Solved

Exchange 2003: ActiveSync on mobile phone errors when password expires and is changed, how can I prevent?

Posted on 2008-06-19
12
918 Views
Last Modified: 2012-05-05
We've had an annoying problem with Exchange Server 2003 on our side that I have not been able to find a fix for up to this point. I'm hoping you can help.

We have Windows Mobile phones and set them up to sync over the air with our Exchange Server. It works wonderfully ... until the end user changes their password, either as a result of expiration or choice. After that, the phone fails to synchronize, brings up a View Status screen, and the error it shows is the following:

ActiveSync encountered a problem on the server.

View Support Code (Support Code: 0x85010001)

The only way I can fix it is to delete the entire ActiveSync partnership, reboot the phone (either warm reset or battery removal and re-plugin) and then rebuild the partnership from the ground up. This is creating a lot of support calls, and is very hard to explain to the end user when they are on the road and cannot get to their e-mail.

This happens on all of our AT&T phones across the board (Blackjack 1 and 2, 8125, 8525, Tilt), so I'm sure it's either a Windows Mobile setting I need to hack in, or more likely, a setting on the Exchange Server I need to take a look at. Would anyone here know the first place to look?

Thanks!
0
Comment
Question by:sav2880
  • 5
  • 3
  • 2
12 Comments
 
LVL 20

Expert Comment

by:jdera
Comment Utility
Have you checked the permissions on the activesync virtual directory within IIS?
0
 
LVL 1

Expert Comment

by:DAN_KANN
Comment Utility
If they change the password in AD are they changing it in the device too? Go into the Activesync on the device and check the server settings. The password will need to be updated there too.
0
 
LVL 2

Author Comment

by:sav2880
Comment Utility
jdera: I will check ... what should the permissions be in best practice?

DAN_KANN: They are never prompted to change the password, I would think that they would be. I agree, the password should be changed in the device too, but it seems like it should give me a "wrong password, try again" message and not an ActiveSync straight-up error and a completely unsuccessful sync.
0
 
LVL 1

Expert Comment

by:DAN_KANN
Comment Utility
You would think it would be that simple and straight forth. I am the only one currently using the MotoQ9c the rest of our guys with mobile devices are using BlackBerrys synching through the BIS server. When ever a password is changed in AD I have to log into the BIS site and manually change it otherwise they will stop getting their email and not even get a notification.

What is the error message that you have gotten?

Have you tried to recreate the error and then update the password in the device to see if that resolves it?
0
 
LVL 2

Author Comment

by:sav2880
Comment Utility
The error message has always been like the one noted above. When it happens, it'll act like it's going to sync and then quickly give up. Not sure why it doesn't always bring up a "wrong password" message.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 20

Expert Comment

by:jdera
Comment Utility
Here is a good step by step including the permissions I mentioned.

http://www.riverbank.co.uk/home/support/knowledge-base/r1403

0
 
LVL 1

Accepted Solution

by:
DAN_KANN earned 500 total points
Comment Utility
I would put money on it being the password needing to be changed if. I am assuming that the only devices failing are the ones where users have changed their passwords. You did not specify this.
0
 
LVL 1

Expert Comment

by:DAN_KANN
Comment Utility
I was thinking about something you posted earlier... Are they being prompted to change their password on their mobile device or their Active Directory password?

0
 
LVL 2

Author Comment

by:sav2880
Comment Utility
Guess I should have specified this ... thought I had stated it clearly, but I'll go for it.

You are correct. The only devices failing are ones where the AD password has been changed. It doesn't really matter where it's changed (by an admin in ADUC, by the end user when the password has expired or changed by the end user by choice). Once that password has been changed, the mobile device then fails to sync, and does not ever offer a "wrong password" message offering to update the password on the device ... just that error.

What I want it to do is properly note that the password is wrong, allow it to be updated on the mobile device, and then trot along as normal. So DAN_KAHN, you're on to how the error comes to be, just need to get to how to eliminate it.

jdera: Checking that post now.
0
 
LVL 1

Expert Comment

by:DAN_KANN
Comment Utility
I don't believe you are going to be able to automatically rectify the situation. I tested this myself this morning and got the same thing. As I am not an expert on this, it's my opinion that you are going to have to have your users manually update the password on their mobile devices when they change it. If for some reason you have to reset it in AD then they will obviously be aware of this and will know to change it then too.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now