?
Solved

ActiveSync Permission Issues - 0x85010004

Posted on 2008-06-18
4
Medium Priority
?
3,446 Views
Last Modified: 2012-08-13
Hi
 
Really hitting a brick wall now and would appreciate some ideas on what to try next.
 
Current setup is Exchange 2007 (Separate Mailbox and CAS) using IIS 7 on Server 2008.
Using properly issued Cybertrust certificate.
Link from external goes through ISA 2006.
 
OWA works fine internally and externally no problems at all.
 
ActiveSync gives the following error when I try to sync:
 
"Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator. 0x85010004"
 
Tried externally using a Dell x51v and internally using Microsofts emulator. Same error on both.
 
 
 
Things done:
 
 
1. Deleted and recreate the Exchange Activesync mailbox policy. Pointed the mailboxes manually to the policy. As a side not, what are the best settings for the ActiveSync mailbox policy ? I tend to leave it default, but this leaves the "require password" unticked.
 
2. Deleted and recreated the Virtual Directory in IIS. (via powershell commands)
 
3. Pointed all services to the proper certificate (Enable-exchangecertificate) - also making the internal and external URLs of Activesync match our certificate ie. (www.ourdomain.ac.uk/Microsoft-Server-Activesync)
(http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/)
 
4. Enabled ActiveSync on the test users mailbox, both in the console and via the powershell commands. Some people are indicating that even though it already is enabled, this proved a fix.
 
5. Disabled SSL - This gives the same 0x85010004 error.
 
6. Also tried the  Test-ActiveSyncConnectivity from Powershell. This gives the following error.
 
[System.Net.WebException]: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Inner error [System.Security.Authentication.
AuthenticationException]: The remote certificate is invalid according to the validation procedure.
[System.Security.Authentication.AuthenticationException]: The remote certificate is invalid according to the validation procedure
 
 
 
Really stuggling now. Please help !
0
Comment
Question by:oldhamcol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:Casey Herman
ID: 21811745
Are you trying to run ssl or not that is the big question....?
If you are than you have to get a certificate installed in IIS for the phones to work properly.

If not then you have to create the extra virtual directory that acts as a pathway to the ssl side of oma.

First things first check to see if you can log into oma from a workstation.

http://servername/oma

Casey
0
 

Author Comment

by:oldhamcol
ID: 21812190
Yes, we are trying to run SSL, bought a certificate from Cybertrust.

The problem I am having is with Exchange 2007, OMA has been discontinued.

Thank you for taking the time to reply though.
0
 
LVL 10

Expert Comment

by:Casey Herman
ID: 21818504
sorry didn't catch the 2007 mistook it for an '03.  
HAve tried turning on the verbose logging in active sync?

Casey
0
 

Accepted Solution

by:
oldhamcol earned 0 total points
ID: 21820924
FIXED !!

Turned out to be the Authentication delegation rule on ISA, which is set differently on the OWA isa rule.

*phew*
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question