There are some issues with ActiveSync for both Exchange 2007 and Exchange 2010 users whereby some users can connect their Mobile Devices (Windows Mobile Phones / iPhones / Motorola Droid etc) quite happily and ActiveSync pushes mail to the devices, but other users cannot connect and cannot sync anything at all.
There appear to be plenty of potential solutions for this problem around if you search the web, but the solution to the majority of these problems can be solved quite simply.
If you open up Active Directory Users and Computers and locate one of your users that is not working, Double-Click into the account and click on the Security Tab (if this is not visible, Click on View> Advanced Features from the Menu at the top of the screen then navigate back to your user). Once on the security tab, click on the Advanced Button and make sure that the ‘Include Inheritable Permissions From This Object’s Parent’ is ticked. Click OK twice to close the user account.
Once the box is ticked, you should then be able to connect up your Mobile Device to your Exchange Server and receive your mail like the rest of your users.
This particular problem seems to only affect migrated users and not users that were setup on the server post migration.
- In the Advanced Security Settings of the User that is having problems, check to make sure there are no Unknown SID Security Entries. If there are then delete them. I had to delete two Unknown SIDs from the root level of my AD.
- Also while in the Advanced Security settings make sure that Include Inheritable Permissions is checked.
- Then Synchronize all domain controllers using “repadmin /syncall /e”
- Open ADSIEdit in the Default Naming Context
- Browse through the directory and locate the user object having problems
- Select the CN=ExchangeActiveSyncDevices container located under the troublesome user and delete it.
- The next time a device attempts an ActiveSync connection, the folder will be automatically recreated and the correct permissions applied
- Then Synchronize all Domain Controller Again “repadmin /syncall /e”
- Log into the Exchange 2013 Server and run “iisreset”
- Try your Active Sync Device again