Exchange 2010 ActiveSync Issue

We are running Windows Exchange Server 2010 in an VM environment. Several cell phones are connected to the server and are working fine. We have one cell phone (Samsung) account however that has stopped receiving email but can send mail. I have setup the same account on my iPhone and it seems to setup properly with green check marks in all areas but constantly receive the following error message "Cannot Get Mail" "The connection to the server failed". We have restarted both the Exchange server and the DC with the same results.  The webmail for this account works properly and he is receiving email with Outlook.
GeneratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Marwan OsmanCommented:
open up Active Directory Users and Computers and locate the user who has the problem, Double-Click into the account and click on the Security Tab (if this is not visible, Click on View> Advanced Features from the Menu at the top of the screen then navigate back to your user). Once on the security tab, click on the Advanced Button and make sure that the ‘Include Inheritable Permissions From This Object’s Parent’ is ticked. Click OK twice to close the user account.

http://www.experts-exchange.com/articles/2861/Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
GeneratorAuthor Commented:
The "Include inheritable permissions from the object's parent" is ticked. This account had been working properly for sometime and then since 12May he could not receive email on the phone. No changes had been made on the Exchange server at that time.
Marwan OsmanCommented:
Ok

Run an activesync test for his mailbox from this link an report us the error

https://testconnectivity.microsoft.com
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

GeneratorAuthor Commented:
The Exchange ActiveSync test failed.
Additional Details
Elapsed Time: 21869 ms.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Additional Details
Elapsed Time: 21868 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Elapsed Time: 21868 ms.
Test Steps
Attempting to test potential Autodiscover URL https://acme.ca:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 21516 ms.
Test Steps
Attempting to resolve the host name acme.ca in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 129.22.111.10 Elapsed Time: 392 ms.
Testing TCP port 443 on host acme.ca to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Elapsed Time: 21123 ms.
Attempting to test potential Autodiscover URL https://autodiscover.acme.ca:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 183 ms.
Test Steps
Attempting to resolve the host name autodiscover.acme.ca in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.acme.ca couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 183 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Elapsed Time: 11 ms.
Test Steps
Attempting to resolve the host name autodiscover.acme.ca in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.acme.ca couldn't be resolved in DNS InfoDomainNonexistent.
Elapsed Time: 11 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 72 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.acme.ca in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 72 ms.
Checking if there is an autodiscover CNAME record in DNS for your domain 'acme.ca' for Office 365.
Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
Tell me more about this issue and how to resolve it
Additional Details
There is no Autodiscover CNAME record for your domain 'acme.ca'.
Elapsed Time: 84 ms.
Marwan OsmanCommented:
Is this mailbox in office 365?
GeneratorAuthor Commented:
No
Marwan OsmanCommented:
Make sure the auto discover service is enabled
Marwan OsmanCommented:
If it is enabled let you try this test using another mailbox user on the same exchange server and see if everything is going okay
Marwan OsmanCommented:
If it is ok and cofirmed that there is no issue from the server side, do the below step for the AD user account which face the problem:


Start Active Directory Users and Computers.
Click View, and then click to enable Advanced Features.
Right-click the object where you want to change the Exchange Server permissions, and then click Properties.

Note You can change permissions against a user, an organizational unit, or a domain.
On the Security tab, click Advanced.
Click Add, type Exchange Servers, and then click OK.
In the Apply to box, click Descendant msExchActiveSyncDevices objects.
Under Permissions, click to enable Modify Permissions.
Click OK three times.


Check now and give us a feedback

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CandeeVCommented:
I'd also check ECP to see how many devices he has listed. There's a 10 device limit.
Marwan OsmanCommented:
Do u set a policy to allow limited number of devices per mailbox?
GeneratorAuthor Commented:
Your solution worked and the account holder's phone started working properly again. Would you have any idea why this change was required? His phone and five other phones on the same server all worked properly for over a year and then only his phone became a problem. Thank you.
Marwan OsmanCommented:
Which solution exactly?
GeneratorAuthor Commented:
Your solution related to the AD security  permissions.
Marwan OsmanCommented:
Changes may happen after moving the user objects between OUs or groups memberships changes or mailbox moved to different DB, is there a case like that?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.