yesterday. We would like to allow only mobile devices and computers of our choice.
  Since we are using MSCHAPv2 which allow every domain user to connect using any device as long as their domain credentials are valid, is there a simple way to control this ?
  I guess we could go with MAC filtering, but we have about a thousand laptops. Not a big problem, we could do a regular MAC address inventory using SCCM. It's just that it looks like a brute force tactic to a simple problem. Would a Cisco ACE 4.1 RADIUS server tolerate well a MAC address table with a thousand entries ? What if it goes to two thousands ? Would this be easy to implement ? I'm a bit new to this, is there some documentation I could follow ?
  How do people usually do this in an elegant way ? How do you manage and control WLAN access to thousands of device ? I guess they go with TLS with certificates ?
  Thank you very much !
  Konnan

  Konnan,
  Just saw your PM:)
  Would it be possible to configure Access policies even if our Radius servers aren't joined to the domain ?
  > I really don't know... typically all my installs have the radius server joined to the domain.  I don't know what limitations you would have using the setup you currently are using.
  Still wondering if it would be a good path for us, because of the computer authentication issue where it happens only at logon in Windows if I read correctly and our users don't have the habit to log off frequently and we use only manual connection mode when the user already has his session open. I guess MAR will have to be set to a stupid high value... if it even works.
  > Well you need to sit down with everyone who is involved and really think out what works best for you.  Machine authentication works well, but then people wonder what happens if someone logs in that isn't authorized and that because the computer is a domain computer it automatically gets on the network.  Well your not going to get everything you want:)  So PEAP has issue because IT wants to limit the user to only be able to access using a company owned device... well, then ISE is your fix.  You can add a certificate that ISE can see and if that device has that or a registry value and the user is allowed to access the network, the authentication is allowed, or else it will not be.  EAP-TLS... well more work since you need a PKI infrastructure and both the radius and the clients need a cert...
  No matter what, you need to decide what works best and don't over complicate it with adding mac filter, etc.
  I'm wondering if EAP-TLS wouldn't be better for the long term, maybe with MAC Address restriction on the short term...
  > See above
  I'm also wondering if we could stay with PEAP MSCHAPv2 but use an NPS Radius server from Microsoft which allow to use complex policies instead of the Cisco ACS Radius server...
  > You need to know how to setup and configure the policies... either one will work, but if your on ACS 4.x, I would look at upgrading to 5.4.  ISE is replacing ACS as far as the radius portion, but tacacs isn't yet available on ISE.
  There's also the Cisco ISE, which seems to be equivalent to Microsoft NPS... a bit more costly OTOH.
  > ISE allows you to profile devices so you know what device is accessing your network.  Again, ISE is replacing ACS as far as the radius, but tacacs will soon be out and available for ISE.  If you really want to create crazy profiles, then ISE is the way to go.  You can specify that this user group is allowed wireless, but it has to be a domain computer.  The user isn't allowed access if its not a domain computer.  The same user group is allowed access with company iPads (certificate installed), but not have access with personal iPads, tablets or smartphones.
  Hope this helps.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• ISE integration with Mobile Device Management ( MDM ) help required

  Dear Techies,
       Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
       We are conduction a Proof Of Concept (PoC) on  Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
  Setup Brief :
  =========
        Our Setup has  ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
       Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
  Activity Brief:
  =========
       As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
  Clarifications Required
  ================
  Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
  Wireless Scenario
  MDM can be integrated to ISE ? 
  How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
  What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
  If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
  Is MDM will do client provisioning or ISE should do ?
  Is MDM send or update patches of Mobile Devices ?
  As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
  Thanks for Reading...
  Arun

  I would like to avail your valuable inputs to understand on the  Client provisioning part for the Mobile Devices/ Laptop. I understand  from your reply that MDM integration is not available in the current  release ISE 1.1 - That is correct.
  Kindly let me know your views or any documents on the following scenarios with the current release in mind
  1. User  with Mobile devices connecting to Wireless  ( both Employee  and Guest ) , How the Flow differs for the Employee and Guest.  How the  client provisioning is done ( i.e. Like Posturing  or Compliance Check  ).
  The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
  2. User  with Laptop  connecting to Wireless  ( both Employee  and Guest ). How the client provisioning is done ( i.e. Like Posturing   or Compliance Check ).
  Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
  3. What are advantages of having ISE also in  place for Mobile devices, since most of the Mobile related tasks ( like  Authentication, Authorization, Profiling and  Posture ) are carried out  by MDM. I am checking for the significant advantage of having ISE for  Client network having only Mobile devices. Kindly clarify.
  Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
  4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user  authentication as Open ?
  For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
  There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
  5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
  This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
  You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
  6. We are also looking for VDI  ( Citrix, VMware ) solution for the  client  ( both Employee and Guest ) , how ISE can play a role in  securing the VDI environment.
  For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
  7. Is that any integration required  with Citrix or VMware. How the  VDI can be offered based on the User  role ( i.e. Employee, Contractor or Guest ), since Guest database is  available only with ISE, how the checks are made from the VDI  environment.
  IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
  Our solution demands  MDM in the integrated  solution, As on today ISE cant be integrated with MDM. so what kind of  solution we can propose to have MDM and Cisco ISE .Do the clients now  enter the network should have already installed the MDM agent (or) any  other way of pushing the same to the Client.
  Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• PEAP-MS-CHAPv2 - mobile devices and certificates

