[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 497
  • Last Modified:

Account permissions with ActiveSync

Running MS SBS 2K3 &  trying to get some VZ MOT Q phones ActiveSyncing with Exchange. Keep getting "User account does not have permission to sync". I have installed the latest updates, rebuilt the OWA componets, disabled & re-enabled the accouts Exchange feature and double-checked the mobile device setting in System Manager.
0
normanreynolds
Asked:
normanreynolds
  • 3
  • 2
1 Solution
 
kristinawCommented:
check the exchange features tab in the ADUC and make sure "outlook mobile access" is enabled

also go into exchange system manager, global settings, mobile service properties, and make sure everything (including unsupported devices) is enabled.
0
 
normanreynoldsAuthor Commented:
I have already verified the ADUC settings and even disabled them, forced a rebuild of the Receipent Policy, re-enabled them and forced another rebuild. Same with the settings in Exchange System Manager.
0
 
kristinawCommented:
have a look at your iis logs and make sure you see the requests coming in. also note any code (200, 401, etc) at the end of the line. if everything looks good there, could be a file level permission somewhere (maybe on massync.dll, for example). you could use process monitor on the server while attempting a sync and see if you get any denys anywhere.

kris.
0
 
normanreynoldsAuthor Commented:
The requests are coming in & I am getting 401, 200, 401, 409, 403, 403. Here is a sample:
2007-07-26 01:38:09 63.226.20.157 OPTIONS /Microsoft-Server-ActiveSync User=tschultz&DeviceId=04037902CE42EAD138000050BF1977E0&DeviceType=PocketPC 80 - 32.170.247.125 Microsoft-PocketPC/3.0 401 2 2148074254
2007-07-26 01:38:13 63.226.20.157 OPTIONS /Microsoft-Server-ActiveSync User=tschultz&DeviceId=04037902CE42EAD138000050BF1977E0&DeviceType=PocketPC&Log=VNATNASNC:0A0C0D0FS:0A0C0D0SP:0C0I0S0R0S0L0H 80 naiop-az\tschultz 32.170.247.125 Microsoft-PocketPC/3.0 200 0 0
2007-07-26 01:38:13 10.0.0.5 PROPFIND /exchange-oma/TSchultz@naiop-az.org/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/PocketPC/04037902CE42EAD138000050BF1977E0 - 80 - 10.0.0.5 Microsoft-Server-ActiveSync/6.5.7638.1 401 1 0
2007-07-26 01:38:15 10.0.0.5 PROPFIND /exchange-oma/TSchultz@naiop-az.org/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/PocketPC/04037902CE42EAD138000050BF1977E0 - 80 naiop-az\TSchultz 10.0.0.5 Microsoft-Server-ActiveSync/6.5.7638.1 409 0 0
2007-07-26 01:38:15 10.0.0.5 MKCOL /exchange-oma/TSchultz@naiop-az.org/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync - 80 - 10.0.0.5 Microsoft-Server-ActiveSync/6.5.7638.1 403 0 0
2007-07-26 01:38:16 63.226.20.157 POST /Microsoft-Server-ActiveSync User=tschultz&DeviceId=04037902CE42EAD138000050BF1977E0&DeviceType=PocketPC&Cmd=FolderSync&Log=V2TNASNC:0A0C0D0FS:0A0C0D0SP:2C2I675S1514R0S0L0H0P 80 naiop-az\tschultz 32.170.247.125 Microsoft-PocketPC/3.0 403 0 0

I get an error in the application event viewer 3005 from ActiveSync with a status code of 409. This error is what prompted me to rebuild the IIS OWA components using the Metabase Explorer off the IIS ResKit. Furthermore, no Firewall or URLScan in place.

Permissions should not be an issue, since the user is a Domain Admin.

norm
0
 
kristinawCommented:
make sure your /exchange-oma virtual directory has integrated auth and basic auth checked. nothing else (no anonymous).

kris.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now