Troy
asked on
Exchange 2010 ActiveSync Error
We currently run Exchange 2010 SP3 On-Premise and from some reason all of a sudden new users cannot get email on their IPhone's using ActiveSync. Existing users work fine.
When i look at the Event Logs it shows
Warning: MSExchangeActiveSync
Event ID: 1008
Details:
An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization.
URL=/Microsoft-Server-Acti veSync/def ault.eas?U ser=pnador i&DeviceId =7DGJ1IPSG 56OF198GS9 6EOIK64&De viceType=i Phone&Cmd= FolderSync
--- Exception start ---
Exception type: Microsoft.Exchange.AirSync .AirSyncPe rmanentExc eption
Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevic es,CN=Pete r Nadori,OU=Users,OU=FuelQui p National,DC=eclfuelquip,DC =com,DC=au .
Exception level: 0
HttpStatusCode: 500
AirSyncStatusCode: 110
XmlResponse:
This request does not contain a WBXML response.
Exception stack trace: at Microsoft.Exchange.AirSync .ADDeviceM anager.Set ActiveSync DeviceCont ainerPermi ssions(Act iveSyncDev ices container)
at Microsoft.Exchange.AirSync .ADDeviceM anager.Cre ateActiveS yncDeviceC ontainer(B oolean retryIfFailed)
at Microsoft.Exchange.AirSync .ADDeviceM anager.Cre ateActiveS yncDevice( GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
at Microsoft.Exchange.AirSync .Command.U pdateADDev ice(Global Info globalInfo)
at Microsoft.Exchange.AirSync .Command.C ompleteDev iceAccessP rocessing( )
at Microsoft.Exchange.AirSync .Command.W orkerThrea d()
--- Exception end ---.
To try and resolve the issue i have tried the following:
1. I have tried suggestion in this website: http://www.it.ltsoy.com/exchange/mobile-phones-do-not-sync-with-new-exchange-2013 - Issue still exists
2. Unchecked "Include inheritable permissions from this object's parent" tickbox in Advance Permissions options of User and re-ticked - Issue still exists
3. Opened ADSIEDIT and performed step 2. as shown above - Issue still exists
4. Restarted IIS - Issue still exists
5. Restarted Exchange Server - Issue still exists
6. Created a completely new user - Issue still exists
7. Compared problematic user with a user that works - Permissions identical
8. Re-applied Service Pack 3, restarted, re-applied SP3 Updates and restarted - Issue Still exists.
I have run out of things to try. Is there anything else I can check ?
When i look at the Event Logs it shows
Warning: MSExchangeActiveSync
Event ID: 1008
Details:
An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization.
URL=/Microsoft-Server-Acti
--- Exception start ---
Exception type: Microsoft.Exchange.AirSync
Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevic
Exception level: 0
HttpStatusCode: 500
AirSyncStatusCode: 110
XmlResponse:
This request does not contain a WBXML response.
Exception stack trace: at Microsoft.Exchange.AirSync
at Microsoft.Exchange.AirSync
at Microsoft.Exchange.AirSync
at Microsoft.Exchange.AirSync
at Microsoft.Exchange.AirSync
at Microsoft.Exchange.AirSync
--- Exception end ---.
To try and resolve the issue i have tried the following:
1. I have tried suggestion in this website: http://www.it.ltsoy.com/exchange/mobile-phones-do-not-sync-with-new-exchange-2013 - Issue still exists
2. Unchecked "Include inheritable permissions from this object's parent" tickbox in Advance Permissions options of User and re-ticked - Issue still exists
3. Opened ADSIEDIT and performed step 2. as shown above - Issue still exists
4. Restarted IIS - Issue still exists
5. Restarted Exchange Server - Issue still exists
6. Created a completely new user - Issue still exists
7. Compared problematic user with a user that works - Permissions identical
8. Re-applied Service Pack 3, restarted, re-applied SP3 Updates and restarted - Issue Still exists.
I have run out of things to try. Is there anything else I can check ?
ASKER
Just ran replication status in powershell and all seems to be replicating fine.
Repadmin: running command /showrepl against full DC localhost
Sydney\ECLGRP-NSW01
DSA Options: IS_GC
Site Options: IS_GROUP_CACHING_ENABLED
DSA object GUID: 937fe1c7-ed39-43d2-9b62-f2 cb229d0a47
DSA invocationID: bf06b6ca-9eab-4429-9be9-44 6a119b6468
==== INBOUND NEIGHBORS ========================== ========== ==
DC=eclfuelquip,DC=com,DC=a u
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15 642bb6a041
Last attempt @ 2017-12-02 08:00:48 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0 c6cbfd6caa
Last attempt @ 2017-12-02 08:00:49 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94 ca4e31ffec
Last attempt @ 2017-12-02 08:00:50 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82 80581c5544
Last attempt @ 2017-12-02 08:00:50 was successful.
CN=Configuration,DC=eclfue lquip,DC=c om,DC=au
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15 642bb6a041
Last attempt @ 2017-12-02 08:00:48 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0 c6cbfd6caa
Last attempt @ 2017-12-02 08:00:48 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94 ca4e31ffec
Last attempt @ 2017-12-02 08:00:48 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82 80581c5544
Last attempt @ 2017-12-02 08:00:49 was successful.