  I'm looking to secure our wireless infrastructure and CHAPv2 seems to be what we need but I have a couple of concerns.
  Our external domain is company.net but our internal domain where the NPS server would sit is domain.company.local
  We have a lot of mobile devices - some are on the domain, some are not. 
  I'm happy to use an internal certificate or a 3rd party certificate, but given the different domain suffixes, is this going to be possible?  If I use a certificate with subject name domain clients won't trust it.  If I use subject name of company.net,
  no clients will trust the NPS server.
  How do I get all domain PCs and domain/non-domain mobile devices to trust and connect to the NPS server?

  Hi,
  When you deploy 802.1X authenticated wireless access that uses PEAP-MS-CHAP v2, RADIUS servers must have digital certificates in order to perform mutual authentication. To issue certificates to your NPS servers you have the option of deploying
  a private CA on your network, or purchasing a server certificate from a third party certification authority.
  During PEAP-MS-CHAP v2 authentication, the IAS or RADIUS server supplies a certificate to validate its identity to the client. Client computer and user authentication is accomplished with passwords, which eliminates some of the difficulty of deploying certificates
  to wireless client computers.
  Since user authentication is performed with password-based credentials, not certificates, the certificate which is issued to NPS use the internal domain suffix. But non-domain member computers must have the private CA certificate manually
  installed in the Trusted Root Certification Authorities certificate store for them to trust certificates, such as NPS server certificates, that are issued by the private CA.
  Besides, are all users in the internal domain? If users are in two domains, you have two options,
  Create a two-way forest trust for both sides of the trust.
  Install a new NPS server in external domain.
  For detailed information, please refer to the link below,
  Create a two-way, forest trust for both sides of the trust
  http://technet.microsoft.com/en-us/library/cc778851(v=WS.10).aspx
  Certificates and NPS
  http://technet.microsoft.com/en-us/library/cc772401(v=WS.10).aspx
  PEAP-MS-CHAP v2-based Authenticated Wireless Access Design
  http://technet.microsoft.com/en-us/library/dd348500(v=WS.10).aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Why do my Visitors users get Access Denied in my New Forms - Mobile Devices Only

  The issue I have is that I have a SP2013 Site with a group Visitors.
  the default Site Permissions have been set to Read.
  I then created a SharePoint List with a People Picker.
  I broke the Security inheritance and gave the Visitors group Contribute Permissions
  In Browser mode, they can access the site, open all links and even add content to list.
  When I do the same actions on a mobile device, All the visitors get Access Denied when clicking on the Add Content Link.
  The Link I make available is "https://myweb/sites/site/Lists/mylist/NewForm.aspx"
  I have found some suggestions about unplublished content, but this does not explain why the user can perform the required actions on a desktop, but not on a mobile device using the same link

  Hi,
  By mobile do you happen to mean iPhone? There has been quite a few issues with SharePoint 2013 and iOS authentication. You might want to refer to the following exchange.
  http://apple.stackexchange.com/questions/146808/ios-8-safari-sharepoint-2013-windows-authentication-support
  Eric Overfield - PixelMill -
  ericoverfield.com -
  @EricOverfield

• Apache SSL Client Authentication with Windows Mobile

  The biggest question I have here is if anyone has actually made this work. I would think this would be pretty standard...
  On our HTTP server I have protected folders setup with Certificate Based Client Authentication. Each folder requires a unique client certificate.
  This works perfectly with IE & Firefox running on PCs.
  The problem I have is trying to authenticate a Windows Mobile Device.
  I can authenticate the CA certificate but nothing in the client certificate.
  In ssl.conf I have the following parameters for each folder:
  SSLRequire %{SSL_CLIENT_S_DN_O} eq "Our Organization"
  SSLRequire %{SSL_CLIENT_S_DN_CN} eq "User Division Level"
  SSLRequire %{SSL_CLIENT_S_DN_OU} eq "User Level"
  The only parameter that Apache is able to validate from the device is DN_O and that is coming from the CA certificate.
  DN_CN & DN_OU are contained in the user certificate but it is not able to validate those.
  Anyone have any ideas on this?
  Edited by: Alan3 on Nov 20, 2008 2:15 PM

  Bump.
  Is anyone out there using Win Mobile devices with Oracle HTTP server?

