Exchange 2016 Active Sync Issue

C Y
C Y used Ask the Experts™
on
Hi Expert,

I success setup exchange 2016 active sync, but only my user account is able to send and receive email using mobile active sync and others mailbox are failed to do so.
I checked in exchange admin center (EMC) and their active sync is enabled. and they are able to access OWA as well.
I able to add the affected user profile into my phone but when i open the outlook apps it state connection to the server failed.
I checked in exchange server logs file, there's event id 1040,1053 that are related to activesync.
How can i troubleshoot this?
Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
https://testconnectivity.microsoft.com
Please run a test of Outlook Connectivity, Outlook Autodiscover and activesync
Rajkumar DuraisamyIT Service Manager
Top Expert 2012
Commented:
Please follow this..

Open dsa.msc -> View -> Advanced features -> properties the mailbox account not able to configure Mobile device -> Security -> Advanced > Select Exchange Server -> Check the inherit permission -> apply and ok..
Server engineer
Commented:
For event 1040:

You can up the time out of port 80 and 443 to 30 minutes in the your firewall.  Also try changing the connection timeout in IIS to 30 mins for the default website.

How to change the connection timeout in iis you can see:http://technet.microsoft.com/en-us/library/cc725820(WS.10).aspx

Hope it is helpful.

For event 1053:

1053 happens due to the fact the user is a member of few protected groups i.e. domain admins, hence the "enable inheritence checkbox gets removed" from the user security-advanced tab.

- The AdminSDHolder role, it is a special role within Active Directory that evaluates, on an hourly basis, the Access Control List (ACL) of certain security groups and the members of those groups (known as protected groups, e.g., Enterprise Admins) and resets the ACL with specific ACEs if the ACL doesn’t match the AdminSDHolder role ACL.
Reference Article-https://blogs.technet.microsoft.com/exchange/2009/09/23/exchange-2010-and-resolution-of-the-adminsdholder-elevation-issue/

# Need to follow the below article to add permissions for the user and confirm if the activesync is working for the user.
https://support.microsoft.com/en-us/kb/2579075

To work around this issue, assign the Exchange Servers group the right to change permissions against msExchActiveSyncDevices objects. To do this, follow thes steps mentioned in article.
C Y

Author

Commented:
Hi everyone, thanks for the suggestion.

But if i select and enable the inherit permission for the specific mailbox, what is the impact?

will it affect the single user only? what area would be affected?

Thanks.
Rajkumar DuraisamyIT Service Manager
Top Expert 2012

Commented:
But if i select and enable the inherit permission for the specific mailbox, what is the impact?

No Impact - Exchange server objects will have permission on this object

will it affect the single user only?
Yes

what area would be affected?

No impact.. if you see the change.. permission will inherited to the selected object.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial