This is from my thread in the HD2 forums: For those who can't unlock anymore using ChevronWP7, here's why!
Quote:
Originally Posted by DanielNTX View Post
I wrote this inside of another thread, but decided to make a new thread because others may not find it or read it. For those who have tried everything, this is the reason why you can't unlock the phone unless you do a full reset:

The majority of the failures to unlock your phone again is because you used a registry script that changed the HD2 to identify it as an HD7 and may have included registry entries that set PortalUrlProd and PortalUrlInt to 127.0.0.1 or a Null value and somehow your phone became relocked. Once it's set this way, no matter what you do to unlock the phone it won't work because the proper server to query is "developerservices.windowsphone.com" is not defined on the phone. ChevronWP7 works by hijacking and spoofing the address of developerservices.windowsphone.com to be your local computer and then responds appropriately over port HTTPS (443) to the phone. If you set it to 127.0.0.1 in the registry this references your phone when it tries to unlock. The phone itself is not running a spoofed HTTPS server so it will never work. Setting it to null means it doesn't no where to go either. If your phone is working in Zune and you hit the end button on the phone, you will notice ChevronWP7 will report that the phone is pin-locked, this means ChevronWP7 knows about the phone, but the "uh oh - Please make sure it's connected using USB, Please start the Zune application" message it generates is kind of ambiguous and is not the actual error we are seeing here.

The original values are these:
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg]
"PortalUrlProd"="https://developerservices.windowsphone.com/Services/WindowsPhoneRegistration.svc/01/2010"
PortalUrlInt"="https://developerservices.windowsphone-int.com/Services/WindowsPhoneRegistration.svc/01/2010"
and the corresponding certificate is this:


That's how the phone can trust the HTTPS connection because you imported the certificate.

Now if you change the URL to something else, you will need a corresponding certificate. You can make one with makecert.exe or makessl.exe form the various resource/development toolkits out there on the Microsoft website.

In my example, I'm going to use a site that doesn't exist "developerservices.unlock.me". You should change the PortalUrlProd and PortalUrlInt on the phone as follows:
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg]
"PortalUrlProd"="https://developerservices.unlock.me/Services/WindowsPhoneRegistration.svc/01/2010"
 "PortalUrlInt"="https:/developerservices.unlock.me/Services/WindowsPhoneRegistration.svc/01/2010"
Now in your hosts. file in \windows\system32\drivers\etc folder, you should set up an entry for developerservices.unlock.me with your computer's own IP address.

Once you do you need to install a new certificate on the phone for whatever host in the URL you made and you will be able to use ChevronWP7 to unlock incase it ever locks you out again.

To simplify the making a self-signed certificate portion, I've created a cert for "developerservices.unlock.me" with the validity date of 1000 days. It's included in this post. Hope this helps you all with maintaining an unlocked Windows Phone 7 and understanding why ChevronWP7 won't unlock anymore.
Attached Files
File Type: zip unlockme_cert.zip - [Click for QR Code] (875 Bytes, 2596 views)
File Type: zip unlockme_rgu_provxml.zip - [Click for QR Code] (1,017 Bytes, 2417 views)