85010014 error trying to Direct Push syncronize to an Exchange 03 server

Exch 2k3, SP2
IIS 6 server hosting OWA
Sprint 6700 PDA
Single Exch2k3 server environment.  I do not have a FE/BE configuration

I'm attempting to get the Direct Push syncronization offered by the Mobile 5.0 and the AUTD/MSFP (Always Up To Date)/(Microsoft Security Feature Pack) update given me by Sprint.  I AM NOT USING ACTIVE SYNC on the desktop AT ALL.

Like others I plowed through all the blogs, bbs's and support sites for help.  I followed the instruction at http://support.microsoft.com/default.aspx?scid=kb;en-us;817379 to the letter and was able to get over-the-air direct push syncronization working on my email account.

Now the problem.  I did a hard reset of the PDA and went through the setup for the phones new owner.  I get an 85010014 error on the PDA every time I try to sync.

I hard reset the PDA and selected a third users account.  The sync worked fine.
I hard reset the PDA and selected a fourth users account.  The sync worked fine.
I hard reset the PDA and selected the new owners account again.  The sync fails with 85010014.

I intentionally entered the users password incorrectly and got an error telling me to enter the correct password.
I de-selected all folders except Calendar on the sync config screen.  I still fails with 85010014.
I intentionally disable the new owners Mobile Access in his AD account and got an error saying the user was not authorized to syncronize.

It sure seems I have everything configured correctly as I have been able to sync with three users accounts.  The PDA is obviously is communicating with the Exch server based on the three tests above.  Nothing posts in the server event log when sync fails.  I see activity in the IIS log but don't know how to decipher.
What the heck is going on?  Your suggestions are eagerly awaited.


SlosburgAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oldhammbcCommented:
have a look on here i know its only for one user but there could be something causing that one users mailbox to screw up :

http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php

hope its some help

Dave J
0
oldhammbcCommented:
if that dosent work then all i can sujest is logging in to outlook and backing up the users mailbox to a pst. deleating the users mailxbox and recreating a new one.
once you have created a new mailbox try syncing the device of it works try importing the email (at least then youll know if its connected to a mail in the mail box) if it dosent work with no email id sujest recreating the ADS account because something is badly wrong with the account.
0
oldhammbcCommented:
just had another brainwave as well, can you login to outlook webaccess as that user? we had a problem with some of our users haveing strange characters in their mailbox names (like & etc) and because mobile activsync uses the same kind of interface it could be a similar problem.

Cheers

Dave J
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

SembeeCommented:
As it one user, you need to concentrate there.
Try downloading the Mobile Access admin tool from Microsoft, and remove any device that is attached to the account. Then hard reset the PDA again and configure to connect once more.

Simon.
0
SlosburgAuthor Commented:
I read a post somewhere that somebody had success exporting to a pst and deleting/recreating the mailbox.  I was just avoiding that one as it seemed far fetched.  As luck would have it,  the mailbox belongs to a VP who gets a *%($ load of email every day.

This user can login to OWA.  I can also log into OMA from the PDA and see/read/create emails.

I have the Mobile Admin installed but until a sync occurs it does not show the device having a relationship.  If I config the PDA for another user I can use MobileAdmin to remote wipe.  Worked slick.

I guess I'm doomed to try recreating the user mailbox just to eliminate it.  I had hoped someone would steer me to a log file that may give some leads.  In Exchange Admin I turned logging on for MSExchangeActiveSync but it did not log any events.  Maybe that is the wrong logging category.

I'll update all when done.
0
vasanthgnbCommented:
This is a more generic error message for ActiveSync. The most common reason for this error is the mailbox size. It can get timed out when requesting for Folder Heirarchy or when doing a PROPFIND against your mailbox folders. So reduce the size of the mailbox and do a Sync. It should work that way.

Regards,
Vasanth.
0
oldhammbcCommented:
One other thing you could do is do the first sync using activ sync on a pc on the network, that may have less of an issue than over the air.
0
SlosburgAuthor Commented:
I wondered about the mailbox size being an issue.  Note that I tried selecting only Calendar to sync and it still failed.  If the PROPFIND times out because of mailbox size, would the above test be a good way to test for this or would the PROPFIND still take the same amount of time to respond even though I only selected Calendar?

I mentioned my IIS logs showing activity when I attempt to sync.  I tried to compare what occurs with the VP account v.s. mine.
On both accounts I see an OPTIONS cmd followed by two instances of PROPFIND.  These first three lines look identical regardless of the account.  Now things change.  My account has nine occurances of a MKCOL cmd and a POST cmd.  The failing account has 3 occurances of the MKCOL cmd followed by a POST cmd.

