Exchange 2010 SP3 Activesync to iPhone 6 issue.

Our iPhone 6's are having their activesync connections randomly disabled.  This is only on 3 of the iPhone 6's.  all the other iphones are not having this issue.  we are running Exchange 2010 SP3 (virtualized).  The iPhone 6 has been updated to the latest iOs version 8.3.  Let me know if you need any more information and I will get it for you.  Thanks.
gzitlaw1966Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Disabled means, getting disabled from mailbox properties?
Will SzymkowskiSenior Solution ArchitectCommented:
You said that there are only 3 phones being affected. Have you tried different mailboxes on these phones? Have you reset the phoens? Power cycle?

Will.
btanExec ConsultantCommented:
may want to check either possible means that help others
Since I wasn't seeing any sign of the phone connecting on the exchange side, I decided that it must be caching some weird state that had it confused. I went to settings->general->reset network connections and did it.

The issue was due to that user activating more than 10 devices on his Exchange ActiveSync account. So all I had to do to get his email working again, was log into Exchange OWA and go to Options > See All Options > Phone. Once there, you will see a list of devices that have been setup with that email account. The problem is, you can't have more than 10 different devices setup with Exchange, and every time you get a new phone or tablet it takes one of those activations. So to fix this problem, just delete some of the old devices from off the list to free up more slots for new devices. (Exchange usually does send you an email stating that you have run out of activations
https://discussions.apple.com/thread/6544887

MS has a listing tracking all Mobile including Apples and ActiveSync ("Current issues with Microsoft Exchange ActiveSync and third-party devices") - not found any specific besides calendaring but you can check further as I did not drill deep https://support.microsoft.com/en-us/kb/2563324
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

gzitlaw1966Author Commented:
Amit yes the feature gets disabled in Mailbox features.  We go in and re-enable and it works.  The times they get disabled are also random.
gzitlaw1966Author Commented:
Will we have done all the normal troubleshooting on the iphones.  We have a mix of 4s, 5, 5s, and 6's.  The only phones that seem to be affected are 3 of the 6's.  Yet I have other 6's that are working fine and haven't self-disabled.  This is a very weird issue.
gzitlaw1966Author Commented:
Btan I will check that out thanks for the info.
btanExec ConsultantCommented:
probably has to try delete account, reset network connection setting
Here is how I was able to resolve it.
Delete the iPhone account.
Settings -> Mail, Contacts, Calendars -> Exchange account -> Delete Account

Reset Network Settings
Settings -> General -> Reset -> Reset Network Settings
The phone will reboot.

After the phone reboots
Don't add any WiFi networks, until after you set up your exchange account again
 Set up your Exchange account again
  Settings -> Mail, Contacts, Calendars -> Add Account
  fill in all your settings, make sure you see all the √ marks

After that, your account should sync up.

Once you've verified that the Exchange account is working, then you can add your wifi network back in, and it should keep working.
https://discussions.apple.com/thread/6541881

otherwise, wipe the device again and tried from a fresh start- no restore of a previous backup. Re-setup the account from fresh then slowly started to work on exchange 2010 account.
AmitIT ArchitectCommented:
We can track it down, by checking MSExchange Management logs. It will tell you who disabled it. I answered something similar few days back. I also tested at my end and it shows me the details.

http://www.experts-exchange.com/questions/28688357/How-to-audit-ActiveSync-change-in-exchange-2013.html#a40823299
gzitlaw1966Author Commented:
Btan I checked and I only have 2 devices connected.  My iPhone and my iPad.  We may have narrowed it down to the AV we installed on the server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
If it was an AV issue - everyone should be affected, not just a couple of users.
AmitIT ArchitectCommented:
AV cannot disable Active Sync.
gzitlaw1966Author Commented:
That is most probably true.  The network admin is trying rule that out as it started right after he installed a new AV version on the servers.
AmitIT ArchitectCommented:
Check the logs, I mentioned in my earlier post. You might find the root cause.
gzitlaw1966Author Commented:
Thanks Amit will do.  I'm relaying all this to the network admin.  Hopefully he will look at my emails post haste.  I appreciate all the help.
Alan HardistyCo-OwnerCommented:
@Amit - "AV cannot disable Active Sync."

It can't disable Activsync, but it can break it to the point that syncing stops working properly.

There are numerous EE questions where AV does cause problems, more so with the older version of Exchange, but you still need to exclude AV from scanning the Exchange folders to stop it from causing headaches.
AmitIT ArchitectCommented:
You are right Alan, in this case the option itself is getting disabled from Mailbox properties. Which is a strange behavior. There could be two reasons for that, either someone is disabling it manually or there could a script or task doing this task. I have one customer with similar requirement, where AS is not enabled for everyone and a script run every night to disable it.
Alan HardistyCo-OwnerCommented:
Is Exchange on SP3 Rollup 9 or are there updates that could be installed there to bring that up-to-date?
gzitlaw1966Author Commented:
Rollup 9 isn't on there but we haven't had an "incident" since we uninstalled the AV.  I'm going to watch it the rest of today and let y'all know in the AM.
btanExec ConsultantCommented:
I also see if exchange policy has no enforcement of device and user disable from activesync services then it is really external process in the exchange servers
When you use the set-ActiveSyncOrganizationSettings –DefaultAccessLevel cmdlet, devices can still be blocked if they do not comply with a specific Exchange ActiveSync policy, regardless of whether the device is allowed by the list that is provided to  ActiveSyncAllowedDeviceIDs.

If Exchange ActiveSync isn't enabled for the user, the user won't be able to synchronize any device with Exchange. You can prevent a specific device from synchronizing with Exchange, but only by using the Exchange Management Shell.
Indeed the best evidence is the Exchange ActiveSync log on the error and sometimes, the loss of connection using Exchange ActiveSync can due to Exchange resource consumption. Not sure if the AV  is causing sort of "denial of service" (see MS advice - https://support.microsoft.com/en-us/kb/2469722)

...but having specifically only on those 3 devices does not seems contributory to this cause......will hear out more on that. Sidenote-  There is practice specific for AV running in Exchange Server esp those exclusion https://support.microsoft.com/en-us/kb/2469722
gzitlaw1966Author Commented:
Thanks to everyone for all the great advice and comments.  Since we uninstalled the new AV client we haven't had an incident.  For now I will consider this issue resolved.  Not sure how to award points on this one though.  :-)
Alan HardistyCo-OwnerCommented:
From the looks of things - you solved that one yourself, so you should award yourself the solution in comment http:#a40839461, then you can award assisted points to any comment or comments that helped you to find the solution, if indeed any did (which I can't see any that pointed you towards that as a potential solution).

Alan
gzitlaw1966Author Commented:
Thanks for the advice Alan.  Even though no one helped "solve" the issue, I appreciate the help that everyone on this board provides.  I never want anyone to feel like their contribution was unappreciated or went unnoticed.
Alan HardistyCo-OwnerCommented:
Sometimes that's the way it goes on EE.  Points shouldn't be awarded for effort - they should be awarded for helping you provide the solution and most (not all) will be happy with no points for not actually providing a solution.

When Experts provide a solution, or help steer you in the right direction, then by all means award them points, but generally they shouldn't be given out for turning up or not helping / assisting you in solving the problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.