SBS2003 Exchange active sync to Sony Ericsson Xperia produces error code 0x85010004

Hi there.

I have one SBS2003 sp2 with exchange sp2 and a brand new SE Xperia X1 mobile phone.

Set up Xperia Outlook account using DYNDNS server adress.
Got error msg indicating that I needed a certificate.
Generated a new cert thru the CEICW wizard just in case, exported it and installed it on the Xperia
Now I'm getting error msg 0x85010004 when running the active sync app on the Xperia and SE X1 support says it is related to "faulty account settings".
When I ask them to be more specific they went hostile on me and told me I couldn't ask them about how to configure my Exchange server, which of course I never did... tum-de-dum...
There seem to be no public Xperia support code reference point.

Googled a bit on 0x85010004 and there seem to be several very different options on this one.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


I had the same error, try this:

1. a. On your Pocket PC 2003-based device, click Start, ActiveSync, Tools, Options, Server and check the box This server uses an SSL connection.
2. On your Smartphone 2003-based device, click Start, ActiveSync, Menu, Options, Server Settings, Connection and check the box This server uses an SSL connection.
3. Verify that host headers are configured correctly.
4. Also, see Microsoft KB Article 817379 for information on configuring the Exchange virtual directory

this is the microsoft article from above:;en-us;817379
double check the security on the iis...
go to iis
look under websites
each of those virtually directories has a security setting...  right click and go to properties
look at directory security
authentication & access control choose to edit

confirm this is the configuration:  (I got this from a Microsoft support call)
1 Exchange server 2003 Sp2


-      Corrected the permission in IIS for Exchange virtual directories
Default Permissions :

Default Web Site     -   Anonymous
Exadmin                      -   Integrated
Exchange                    -   Basic/integrated
Exchweb                     -   Anonymous
Bin                                 -   Basic/integrated
Auth                             -   Basic/integrated
Usa                               -   Basic/integrated
Active Sync                -   Basic
Oma                             -   Basic
Public                           -   Basic/integrated

-      Uncheck the Enable client certificate mapping from all Exchange virtual directories
IIS manager => expand Web Sites => Rt. Click on Default Web Site => go to Properties => go to Directory security tab => go to the Edit option in Secure communication => and uncheck Enable client certificate mapping  

-      Uncheck the Enable the Windows directory service mapper from the Web Site properties
IIS manager => rt. Click on Web Sites & go to Properties => go to Directory security tab => uncheck the option for Enable the Windows directory service mapper

-      Restarted the IISAdmin service

-      Recreated the profile on the mobile device
After all the above, to recreate the profile, go to active sync, choose menu, choose options, go ahead and elete the profile, then create a new profile.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ola_erikAuthor Commented:
@ cmarandi:

Thx for posting, I got this:
I found that my exchange virtual dir (OWA) didn't have integrated access authentication enabled.
this is by far the most common prob w active sync

havent checked yet if this solves my prob

one link:

BTW I didn't like your part where I disable cert mapping, It sounds like I'm disabling security features.

guru meditation:
The question remains if Xperia WinMobile 6.1 ActiveSync goes directly to Microsoft-Server-ActiveSync virtual dir (webservice?)  from SSL or if it has to pass through exchange (ie the OWA virtual dir).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.