Solved

PDAs get 'ACCOUNT VERIFICATION ERROR' when configuring for OWA acccess

Posted on 2011-03-24
13
333 Views
Last Modified: 2012-05-11
We've been setting up many users for email access via various iPhone/Android phones in the past months.  With the increase in users doing this, I've run into two instances where we are unable to get the PDA to successfully complete setup.  Both instances seem to have been tied to the AD account.  If we configure my email account on their device, it works fine. OWA itself works fine for each user, but NO GO via PDA.  

The fix -- delete and re-create the AD account.

The fix is quite burdonsome.  I am unable to locate anything out of place in the AD account setup, mailbox/exchange features, etc.  I've even looked at ADSIedit and cant see anything that catches my eye.

Has anyone else run into this issue and figured out a fix?
0
Comment
Question by:tcloud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
13 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35211232
What version of Exchange do you have?
0
 

Author Comment

by:tcloud
ID: 35211275
2003 --  2010 is installed but no mbxs exist on it yet.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 35211297
You might want to check their inherited permissions as per my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Ignore the 2007 / 2010 part - it is also applicable to 2003.

Also - my Exchange 2003 / Activesync article might help you check that Activesync is configured properly:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Alan
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:tcloud
ID: 35215511
alanhardisty,

I checked both of your articles.  Some of the IIS SSL settings were a little different, but other than that everything was like it was supposed to be.  No change for the user in question.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35217089
Have you run the test on the test-site?  What are the results?
0
 

Author Comment

by:tcloud
ID: 35217158
TEST Passed...
Capture.JPG
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35217232
Okay - so all looks good - what Anti-Virus software have you got installed on the server?  Have you configured the Anti-Virus software to not scan the Exchange structure?
0
 

Author Comment

by:tcloud
ID: 35218084
The above test was MY account; this is the result on the one I am having the issue with -- Sorry; was in auto-pilot.
 FailedTest
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 35224513
Does the device has the trusted root certificate of the company where you bought the certificate? Each device have a place where you can see the installed trusted root certificates. In case that your certification authority is not there, you must copy the root certificate to the device and install it (usually, just open the file in the device).
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 35224516
You should use a procedure like this one:

ANDROID - Root certificate management
https://motorola-enterprise.custhelp.com/app/answers/detail/a_id/57093/~/android---root-certificate-management
0
 
LVL 11

Expert Comment

by:Renato Montenegro Rustice
ID: 35224523
If that wont work for you, would please double check the document that alanhardisty sent to you? I mean, this one:

Activesync Working But Only For Some Users On Exchange 2007 / 2010
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

It really looks like your problem.
0
 

Author Comment

by:tcloud
ID: 35232271
inherited permissions are checked on the particular user in question.
acess to OWA via https site works fine with the SSL cert.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35232741
Right - as Activesync works for some and not others and the inherited permissions are enabled, that suggests to me that you have mailstore issues, so as per my article, please run the following when convenient (store needs to be dismounted):

eseutil /p
eseutil /d
isinteg -s servername -fix -test alltests

Run isinteg until you see 0 errors and 0 fixes in the last line of the output.

If that fails - have you tried a known good working phone with a known problematical account?  If you do - what happens?
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question