Exchange 2003: ActiveSync on mobile phone errors when password expires and is changed, how can I prevent?
We've had an annoying problem with Exchange Server 2003 on our side that I have not been able to find a fix for up to this point. I'm hoping you can help.
We have Windows Mobile phones and set them up to sync over the air with our Exchange Server. It works wonderfully ... until the end user changes their password, either as a result of expiration or choice. After that, the phone fails to synchronize, brings up a View Status screen, and the error it shows is the following:
ActiveSync encountered a problem on the server.
View Support Code (Support Code: 0x85010001)
The only way I can fix it is to delete the entire ActiveSync partnership, reboot the phone (either warm reset or battery removal and re-plugin) and then rebuild the partnership from the ground up. This is creating a lot of support calls, and is very hard to explain to the end user when they are on the road and cannot get to their e-mail.
This happens on all of our AT&T phones across the board (Blackjack 1 and 2, 8125, 8525, Tilt), so I'm sure it's either a Windows Mobile setting I need to hack in, or more likely, a setting on the Exchange Server I need to take a look at. Would anyone here know the first place to look?
Thanks!
We have Windows Mobile phones and set them up to sync over the air with our Exchange Server. It works wonderfully ... until the end user changes their password, either as a result of expiration or choice. After that, the phone fails to synchronize, brings up a View Status screen, and the error it shows is the following:
ActiveSync encountered a problem on the server.
View Support Code (Support Code: 0x85010001)
The only way I can fix it is to delete the entire ActiveSync partnership, reboot the phone (either warm reset or battery removal and re-plugin) and then rebuild the partnership from the ground up. This is creating a lot of support calls, and is very hard to explain to the end user when they are on the road and cannot get to their e-mail.
This happens on all of our AT&T phones across the board (Blackjack 1 and 2, 8125, 8525, Tilt), so I'm sure it's either a Windows Mobile setting I need to hack in, or more likely, a setting on the Exchange Server I need to take a look at. Would anyone here know the first place to look?
Thanks!
Have you checked the permissions on the activesync virtual directory within IIS?
If they change the password in AD are they changing it in the device too? Go into the Activesync on the device and check the server settings. The password will need to be updated there too.
ASKER
jdera: I will check ... what should the permissions be in best practice?
DAN_KANN: They are never prompted to change the password, I would think that they would be. I agree, the password should be changed in the device too, but it seems like it should give me a "wrong password, try again" message and not an ActiveSync straight-up error and a completely unsuccessful sync.
DAN_KANN: They are never prompted to change the password, I would think that they would be. I agree, the password should be changed in the device too, but it seems like it should give me a "wrong password, try again" message and not an ActiveSync straight-up error and a completely unsuccessful sync.
You would think it would be that simple and straight forth. I am the only one currently using the MotoQ9c the rest of our guys with mobile devices are using BlackBerrys synching through the BIS server. When ever a password is changed in AD I have to log into the BIS site and manually change it otherwise they will stop getting their email and not even get a notification.
What is the error message that you have gotten?
Have you tried to recreate the error and then update the password in the device to see if that resolves it?
What is the error message that you have gotten?
Have you tried to recreate the error and then update the password in the device to see if that resolves it?
ASKER
The error message has always been like the one noted above. When it happens, it'll act like it's going to sync and then quickly give up. Not sure why it doesn't always bring up a "wrong password" message.
Here is a good step by step including the permissions I mentioned.
http://www.riverbank.co.uk/home/support/knowledge-base/r1403
http://www.riverbank.co.uk/home/support/knowledge-base/r1403
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I was thinking about something you posted earlier... Are they being prompted to change their password on their mobile device or their Active Directory password?
ASKER
Guess I should have specified this ... thought I had stated it clearly, but I'll go for it.
You are correct. The only devices failing are ones where the AD password has been changed. It doesn't really matter where it's changed (by an admin in ADUC, by the end user when the password has expired or changed by the end user by choice). Once that password has been changed, the mobile device then fails to sync, and does not ever offer a "wrong password" message offering to update the password on the device ... just that error.
What I want it to do is properly note that the password is wrong, allow it to be updated on the mobile device, and then trot along as normal. So DAN_KAHN, you're on to how the error comes to be, just need to get to how to eliminate it.
jdera: Checking that post now.
You are correct. The only devices failing are ones where the AD password has been changed. It doesn't really matter where it's changed (by an admin in ADUC, by the end user when the password has expired or changed by the end user by choice). Once that password has been changed, the mobile device then fails to sync, and does not ever offer a "wrong password" message offering to update the password on the device ... just that error.
What I want it to do is properly note that the password is wrong, allow it to be updated on the mobile device, and then trot along as normal. So DAN_KAHN, you're on to how the error comes to be, just need to get to how to eliminate it.
jdera: Checking that post now.
I don't believe you are going to be able to automatically rectify the situation. I tested this myself this morning and got the same thing. As I am not an expert on this, it's my opinion that you are going to have to have your users manually update the password on their mobile devices when they change it. If for some reason you have to reset it in AD then they will obviously be aware of this and will know to change it then too.