Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Exchange 2010. 403 error. activesync not working for some users.
Hello Experts
We have some mobile users that has trouble connecting to exchange via activesync.
When using exchange analyzer and activesync tester i get the error 403 from both of them, saying access denied.
I used to fix this problem by enabling inherit in AD. But now it doesn't work.
I have enabled "Basic authentication" on the IIS side for active-sync folder.
Active sync policies from exchange have "allow non-provisible devices" enabled.
I am suspecting it could be an AD issue, since this user had a working activesync previously. no membership or permissions has been changed.
We have some mobile users that has trouble connecting to exchange via activesync.
When using exchange analyzer and activesync tester i get the error 403 from both of them, saying access denied.
I used to fix this problem by enabling inherit in AD. But now it doesn't work.
I have enabled "Basic authentication" on the IIS side for active-sync folder.
Active sync policies from exchange have "allow non-provisible devices" enabled.
I am suspecting it could be an AD issue, since this user had a working activesync previously. no membership or permissions has been changed.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Here are my notes on troubleshooting ActiveSync. Do this for your troubled users.
ActiveSync Mailbox Logging
Open Exchange management shell on any Exchange server. Run cmd below,
Set-CASMailbox aliasofUser -ActiveSyncDebugLogging:$t
To retrieve logs.
Get-ActiveSyncDeviceStatis
Set-CASMailbox aliasofUser -ActiveSyncDebugLogging:$f
http://blogs.technet.com/b/jasonsla/archive/2013/03/19/exchange-activesync-mailbox-logging.aspx
1) Delete the email account from the device. (Remove the profile)
2) Find out what ActiveSync devices are associated with a user’s mailbox:
Get-ActiveSyncDevice -Mailbox "Redmond\TonySmith"
3) Remove the device in question from ActiveSync:
Remove-ActiveSyncDevice -Identity iPhone_TonySmith -Confirm $true
4) Enable ActiveSync logging for the user’s mailbox:
Run the following command on the server where the user’s mailbox is located “Set-CASMailbox alias -ActiveSyncDebugLogging:$t
5) Re-add the device
6) Allow syncing to commence and complete
7) Dump the captured log file to an email address:
Get-ActiveSyncDeviceStatis
ActiveSync Mailbox Logging
Open Exchange management shell on any Exchange server. Run cmd below,
Set-CASMailbox aliasofUser -ActiveSyncDebugLogging:$t
To retrieve logs.
Get-ActiveSyncDeviceStatis
Set-CASMailbox aliasofUser -ActiveSyncDebugLogging:$f
http://blogs.technet.com/b/jasonsla/archive/2013/03/19/exchange-activesync-mailbox-logging.aspx
1) Delete the email account from the device. (Remove the profile)
2) Find out what ActiveSync devices are associated with a user’s mailbox:
Get-ActiveSyncDevice -Mailbox "Redmond\TonySmith"
3) Remove the device in question from ActiveSync:
Remove-ActiveSyncDevice -Identity iPhone_TonySmith -Confirm $true
4) Enable ActiveSync logging for the user’s mailbox:
Run the following command on the server where the user’s mailbox is located “Set-CASMailbox alias -ActiveSyncDebugLogging:$t
5) Re-add the device
6) Allow syncing to commence and complete
7) Dump the captured log file to an email address:
Get-ActiveSyncDeviceStatis
i think your debug comment helped me solve it. Testing it now.
i saw in the log this:
WARNING: You currently have 10 Exchange ActiveSync partnerships out of 10 maximum partnerships allowed per user. After
you reach the maximum, no new partnerships can be created until you remove some from your account.
I have removed some devices and waiting for them to remove the old devices. Gonna try again. You might just have given me the solution!
Gonna test it first :)
i saw in the log this:
WARNING: You currently have 10 Exchange ActiveSync partnerships out of 10 maximum partnerships allowed per user. After
you reach the maximum, no new partnerships can be created until you remove some from your account.
I have removed some devices and waiting for them to remove the old devices. Gonna try again. You might just have given me the solution!
Gonna test it first :)
Premium Content
You need an Expert Office subscription to comment.Start Free Trial