Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Active Sync Error

Posted on 2014-02-24
8
1,162 Views
Last Modified: 2014-03-03
Hi All.

  I have Exchange 2010 and am trying to get Active Sync working in preparation for a migration from BES to an MDM.   When I run the MS Remote Connectivity Analyzer everything but one thing passes.

Attempting the FolderSync command on the Exchange ActiveSync session.
       The test of the FolderSync command failed.
              
      Additional Details
       
Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
Diagnostics:

I then looked in the event logs on the exchange server and see this error:

Exchange ActiveSync doesn't have sufficient permissions to create the "CN=XXX,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=XXX,DC=com" container under Active Directory user "Active Directory operation failed on XXXX.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchActiveSyncDevices" and doesn't have any deny permissions that block such operations.

 So I go onto one of my DCs and verify that the test account indeed has "Include inheritable permissions from this object's parent" checked and that that domain\Exchange Server has the above mentioned permissions on the account but it still doesn't work.  Any suggestions?
0
Comment
Question by:BrianVan
  • 5
  • 3
8 Comments
 
LVL 9

Expert Comment

by:Sean
ID: 39883270
To work around this issue, assign the Exchange Servers group the right to change permissions against msExchActiveSyncDevices objects. To do this, follow these steps:

    Start Active Directory Users and Computers.
    Click View, and then click to enable Advanced Features.
    Right-click the object where you want to change the Exchange Server permissions, and then click Properties.

    Note You can change permissions against a user, an organizational unit, or a domain.
    On the Security tab, click Advanced.
    Click Add, type Exchange Servers, and then click OK.
    In the Apply to box, click Descendant msExchActiveSyncDevices objects.
    Under Permissions, click to enable Modify Permissions.
    Click OK three times.

http://support.microsoft.com/kb/2579075
0
 

Author Comment

by:BrianVan
ID: 39883347
Hello Zindel1.

  I did the steps you suggested and no change.
0
 
LVL 9

Expert Comment

by:Sean
ID: 39883362
http://ayalaaii.wordpress.com/2012/12/20/exchange-2010-insuff_access_rights-this-error-is-not-retriable-additional-information-access-is-denied/

 if the “Include Inheritable permissions from this objects parent” is cheked you uncheck it Apply setting, then go back check it and Apply agaain, ensuring that permission will get re-applied
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:BrianVan
ID: 39883625
Still not working.
0
 
LVL 9

Expert Comment

by:Sean
ID: 39883637
is this for just one user or all users?
0
 

Author Comment

by:BrianVan
ID: 39883641
I have tested it with 4 users and they have all had the same results so I would assume it is affecting all users.
0
 

Accepted Solution

by:
BrianVan earned 0 total points
ID: 39889057
Well I finally figured it out.  After much trial and error it turns out that the first time I ran the 'prepareAD' command something went wrong.  I ran setup /prepareAD on the mail server again and now it suddenly works.  Not sure what was wrong but it's working now.  Thanks for the help all.
0
 

Author Closing Comment

by:BrianVan
ID: 39900021
Figured it out myself
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question