[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 793
  • Last Modified:

Exchange 2010 active sync issues

SBS 2011 running exchange 2010 sp3 ru6.  I have one user that cannot use active sync on any device.  I have reconfigured IIS virtual directory.  Reinstalled CAS role.  Verified AD inheritance.  Checked that active sync is enabled in his account.  I can open https://server/Microsoft-Server-ActiveSync/ as the user and get a 501 not implemented.  

Here is the test exchange
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
#content{margin:0 0 0 2%;position:relative;}
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
 <h2>403 - Forbidden: Access is denied.</h2>
 <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
HTTP Response Headers:
MS-Server-ActiveSync: 14.3
X-MS-RP: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
Content-Length: 1233
Cache-Control: private
Content-Type: text/html
Date: Wed, 16 Jul 2014 12:59:57 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

Elapsed Time: 20567 ms.
1 Solution
James HIT DirectorCommented:
Run the active sync test for that specific user here:


Post results.
cnesupportAuthor Commented:
that is the error I posted
Nick RhodeIT DirectorCommented:
Log into OWA with that user and see if the phone appears under mobile devices.  If it does, remove it and attempt to connect the phone again.

What kind of phone is it?  You could check on the exchange server and under activesync policies you can try allowing non-provisionable devices.
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

cnesupportAuthor Commented:
It doesn't work with iphone, ipad.  I have tried several different ones.
Gaurav SinghSolution ArchitectCommented:
Please check the user property in AD, under security option, Allow inheritable permission box is checked or not. if it is not checked, Check the box and then try to configure the account
cnesupportAuthor Commented:

Thanks for the jump start for my brain.  I knew there was something I was not remembering to check.  I checked his phones in OWA and he had 25 listed.  I removed them all and everything is working now.  

Systechadmin- As I stated in my initial question I had already done that.

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now