CN=Schema,CN=Configuration ,DC=eclfue lquip,DC=c om,DC=au
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15 642bb6a041
Last attempt @ 2017-12-02 08:00:49 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0 c6cbfd6caa
Last attempt @ 2017-12-02 08:00:49 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94 ca4e31ffec
Last attempt @ 2017-12-02 08:00:49 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82 80581c5544
Last attempt @ 2017-12-02 08:00:49 was successful.
DC=DomainDnsZones,DC=eclfu elquip,DC= com,DC=au
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15 642bb6a041
Last attempt @ 2017-12-02 08:00:50 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0 c6cbfd6caa
Last attempt @ 2017-12-02 08:00:50 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94 ca4e31ffec
Last attempt @ 2017-12-02 08:00:50 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82 80581c5544
Last attempt @ 2017-12-02 08:00:50 was successful.
DC=ForestDnsZones,DC=eclfu elquip,DC= com,DC=au
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15 642bb6a041
Last attempt @ 2017-12-02 08:00:50 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0 c6cbfd6caa
Last attempt @ 2017-12-02 08:00:50 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94 ca4e31ffec
Last attempt @ 2017-12-02 08:00:50 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82 80581c5544
Last attempt @ 2017-12-02 08:00:50 was successful.
Repadmin: running command /showrepl against full DC localhost
Sydney\ECLGRP-NSW01
DSA Options: IS_GC
Site Options: IS_GROUP_CACHING_ENABLED
DSA object GUID: 937fe1c7-ed39-43d2-9b62-f2
DSA invocationID: bf06b6ca-9eab-4429-9be9-44
==== INBOUND NEIGHBORS ==========================
DC=eclfuelquip,DC=com,DC=a
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15
Last attempt @ 2017-12-02 08:00:48 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0
Last attempt @ 2017-12-02 08:00:49 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94
Last attempt @ 2017-12-02 08:00:50 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82
Last attempt @ 2017-12-02 08:00:50 was successful.
CN=Configuration,DC=eclfue
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15
Last attempt @ 2017-12-02 08:00:48 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0
Last attempt @ 2017-12-02 08:00:48 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94
Last attempt @ 2017-12-02 08:00:48 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82
Last attempt @ 2017-12-02 08:00:49 was successful.
CN=Schema,CN=Configuration
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15
Last attempt @ 2017-12-02 08:00:49 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0
Last attempt @ 2017-12-02 08:00:49 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94
Last attempt @ 2017-12-02 08:00:49 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82
Last attempt @ 2017-12-02 08:00:49 was successful.
DC=DomainDnsZones,DC=eclfu
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15
Last attempt @ 2017-12-02 08:00:50 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0
Last attempt @ 2017-12-02 08:00:50 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94
Last attempt @ 2017-12-02 08:00:50 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82
Last attempt @ 2017-12-02 08:00:50 was successful.
DC=ForestDnsZones,DC=eclfu
SydneyNational\FQ-SRVNAT via RPC
DSA object GUID: 0da0b8bb-8f9b-4e76-ad04-15
Last attempt @ 2017-12-02 08:00:50 was successful.
Victoria\ECLGRP-VIC01 via RPC
DSA object GUID: 918e0345-4724-4bc1-b64b-d0
Last attempt @ 2017-12-02 08:00:50 was successful.
Quensland\ECLGRP-QLD01 via RPC
DSA object GUID: 0f290149-9b6b-4659-a4e1-94
Last attempt @ 2017-12-02 08:00:50 was successful.
WA\ECLGRP-WA01 via RPC
DSA object GUID: 5ce5a561-9acc-44ed-949a-82
Last attempt @ 2017-12-02 08:00:50 was successful.
Let's see the current status of your environment: (mask real domain with domain.com, paste results as CODE)
Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*
Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*
Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ClientAccessServer| fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*
Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*
Get-ClientAccessArray | fl
Get-OutlookProvider
Get-Command Exsetup.exe | ForEach-Object {$_.FileVersionInfo}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad to hear you got this working, you would also need to fix EWS's external URL.
Note that you don't seems to have autodiscover.eclgroup.com. au in the certificate, it will prevent you from automatically configuring devices (phones and Outlook) to connect to your environment.
Set-WebServicesVirtualDirectory –Identity "EWS (default web site)" -ExternalUrl https://mail.eclgroup.com.au/ews/exchange.asmx
Note that you don't seems to have autodiscover.eclgroup.com.
ASKER
Any ideas on applying the permission i referred to across multiple users and OU's ?
I also tried Active Directory Schema in the Management Console and applied to Authenticated Users Group, but even after replication finished it still didn't apply the permission.
Powershell script maybe ? and what would that look like
I also tried Active Directory Schema in the Management Console and applied to Authenticated Users Group, but even after replication finished it still didn't apply the permission.
Powershell script maybe ? and what would that look like
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Troy (https:#a42396235)
-- Troy (https:#a42396260)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Troy (https:#a42396235)
-- Troy (https:#a42396260)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
Also please check your message limit for ActiveSynch
Maybe there is a message over the limit that is causing Activesynch to reject any other connections.