exchange 2010 - unable to verify account information

I have exchange 2010, users have no problem using email on premise and offsite either using outlook (outlook anywhere) or OWA. But I cannot setup iphone using exchange - - unable to verify account information

I tried leave the domain name blank. also tried with domain name, same result. Also tried to save the profile and then disable SSL, same result. Run the active-sync test on error in screenshot

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Skyler KincaidNetwork/Systems EngineerCommented:
This has a list of the settings and what they do on your Exchange server if you want to go through and verify your settings:

It seems that your clients are having issues with getting the correct information through to your server through your firewall but that is just a guess.
okamonAuthor Commented:
Not a problem with firewall. I don't have problem setup profile on my phone with different exchange domain account. Also I tried at different location.
By the way, my bad. this is exchange 2013 NOT 2010
Shreedhar EtteCommented:
Looking at the remote connectibry analyser error. I suspect that Mobile Device Mailbox Policy has been configured not to Allow non-provisionable devices.

Please Allow non-provisionable devices under Mobile Device Mailbox Policy.

After that perform ActiveSync test.

To edit Mobile Device Mailbox Policy:
In the EAC, click Mobile > Mobile Device Mailbox Policies.
2. Select a policy from the List view and click the Edit button.

3. Use the General and Security tabs to edit the mobile device mailbox policy settings.
4. Click Save to update the policy.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

okamonAuthor Commented:
I just check it. it's the default policy and I haven't changed it since the beginning.
In General, both check boxes are checked. Insecurity, require password not checked
okamonAuthor Commented:
just an update. I tried different account and it worked. it seems just the default administrator account not working. any idea why?
Shreedhar EtteCommented:
Any user part of protected group for them ActiveSync will not work. If a user is a member of any protected groups then there ActiveSync permissions (Include inheritable permissions from this object’s parent) will revert back every hour.

Protected Groups Details:

Account Operators
Backup Operators
Domain Admins
Domain Controllers
Enterprise Admins
Print Operators
Schema Admins
Server Operators

Reference Article:-

As per Microsoft:
"We recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times. "

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.