• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

ActiveSync and Exchange 2010

I am migrating from Exchange 2003 to Exchange 2010 and cannot get active sync to work on any users mailboxes that are transferred to the 2010 server.

I have read some techdocs related to the issue about permissions:
http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx but do not seem to fix the issue.

I changed the permissions for inheritance and this does not seem to be the problem as I have tested a standard account as well as high level privileged accounts.

I have done a comprehensive test with a standard domain user account. I tested it while it was on the Exchange 2003 server and it sync's fine with a phone. I transfer it to 2010 Exchange and it will not complete account set up. I then TRANSFER it back to the 2003 exchange server and I can complete the exchange account setup on the phone but it does not pull down any email...but willn send an email.

Activesync seems to be enabled on 2010 server, no event viewer errors.

1 Solution
Em ManCommented:
have you try using this tool to troubleshoot the issue?


Please post back the output of these commands
Run this from Exch Shell

get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-activesyncvirtualdirectory | fl
get-webservicesvirtualdirectory | fl

If Adminsdholder folder doesnt have inheritance permission disabled users on whom u r enabling it it will be disable after some time. for this you have to enable it on adminsdholder and then on users. for more info check this article



try to browse MicrosoftactiveSync virtual directory on e2k10 server and make sure you are getting 501/505 error

If you are getting 500 then its the issue

Authentication On Microsoft-Server-ActiveSync virtual directory in IIS
 Basic  Required
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Is 2003 still handling ActiveSync traffic?

Has the authentication been amended to include Integrated Authentication? If not, integrated authentication on the Microsoft-ActiveSync-Server vdir should be set.

Check http://blogs.msexchange.org/walther/2011/05/14/exchange-20032010-activesync-coexistence-lesson-learned/
sydlegAuthor Commented:
There were a number of helpful posts here but the main thing that fixed this issue was changing the advanced permissions on the AdminSDholder directory in SYSTEM in AD. The complete solution is listed below.

1.      Set the Microsoft-Server-Activesync authentication as basic on the CAS server.
2.      SSL enabled on Microsoft-Server-Activesync with Ignore Client certificate.
3.      Removed the redirection on HTTP Redirect on Microsoft-Server-Activesync.
4.      Enabled the Allow Inherit permissions in ADminSDHolder under ActiveDirectory Users & Computers-┬┐System.
5.      Allow inherit permissions enabled for Activesync users in ActiveDirectory Users & Computers.
6.      Set the correct External & Internal URL for Exchange Activesync in Exchange Management console.
7.      Did iisreset.
8.      Reset the Microsoft-Server-Activesync Virtual directory in Exchange Management console.
9.      Reset the Samsung mobile device to default factory settings.
10.      Activesync issue resolved.
sydlegAuthor Commented:
My answer was solved by a Microsoft technical request.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now