0

Odd issue.

Despite allowing all of my accounts to use activesync from their mobiles(android/iphone), some of my accounts cannot connect.

Using the same devices, I can connect and sync properly using my own credentials.

If I create a new exchange account, I can connect to it just fine using the same devices.

Mobile use seems to be enabled on all of the affected accounts...

What am I missing?

Thanks very much for your time.

wooz
  • 105
  • 2
  • 14

1 Answers1

2

Are these administrative accounts by any chance? We ran into an odd bug when doing the upgrade to Windows 2008 domain and Exchange 2010 at the same time.

Here's the issue we had: check the user account in Active Directory Users and Computers, go to the security tab, and make sure "inherit from parent the permissions that apply to child objects" is checked. Without this setting enabled, Exchange didn't have the right permissions on the account to allow ActiveSync.

Quinten
  • 1,076
  • 1
  • 11
  • 25
  • This is not a bug by the way, it's a security feature of Active Directory and nothing to do with Exchange at all. – Ben Pilbrow Jul 20 '11 at 07:39
  • It's a bug in that 1) it is not well documented 2) if you upgrade AD from 2000 to 2008 version, you will run into the problem silently. Same thing can be said about the enabling of encryption by default on an upgrade (borking Olk2003)...yes, there's a good reason for the change, but on an upgrade, you shouldn't change the defaults in a way that breaks things. – Quinten Jul 27 '11 at 17:51
  • 1
    Sorry, it's no bug. 1) [It's pretty well documented](http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspx). 2) it's by no means silent and while I don't have release notes handy, it would have been in them. Also, the RPC encryption thing is well documented and easy to fix. Appropriate training would have made you aware of both "issues". – Ben Pilbrow Jul 27 '11 at 22:16