• Can't access OWA 2003 as well as no access via mobile devices

  My Exchange server is able to send mail externally and receiving external mail but I can't access OWA as well as my mobile devices are not connecting to my exchange 2003 server running on server 2003 standard edition service pack
  2.  I keep getting "This page cannot be found.  On my mobile devices its saying "No data received, unable to load the webpage because the server sent no data".   Any help will be greatly appreciated. 

  Hi,
  Please check whether ActiveSync is enabled.
  Also check this KBs:
  Troubleshooting Outlook Web Access logon failures in Exchange 2000 and in Exchange 2003
  http://support.microsoft.com/kb/327843
  Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003
  http://support.microsoft.com/kb/817379
  Thanks
  Mavis Huang
  TechNet Community Support

• WLC Guest Network Mobile Device Browser

  Hello,
  We are having some odd issues with people using there blackberry's and iphones on our guest network.  Most of the time they can connect, but when they launch there browser it doesn't always bring up the authentication page, and just says network lost.  If they get past that, and the login page comes up and they authenticate they get some kind of key store message.  If they cancel that they can browse the web but most sites seem to switch from wifi to the mobile network and then they are not using the wifi, just the mobile network.
  Is there some kind of security issue with the third party certificate we use?  Why would the browser switch back and forth from wifi to mobile networks?
  This behavior is not seen when one of these devices connect to a secure WLAN in our network.
  Thanks,
  Dan.

  It always worked 100% of the time with a laptop.  I just upgraded the controller software to the latest 6.x version and it seems much better on the mobile devices now.
  Dan.

• I am suddenly getting a message that the 'mobile device services' has stopped working on my computer and windows seems unable to fix.  I have tried finding the file and making sure that it is enabled.  It says 'enabled' but does not work.

  I recently downloaded a new update of the operating system on my 3GS  It seems to be a bit slower since and I have no idea if that is part of what is going wrong.  I cannot get itunes to recognise my phone.  Windows pops up a 'window' that says my 'mobile device services' is not working and would I like Windows to look online for the problem - I say yes, windows does it's thing, blanks out and I am back where I was.  I tried updating itunes but no luck.
  I found the mobiledeviceservices.exe file and made sure it was all 'on' and 'enabled' still no luck  I did a search and came up with some other people who had the same problem but the answers that they were given didn't help me.

  When you erased the disk did you select Mac OS Extended Journaled as the format option?

• Apple Mobile Device Service installation rolls back

  Hey there,
  I've been having problems installing iTunes 9 or even 8 on my computer. While running the iTunes setup, part of the installation rolls back and when I launch iTunes after that, I get the message saying that
  "This iPod cannot be used because the required software is not installed. Run iTunes installer to remove iTunes, then install iTunes again."
  However, the installation doesn't work no matter how many times i reinstall it. I've fully uninstalled everything related to apple and used the microsoft's utility to check if they were properly uninstalled before reinstalling itunes, but I still got the same message.
  I found out that Apple Mobile Device Service was not installed and that was the problem. When i extracted AppleMobileDeviceService.msi from the iTunes installer and ran it, it rolled back too. So I used the /l*v command to create an installation log and this is the error.
  DIFXAPP: INFO: opening HKEY_USERS 'S-1-5-21-4128058654-1677487342-2165978628-1007\Software\Microsoft\Windows\Curr entVersion\DIFxApp\Components\{9AA3828A-F852-11DB-8E29-6C6B55D89593}' (User's SID: 'S-1-5-21-4128058654-1677487342-2165978628-1007') ...
  DIFXAPP: INFO: ENTER: DriverPackageInstallW
  DIFXAPP: INFO: usbaapl.inf: checking signature with catalog 'C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers\USBAAPL.CAT' ...
  DIFXAPP: INFO: Driver package 'usbaapl.inf' is WHQL signed.
  DIFXAPP: ERROR: Create Driver Store entry failed. (Error code 0x6E: The system cannot open the device or file specified.)
  DIFXAPP: INFO: Successfully removed '{9AA3828A-F852-11DB-8E29-6C6B55D89593}' from reference list of driver store entry ''
  DIFXAPP: INFO: RETURN: DriverPackageInstallW (0x52)
  DIFXAPP: ERROR encountered while installing driver package C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl.inf
  DIFXAPP: InstallDriverPackages failed with error 0x52
  DIFXAPP: RETURN: InstallDriverPackages() 82 (0x52)
  Action ended 17:15:17: InstallFinalize. Return value 3.
  Can anyone help me please? Any help will be appreciated =P
  Cheers

  I have recently been fighting my system to get itunes to recognise my iphone and i ran into a similar problem.
  I couldnt uninstall the old version of apple mobile device support, and installing the new itunes over the top did not seem to help either.
  But i found a work around.
  Try opening the itunes.exe install package with winrar. (www.winrar.com, its a free program) and then extracting only the applemobiledevicesupport.exe file.
  Reboot your system, run that file and then reboot again.
  It should work.
  If it doesnt, then good luck to you :P
  -Adam