Activesync with Exchange 2010 SP1 will not connect

Another small problem we had was we couldnt get devices to connect using activesync.  Turns out to be a small bug.

You will know this is the problem by looking in the application log in the event viewer. You will see the following error:

Exchange ActiveSync doesn't have sufficient permissions to create the "CN=<name>,CN=<container>,DC=ads,DC=ssc,DC=wisc,DC=edu" container under Active Directory user "Active Directory operation failed on <exchange server>. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

To fix this, you need to go to Active Directory Users and Computers. Then click on view on the top, and make sure “Advanced Features” is checked. Right click on the user that is having problems, and choose “Properties.” Then go to Security -> Advanced -> click the button for “Include inheritable permissions from this object’s parent” and then apply and OK.

After that, you should be able to connect!

Filed under: Exchange, Microsoft | Posted on March 17th, 2011 by CharlieMaurice

Leave a Reply

RSS Feed

Categories

Archives

Blogroll

Meta

Copyright © 2014 Charlie's Tech Ramblings. All rights reserved.

Tech Blue designed by Hive Designs • Ported by Free WordPress Themes