• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

PDAs get 'ACCOUNT VERIFICATION ERROR' when configuring for OWA acccess

We've been setting up many users for email access via various iPhone/Android phones in the past months.  With the increase in users doing this, I've run into two instances where we are unable to get the PDA to successfully complete setup.  Both instances seem to have been tied to the AD account.  If we configure my email account on their device, it works fine. OWA itself works fine for each user, but NO GO via PDA.  

The fix -- delete and re-create the AD account.

The fix is quite burdonsome.  I am unable to locate anything out of place in the AD account setup, mailbox/exchange features, etc.  I've even looked at ADSIedit and cant see anything that catches my eye.

Has anyone else run into this issue and figured out a fix?
0
tcloud
Asked:
tcloud
  • 5
  • 5
  • 3
1 Solution
 
Alan HardistyCommented:
What version of Exchange do you have?
0
 
tcloudAuthor Commented:
2003 --  2010 is installed but no mbxs exist on it yet.
0
 
Alan HardistyCommented:
You might want to check their inherited permissions as per my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Ignore the 2007 / 2010 part - it is also applicable to 2003.

Also - my Exchange 2003 / Activesync article might help you check that Activesync is configured properly:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Alan
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
tcloudAuthor Commented:
alanhardisty,

I checked both of your articles.  Some of the IIS SSL settings were a little different, but other than that everything was like it was supposed to be.  No change for the user in question.

0
 
Alan HardistyCommented:
Have you run the test on the test-site?  What are the results?
0
 
tcloudAuthor Commented:
TEST Passed...
Capture.JPG
0
 
Alan HardistyCommented:
Okay - so all looks good - what Anti-Virus software have you got installed on the server?  Have you configured the Anti-Virus software to not scan the Exchange structure?
0
 
tcloudAuthor Commented:
The above test was MY account; this is the result on the one I am having the issue with -- Sorry; was in auto-pilot.
 FailedTest
0
 
Renato Montenegro RusticiIT SpecialistCommented:
Does the device has the trusted root certificate of the company where you bought the certificate? Each device have a place where you can see the installed trusted root certificates. In case that your certification authority is not there, you must copy the root certificate to the device and install it (usually, just open the file in the device).
0
 
Renato Montenegro RusticiIT SpecialistCommented:
You should use a procedure like this one:

ANDROID - Root certificate management
https://motorola-enterprise.custhelp.com/app/answers/detail/a_id/57093/~/android---root-certificate-management
0
 
Renato Montenegro RusticiIT SpecialistCommented:
If that wont work for you, would please double check the document that alanhardisty sent to you? I mean, this one:

Activesync Working But Only For Some Users On Exchange 2007 / 2010
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

It really looks like your problem.
0
 
tcloudAuthor Commented:
inherited permissions are checked on the particular user in question.
acess to OWA via https site works fine with the SSL cert.
0
 
Alan HardistyCommented:
Right - as Activesync works for some and not others and the inherited permissions are enabled, that suggests to me that you have mailstore issues, so as per my article, please run the following when convenient (store needs to be dismounted):

eseutil /p
eseutil /d
isinteg -s servername -fix -test alltests

Run isinteg until you see 0 errors and 0 fixes in the last line of the output.

If that fails - have you tried a known good working phone with a known problematical account?  If you do - what happens?
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 5
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now