Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What are the consequences of not having an Exchange 2010 ActiveSync policy?

Posted on 2010-11-09
5
Medium Priority
?
1,105 Views
Last Modified: 2012-05-10
Hello,

I installed SP1 to Exchange 2010 this morning and as soon as it was complete, my Android users lost their ability to connect.  So, I used Google to find a work around that fixed the problem.  Here it is (http://code.google.com/p/android/issues/detail?id=11177):

1) Remove the Android mobile devces affected from each users mailboxes.

2) Remove the Default (and any other ActiveSync) policy using EMC  -- Remove-ActiveSyncMailboxPolicy -id <Default>

         Note: this will set all user to no activesync policy (this is what we want temporarily)....

3) Setup the Andriod phones to sync and let them get past the initial syncronization.

4) Recreated the ActiveSync Policy and set it back to default - (this will reapply the policy to all mailboxes).

Problem is: When I perform Step 4 - Recreate the ActiveSync policy, they all stop working again.

So, I could either go-on without an ActiveSync policy or find another way to fix this problem.

QUESTIONS:

(1)  Could someone please explain to me what the consequences are to not having an ActiveSync policy?  Is it dangerous?

(2)  Could anyone think of another way to solve this problem where Droid 2.2.1 users can no longer use built-in email functionality to access Exchange?

Thanks,
Jason

P.S.  I already know that other email programs (such as TouchDown) don't seem to have the same connection problem.
0
Comment
Question by:SqueezeOJ
  • 2
  • 2
5 Comments
 
LVL 3

Assisted Solution

by:yash_varma
yash_varma earned 225 total points
ID: 34098115
http://technet.microsoft.com/en-us/library/bb123484.aspx : Understanding Exchange ActiveSync Mailbox Policies

0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 525 total points
ID: 34098601
this is an issue with the activesync client developed for the droid phone
exchange 2010 sp1 exposes "bad" code on these devices which breaks activesync

you could create a policy and the run the Get-ActiveSyncDevice cmdlet to identify the Droid users and remove the policy from them

http://technet.microsoft.com/en-us/library/dd335068.aspx
0
 

Author Comment

by:SqueezeOJ
ID: 34098911
endital1097 -

I only have 4 Droid users, so I already know who they are.  Are you saying that I could remove the policy on a per user basis?

yash varma -

I read through http://technet.microsoft.com/en-us/library/bb123484.aspx, and I appreciate the list of settings available...but what's the risk of not having a policy?

Thanks to both of you,
Jason
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 525 total points
ID: 34101132
the risk is a lost or stolen device
without a password policy someone that gains access to the device could read current messages and send malicious messages as the user

the use can always use owa to remote wipe the device in this scenario
0
 

Author Closing Comment

by:SqueezeOJ
ID: 34129476
Thanks for your help!
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question