The last two cmds of the failing account (edited for security)
2006-04-18 18:33:11 W3SVC1 xxx.xxx.xxx.xxx MKCOL /exchange-oma/user/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync - 80 domain\username xxx.xxx.xxx.xxx Microsoft-Server-ActiveSync/6.5.7638.1 404 0 0
2006-04-18 18:33:11 W3SVC1 192.168.10.3 POST /Microsoft-Server-ActiveSync User=username&DeviceId=edited for security&DeviceType=PocketPC&Cmd=FolderSync&Log=edited for security 443 domain\username xxx.xxx.xxx.xxx MSFT-PPC/5.1.2000 500 0 0

The last two lines of a working account (edited for security)
2006-04-12 20:38:31 W3SVC1 xxx.xxx.xxx.xxx MKCOL /exchange-oma/user/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/PocketPC/edited for security- 80 domain\username xxx.xxx.xxx.xxx Microsoft-Server-ActiveSync/6.5.7638.1 201 0 0
2006-04-12 20:38:31 W3SVC1 192.168.10.3 POST /Microsoft-Server-ActiveSync User=username&DeviceId=edited for security&DeviceType=PocketPC&Cmd=FolderSync&Log=edited for security 443 domain\username xxx.xxx.xxx.xxx MSFT-PPC/5.1.2000 449 0 0

What is this MKCOL cmd doing?  If I need more from the IIS log please let me know.

P.S. I tried syncing from a PC with ActiveSync 4.1 to the Exchange Server and it still fails.
0
vasanthgnbCommented:
Can you have a look at http://support.microsoft.com/kb/886346. This is actually fixed in SP2 for E2k3. But I have seen a couple of instances where in you have to add the reg key even if you have SP2. I am trying to find more details on MKCOL DAV request. Will keep you posted.

Regards,
Vasanth.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SlosburgAuthor Commented:
Fixed Fixed Fixed!!!
Vasanthgnb led me to it!
I had already read and used his MS post, http://support.microsoft.com/kb/886346, during this process.  After reading it more carefully, I found the solution.
Problem #1
I remembered an oddity in the IIS logs.  In the IIS logs where it reads "MKCOL /exchange-oma/user"  the "user" was his first name whereas when I connected to my account the "user" was first initial & last name.  He happens to have an smtp address of firstname@domain1.com and firstinitial_lastname@domain1.com.  His firstname@domain1.com is not defined in the Recipient Policy but rather was added manually to his account.

I deleted the firstname@domain1.com and the Sync worked.  I added it back in and it failed.

Problem #2
We host email for several domains  Domain1.com happens to also be our primary internal domain.  Domain2.com is defined as the Primary SMTP address in my Exchange Recipient Policy.
Step 5 of the MS KB states "In the String Data line, type the SMTP domain of your default Recipient Policy."  I had mistakenly entered domain1.com instead of domain2.com.
I changed this and the user now syncs OK with all his original email addresses.

I've since beat the tar out of this phone and it works every time.  Remote wipe is sweet!!!

NOTE - I started by syncing only Calendar and it worked.  I added Contacts and it worked.  I added Email and while it did not "say" it failed, it would not rcv or send email.  I selected the Options in the PDA AS.  I went to Email settings and there is an option to "Include the previous X days"  It defaults to 3 days.  I changed to 1 day and the sync completed correctly.  I then changed to 3 days and it sunk the rest of the email.  The user does have a fair amount of email everyday so I thought that may be the problem.
0
vasanthgnbCommented:
Amazing. :-). Thank u.

Vasanth.
0
SlosburgAuthor Commented:
It was.  Problem #1 was interesting in the symptomology but ultimately Problem #2 was the fix.

I thought I would recap the documents I used to config this.  Remember that I have a single Exch 03 server w/IIS & OWA.  Not a FE/BE config.  There are primarily three documents I used:
http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;817379
http://support.microsoft.com/kb/886346
Read them carefully and don't make a dumb mistake like me that cost 50 hrs and blurred my vision.

I had ALL of the problems.  I was using a cert from GoDaddy which has no root cert on the PDA.  I was using FBA so I had to create the new VDIR.  I had to set the authentication differently on several VDIR's.  I had to hack the registry a couple times.  Cap that off with configuring an ISA server in front of Exchange.  It's been interesting.

If I can help anyone on a specific issue please contact me through this site.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.