ActiveSync is not working properly after migrating to new Exchange 2013 SP1 server?!

Few weeks ago we have added new Exchange 2013 SP1 onto our existing Exchange 2007 environment. I have migrated my mailbox to the new Ex2013 server. Everything (send/receive - internally/externally, OWA, OutlookAnywhere) for me and the existing Ex2007 users works fine. The only thing I have trouble with is the ActiveSync! After migrating to the new Ex2013 server my phone stops getting new emails…, existing Ex2007 users don’t have any problems with their mobile phones.

Before I was going to test ActiveSync with Microsoft Remote Connectivity Analyzer remotely I was trying to do internal test with ActiveSync Tester (free diagnostic tool from

I did ActiveSync test for my user account with ActiveSync Tester and here is what I have: (please refer to pictures attached)

As you can see from the error  ActiveSync Tester detects ActiveSync on Ex2013 server however something wrong there with form-based auth?! I can’t see any differences in settings for ActiveSync virtual folders in Ex2007 and Ex2013 virtual folders?!

What I’m missing here?! Please help.
Who is Participating?
Gareth GudgerConnect With a Mentor Commented:
Go into your user account in AD Users and Computers. (Make sure you have Advanced checked from the View menu.)  Then go to the Security tab, Advanced and select Allow Inheritable permissions. Retry your ActiveSync.
I had a similar issue with some phones on one of my environments not too long ago.

I never went into the issue of permissions like in my 2010 environments.

I discovered that Android phones will connect immediately after re-creating the account on the device and accepting the new security settings. But for BB and iOS I had to go the extra mile.  You have to go in the Exchange Admin Center, mobile, mobile devices, Device Access Rules and add the device family you want to allow in your environment.

In my case I added the whole family for BB and iPhone only.

Also, keep in mind that some devices may be configured to use IMAP and this service does not start Automatically on Exchange 2013 so you will have to change its settings if you wish to use this service.

Hope that helps!
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

OlevoAuthor Commented:
Wow…, looking at the error messages I would never ever guessed about permission inheritance. Testing ActiveSync internally is looking good. Now, I need to setup some firewall rules so I can test ActiveSync externally.
Gareth GudgerCommented:
Gareth GudgerCommented:
You can also test external ActiveSync issues with this tool from Microsoft.
Gareth,  I'm getting the same error moving from Exchange 2010 to Exchange 2016.  I've enabled Inheritable permissions for the user but I'm still getting the same error on the 2010 server.

1052: The Exchange ActiveSync user domain\username has a mailbox on a Client Access server running a newer version of Exchange. Exchange ActiveSync doesn't support proxying users to Client Access servers running a newer version of Exchange. The user needs to connect to a newer Client Access server.

On the 2016 server it shows the users phone and it says access granted.
Any suggestions?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.