Exchange 2010 w/ Droid

Installed new Exchange 2010 and migrated mailboxes from 2003. I didn't think i needed the pop option during install, but now droids are not working.

I can send from the droid, but can't receive. I assume this is because i have not installed the pop feature. Is it safe to do this in the middle of the day?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You should be able to start the POP3 service with no service interuption. You will also want to forward the port on your router/firewall which may or may not need a reset to work. The reset if needed will cause a short service interuption so you may want to wait on that depending on whether or not it is required.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Check your mobile services properties in your exchange system manager and insure that you have outlook mobile access enabled and that device security is disabled.  Droids had issues with device security in the past and I'm not sure if that's been corrected.
In addition, open ADUC, go to view / advanced
Do Properties on your users with the failures, click the exchange features tab and check that they have outlook mobile access enabled.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

zequestionerAuthor Commented:
enabled pop via services.... that didn't help. Where in the 2010 ESM do I disable mobile device security? ADUC shows mobile access enabled for all users.
zequestionerAuthor Commented:
Under Org Config - Client Access - Exchange ActiveSync Mailbox Policies, I see  'Allow non-provisionable devices' that didn't seem to work either. I also set 'require device password' to disable. still can't find the device security option.
Here is an article that addresses activesync best practices and troubleshooting:

It also tells you were to find the security settings.
zequestionerAuthor Commented:
yep, i do have inherited permissions enabled. Here's an output from

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
      Test Steps
      Attempting to resolve the host name in DNS.
       The host name resolved successfully.
      Additional Details
      Testing TCP port 443 on host to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
      Test Steps
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
      Additional Details
      Testing HTTP Authentication Methods for URL
       The HTTP authentication methods are correct.
      Additional Details
      An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
      Test Steps
      Attempting to send the OPTIONS command to the server.
       The OPTIONS response was successfully received and is valid.
      Additional Details
      Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
      Additional Details
       An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<html xmlns="">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
#content{margin:0 0 0 2%;position:relative;}
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
I'm working with 2003 Exchange, so the options I'm mentioning may be coded differently for 2010.  It sounds to me though that you are looking in the right area with the device password that you mentioned, because Droid's issue had to deal with PIN numbers that were assigned that allowed remote wipes of activesynch.

check your domain on the activesync settings of the device.  In the end, this was my issue today and the only reason I've got some tidbits to offer.  With a manual configuration:
IP address of your exchange server
INTERNAL domain <-- this was my issue, domain.local  not
username <--  I did not need DOMAIN\username, but it was suggested a lot in posts that I read
zequestionerAuthor Commented:
weird....  so Corp. Sync on the droid is working.... but Touchdown is not. Im not sure why the test site is giving the access denied message. permissions haven't changed. These users were, however moved to a new server. (2003->2010)
I'd suggest seeing if you have different results using a wifi connection if available in your facility.

I was able to rule out the exchange server as the issue by putting the Droid on the wifi network instead.  If I configured with wifi connected using my internal IP address of the domain server and the internal domain, it worked perfectly.  If yours works, then it's either an issue in the input to the phone's activesync wizard or you may have a firewall port blocked.

Did you enter the correct username and password into the test config at ?
zequestionerAuthor Commented:
not sure what happened, but i tried the quick connect wizard and it worked this time.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.