Users Are Unable to Use Activesync After Migration from Exchange 2007 to Exchange 2010

 

At a recent customer, we ran into an issue where a set of users were migrated from Exchange 2007 to Exchange 2010.  All of the users activesync worked without issue, but one user was unable to connect.  No matter what we tried, he would get”unable to connect to server” on his phone.  We checked the activesync logs, would see an initial connection but then nothing else.

Checking the event logs of one of the CAS servers, we found error event ID 1053: “Exchange Activesync doesn’t have sufficient permissions to create the container under Active Directory User”Untitled

So I opened Active Directory Users and Computers, selected View-Advanced Features:

image

Then I opened the user account, went to to the security tab->;Advanced:

23

Here, the “Include inheritable permissions from this objects parent” was UNCHECKED:

admin

I checked this box, hit apply, and boom active sync started working. Since this account was not a domain admin and just a standard user account, this was unexpected.

Advertisements
This entry was posted in ActiveSync, exchange 2007, Exchange 2010, Threat Management Gateway and tagged . Bookmark the permalink.

2 Responses to Users Are Unable to Use Activesync After Migration from Exchange 2007 to Exchange 2010

  1. Tony says:

    This also happens with special “admin” groups such as account operations, print operators, etc – If the user is in one of these group deemed “admin” by Microsoft. Exchange will continually remove the inheritance check box every so often (maybe every hour), but it is only needed during the first ActiveSync communication.

    • ponzekap2 says:

      Your right Tony! I should have stated that this account wasn’t protected but a regular user account so it was unexpected.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s