Announcement

Collapse
No announcement yet.

User not connecting via iPhone

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User not connecting via iPhone

    We have several users who can connect via their smartphones (both Android & iPhone). But today I had a user come in who wasn't able to connect - and I'm not sure why.

    She is able to get to her email via Outlook (2010) and OAW just fine.

    I looked in the event log on the Exchange (2010) server and I see this:
    Code:
    Exchange ActiveSync doesn't have sufficient permissions to create the "CN=First Last,OU=Staff,OU=Users,DC=subnet,DC=domain,DC=edu" container under Active Directory user "Active Directory operation failed on dc1.subnet.edu. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".
    Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.
    
    Details:%3
    In the exchange console, there are no mobile devices listed for the user.

    Clues?

  • #2
    Re: User not connecting via iPhone

    Have you done what the error says - and ensured that permissions are being inherited correctly?

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: User not connecting via iPhone

      Originally posted by Sembee View Post
      Have you done what the error says - and ensured that permissions are being inherited correctly?

      Simon.

      If I knew what permissions to look at, I would.

      Comment


      • #4
        Re: User not connecting via iPhone

        You ever read the error message you posted? It's all listed there!

        Comment


        • #5
          Re: User not connecting via iPhone

          As mentioned, look at the permissions of the user's mailbox via the security tab. You msy need to use AD Users and Computers from the Exchange server and ensure Advanced Features are active.

          Have you by any chance originally upgraded from 2003 to 2007 and now have upgraded to Exchange 2010? We had a similar issue with active sync and was due to us having upgraded in that order. Of course, when we upgraded to 2007, Exchnage 2010 was not around.

          Comment


          • #6
            Re: User not connecting via iPhone

            I assume you mean the permissions of the Active Directory entry for "domain\Exchange Servers"?

            Which user group (Authenticated Users)?

            Comment


            • #7
              Re: User not connecting via iPhone

              Originally posted by Virtual View Post
              As mentioned, look at the permissions of the user's mailbox via the security tab.
              ??? User's Mailbox via the Exchange Console?

              Ie. What is meant by "permissions of the user's mailbox"?


              You may need to use AD Users and Computers from the Exchange server and ensure Advanced Features are active.
              I'm not sure what difference looking at the AD from the exchange server vs the domain controller itself will show. Advanced Features are enabled on both.


              Have you by any chance originally upgraded from 2003 to 2007 and now have upgraded to Exchange 2010? We had a similar issue with active sync and was due to us having upgraded in that order. Of course, when we upgraded to 2007, Exchange 2010 was not around.
              The previous admin here did migrate from 2007 to 2010.
              As I said in my OP - connecting via an iPhone works fine for other users. It only fails with this one particular user.

              I've compared group membership of the failing user with other users who are working. Nothing is different (ie. it's not like the other ones are domain admins and she isn't).

              Comment


              • #8
                Re: User not connecting via iPhone

                Open the Permissions of the user in ADUC, then click on Advanced and verify that inherit permissions is enabled. If not, enable it. Apply/OK out.
                Do note that any permission changes are not live - due to the way Exchange caches permissions it can be two hours before they are fully effective.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: User not connecting via iPhone

                  As Sembee has recommended, that should fix your issue.

                  My reference to mailbox permissions are the NTFS permissions allocated to the user object that has the mailbox.

                  Using ADUC on the Exchange server rather than DC will allow all Exchange permissions to also be reviewed.

                  Comment

                  Working...
                  X