cannot use active sync or access public folder. exchange 2003 coexistence with 2010

I have successfully (somewhat) setup an exchange 2003 coexistence with 2010. Mail is flowing fine and active sync is working. The problem is that active sync and public folder access isn't working for the one test user that I migrated to the 2010 server. All the mailboxes still on 2003 can see public folders and use active sync with no problem. The one mailbox that I migrated to the 2010 server cannot access the public folders and cannot use active sync. I have enabled 'expert' diagnostic logging for public folder replication but nothing is showing up on the event log and I am not sure where to look for the active sync issue. Please help me out EE.
LVL 2
Axis52401Security AnalystAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Have you followed the guidelines here:

http://blogs.technet.com/b/exchange/archive/2009/12/08/3408985.aspx

Did you also install KB937071 (linked in the blog) and change the permissions on the 2003 server as per the blog?

Alan
0
Axis52401Security AnalystAuthor Commented:
Alan,

I've set the active sync urls for the 2010 server but that article mainly describes issues connecting to the exchange 2003 server while a 2010 server is present. I am not having that problem, my problem is the opposite. Users can connect to the 2003 server fine but not to the 2010 server. I would rather not install the hotfix as it doesn't pertain to my issue.
0
Alan HardistyCo-OwnerCommented:
Are you still pointing port 443 to the 2003 server?

You should be at this point and then you will need the patch installed and the permissions on the 2003 server changed.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Axis52401Security AnalystAuthor Commented:
I am point 443 to the new server and the checkbox for integrated windows authentication on the 2003 server is already enabled, even without the hotfix. The weird thing is that on the 2010 server, it says my test user 'cannot synchronize their mobile phone with their mailbox because Exchange ActiveSync has been disabled for this user'. However when I look at mailbox setting it is clearly enabled. The mailbox is also a 'user mailbox' so it is local to the 2010 server. I will try disabling then re-enabling active sync but this error message is just strange
0
Alan HardistyCo-OwnerCommented:
Okay - please check the inherited permissions for the test user and make sure that they are enabled (they often aren't) and also make sure the test user isn't a member of any of the groups mentioned in my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Alan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Axis52401Security AnalystAuthor Commented:
Alan, that looks to be my problem as I am using a domain admin account to test. You say to make sure the test user isn't a member of any of the groups mentioned but indeed it is. I assume you are saying this as the problem will keep happening ever hour or so. At any rate I will migrate a non affected group and hopefully it will just work. I'll post results. thanks again.
0
Alan HardistyCo-OwnerCommented:
It is a problem as you can set the Inherited permissions, but a process will hourly reset the permissions! Whilst the permissions are set, you should be able to test / setup an account, but once the settings are reset, you won't be able to setup an account and I'm not sure if that will stop Activesync for the user as I've never tried it!!

There is a way around that if you can't live without being an Admin, but I would first setup a Non-Admin account and test that, then decide on your way forward (live with it and setup separate accounts to use Activesync for Admins or 'tweak' the settings to make it work).

Alan
0
Axis52401Security AnalystAuthor Commented:
Alan, you were right on. I moved a non admin account and its working fine. What a ridiculous limitation to have in exchange 2010. But hey I got it figured out thanks to your help.
0
Alan HardistyCo-OwnerCommented:
It's a new 'feature'!!

If you want to find the workaround, please visit my blog for details:

http://alanhardisty.wordpress.com/2010/03/05/activesync-not-working-on-exchange-2010-when-inherit-permissions-not-set/

There is a link at the bottom of my blog to a site with guidance (hopefully still working).

Alan
0
Axis52401Security AnalystAuthor Commented:
Ha, of course. Its not a bug its a feature!! Thanks!!!
0
Axis52401Security AnalystAuthor Commented:
I just posted another question about external email not working for the public folders in case you want to take a crack at that one too
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.