SBS2003 Exchange active sync to Sony Ericsson Xperia produces error code 0x85010004

Posted on 2008-11-07
Last Modified: 2013-12-05
Hi there.

I have one SBS2003 sp2 with exchange sp2 and a brand new SE Xperia X1 mobile phone.

Set up Xperia Outlook account using DYNDNS server adress.
Got error msg indicating that I needed a certificate.
Generated a new cert thru the CEICW wizard just in case, exported it and installed it on the Xperia
Now I'm getting error msg 0x85010004 when running the active sync app on the Xperia and SE X1 support says it is related to "faulty account settings".
When I ask them to be more specific they went hostile on me and told me I couldn't ask them about how to configure my Exchange server, which of course I never did... tum-de-dum...
There seem to be no public Xperia support code reference point.

Googled a bit on 0x85010004 and there seem to be several very different options on this one.
Question by:ola_erik
    LVL 12

    Expert Comment


    I had the same error, try this:

    1. a. On your Pocket PC 2003-based device, click Start, ActiveSync, Tools, Options, Server and check the box This server uses an SSL connection.
    2. On your Smartphone 2003-based device, click Start, ActiveSync, Menu, Options, Server Settings, Connection and check the box This server uses an SSL connection.
    3. Verify that host headers are configured correctly.
    4. Also, see Microsoft KB Article 817379 for information on configuring the Exchange virtual directory

    this is the microsoft article from above:;en-us;817379
    LVL 7

    Accepted Solution

    double check the security on the iis...
    go to iis
    look under websites
    each of those virtually directories has a security setting...  right click and go to properties
    look at directory security
    authentication & access control choose to edit

    confirm this is the configuration:  (I got this from a Microsoft support call)
    1 Exchange server 2003 Sp2


    -      Corrected the permission in IIS for Exchange virtual directories
    Default Permissions :

    Default Web Site     -   Anonymous
    Exadmin                      -   Integrated
    Exchange                    -   Basic/integrated
    Exchweb                     -   Anonymous
    Bin                                 -   Basic/integrated
    Auth                             -   Basic/integrated
    Usa                               -   Basic/integrated
    Active Sync                -   Basic
    Oma                             -   Basic
    Public                           -   Basic/integrated

    -      Uncheck the Enable client certificate mapping from all Exchange virtual directories
    IIS manager => expand Web Sites => Rt. Click on Default Web Site => go to Properties => go to Directory security tab => go to the Edit option in Secure communication => and uncheck Enable client certificate mapping  

    -      Uncheck the Enable the Windows directory service mapper from the Web Site properties
    IIS manager => rt. Click on Web Sites & go to Properties => go to Directory security tab => uncheck the option for Enable the Windows directory service mapper

    -      Restarted the IISAdmin service

    -      Recreated the profile on the mobile device
    After all the above, to recreate the profile, go to active sync, choose menu, choose options, go ahead and elete the profile, then create a new profile.
    LVL 3

    Author Comment

    @ cmarandi:

    Thx for posting, I got this:
    I found that my exchange virtual dir (OWA) didn't have integrated access authentication enabled.
    this is by far the most common prob w active sync

    havent checked yet if this solves my prob

    one link:

    BTW I didn't like your part where I disable cert mapping, It sounds like I'm disabling security features.

    guru meditation:
    The question remains if Xperia WinMobile 6.1 ActiveSync goes directly to Microsoft-Server-ActiveSync virtual dir (webservice?)  from SSL or if it has to pass through exchange (ie the OWA virtual dir).

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Too many email signature changes to deal with?

    Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now