We have some mobile users that has trouble connecting to exchange via activesync.
When using exchange analyzer and activesync tester i get the error 403 from both of them, saying access denied.
I used to fix this problem by enabling inherit in AD. But now it doesn't work.
I have enabled "Basic authentication" on the IIS side for active-sync folder.
Active sync policies from exchange have "allow non-provisible devices" enabled.
I am suspecting it could be an AD issue, since this user had a working activesync previously. no membership or permissions has been changed.