Cannot receive Exchange 2016 email on my Iphone

philjans
philjans used Ask the Experts™
on
Hi,
I just installed an Exchange 2016 on a windows 2016 srv.
I cannot receive my email on my iphone. All my users can but me.
I am able to configure userX on my iphone so it's not MY iphone the issue.
I am comparaing the settings from me an userX and, from the gui, under Receiver-Mailbox  we seems the have the Same settings...
Why is my own user blocked.
tx!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Did you check for your own user if the ActiveSync is enabled (this is a feature per user setting, just like POP3 and IMAP is)

Get-CASMailbox <identity> should reveal it (boolean ActiveSyncEnabled)

Author

Commented:
Yes I compared the 2 : I even tried to turn off activeSync and back on to see if it would kinda reset it : no succes

Commented:
No error messages at all? How is Outlook and OWA behaving for you?
If only ActiveSync is misbehaving, do this:

Set-CASMailbox alias -ActiveSyncDebugLogging:$true (for both you and one other working account)
Both phones, sync mail
Get-MobileDeviceStatistics -Mailbox alias -GetMailboxLog:$true -NotificationEmailAddresses "admin@yourexchangeadmin.com"  (you'll have the logs of yourself, and the other one, compare both)
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Outlook and OWA working fine. I have no error on my phone: it even puts all the checkmarks showing it accepted the parameters.
I don't know where are the logs on the exchange server directly... used to 2003
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Look at the properties of your mailbox in the Exchange Admin Center and under mailbox features > mobile devices > view details, look to see if there are other mobile devices showing that you no longer use. If so delete them from there. Then try to setup your profile again on your phone. remove all of the mobile devices that you no longer have from that account.
Messaging and Collaboration Technical Lead (Exchange MVP & MCT)
Commented:
Hi

Is your account by any chance part of the domain admins group? If so it removes the inheritance tick on advanced security.

Author

Commented:
@tIMGREEN7707: That could be a leed because there are NO listed device under my name... But my iphone did check in green all the fields and accepted it...??

@Edward van Biljon: my account USED to be domain admin but I removed it and now it is a regular one... could it be related?  How do you "regive the inheritance tick on advandes security"?
timgreen7077Exchange Engineer
Distinguished Expert 2018
Commented:
@Author this is how you check:

To check whether inheritance is disabled on the user:
1.      Open Active Directory Users and Computers.
2.      On the menu at the top of the console, click View > Advanced Features.
3.      Locate and right-click the mailbox account in the console, and then click Properties.
4.      Click the Security tab.
5.      Click Advanced.
6.      Make sure that the check box for "Include inheritable permissions from this object's parent" is selected.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Also if that doesn't work, I would try moving your mailbox to another mailbox DB if you have multiple DBs. Just migrate your mailbox to a different DB and see if that fixes your issue.

Author

Commented:
@Edward van Biljon @timgreen7077 :bingo!
Tim; I think the procedure you gave me was in answer to Edward comment about inheritance?
Yes my account in AD was NOT inheritance enable and when I enabled it : close my iphone Mail app and started it again, all came in! :)
Now,
1- What that did do and how was it related to my problem. I looked at all the related permissions and see nothing that would have said something like "give that user ActiveSynch access"...
2- My account was first domain admin and then i removed it for security reasons (and I created my self a domain admin account but just used for domain administration stuff): now that I clicked on inheret persmissions: why would I have more permessions instead of less..
Thanks for the clarifications
Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP & MCT)

Commented:
Yes that is correct. He gave you the finer detail and mine was high level 😀
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Yes the procedure I provided was in response to you asking @Edward van Biljon how to check that permission. @Edward van Biljon solution provided the answer, i just showed you how to check.

Author

Commented:
Both do you know what was the permission(s) that was(were) missing and that I my user now have back thanks to the inheritance.
I am supprised that when we check in Exchange Console "Enable ActiveSych", the console is not talking care of all the details like the permissions in AD...
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
By default, the Exchange Server group has rights to create and delete msExchActiveSyncDevices objects. However, the Exchange Server group does not have rights to change permissions on msExchActiveSyncDevices. Instead, the rights are inherited from the Owner Rights security principal. If the user is a member of certain protected groups such as Domain Administrators, it is normal for this box to be unchecked.

Author

Commented:
Thanks guys... Very helpful.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial