I have Exchange 2010 and am trying to get Active Sync working in preparation for a migration from BES to an MDM. When I run the MS Remote Connectivity Analyzer everything but one thing passes.
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
I then looked in the event logs on the exchange server and see this error:
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=XXX,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=XXX,DC=com" container under Active Directory user "Active Directory operation failed on XXXX.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchActiveSyncDevices" and doesn't have any deny permissions that block such operations.
So I go onto one of my DCs and verify that the test account indeed has "Include inheritable permissions from this object's parent" checked and that that domain\Exchange Server has the above mentioned permissions on the account but it still doesn't work. Any suggestions?