Active sync security

Similar Messages

• Best way to Securely publish OWA and Active Sync

  Hi Guys
  Just a quick question what is the best way for me to securely publish OWA and Active Sync in Exchange 2013, I have 1 CAS server and one MB server both on my lan but i have 443 open to internet and would like to make it more secure by putting maybe a reverse
  proxy or OWA device in my DMA, my setup is small sub 200 users so cost is a factor, what is the most economically way for me to do this with the least amount of work and complication
  I know ISA/TMG is now extinct and i dont want to use any linux reverse proxies etc.. just a simple solution that will publish these services securely that is easy to support going forward and inexpensive.
  Thanks in advance
  Spudney

  What exactly are you looking to secure?  If all that you have open is TCP 443 that is a tight setup already.
  You'll  have to state the business requirements you are looking to address - and for a 200 user org I suspect that they will be very different from a large enterprise.
  Take a look at this pls:
  http://blogs.technet.com/b/exchange/archive/2013/07/17/life-in-a-post-tmg-world-is-it-as-scary-as-you-think.aspx
  And say hello to Renton as well please!
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• E-mail and Exchange Active Sync

  Planning on configuring E-mail in your Xperia phone? Or do you experiencing problems syncing your E-mails? If yes this might be the topic for you.
  Below you’ll find some guides on how to setup E-mail sync and troubleshoot any problems.
  POP3/IMAP
  POP4/IMAP E-mail accounts are the most commonly used. This guide will show you the steps of configuring your E-mail manually if your E-mail server doesn’t support auto setup. Please note that the Next button won’t be lit if you have typed an incorrect E-mail address containing characters or symbols that are not supported.
  Configuring POP3 or IMAP E-mail
  Go to the E-mail application and enter your E-mail address and password. Now press Manual setup.
  Chose the kind of E-mail server your provider is using. If uncertain check this with your E-mail provider.
  Under Incoming settings enter your username, password and server details. If you’re uncertain about these details contact your E-mail provider. But in general your username is the same as your E-mail address but some providers may use a specific user name for your account.
  Here you can also set if the server should delete the E-mails if you delete them in your phone. This setting is by default always set to Never.
  Next step is Outgoing settings. If your E-mail provider also has an SMTP server you can enter the details for sending E-mails here. This normally requires a sign-in on the SMTP server. If yes, check the Require sign-in box and enter your E-mail address and password. As above if you’re uncertain about any of these details contact your E-mail provider.
  If your E-mails provider lacks an SMTP server you can check if your network operator provides an SMTP server and use their details. Using your network operators SMTP generally doesn’t require sign-in.
  Now it’s time to set how and when to check for new E-mails. Set and check the options you desire.
  The last step of the setup is to enter an account name and your name (signature).
  Troubleshooting POP3/IMAP E-mail
  First make sure that you have a working Internet connection in the phone.
  You can download Internet and MMS settings for your phone by going to Setting > Xperia > Internet settings.
  If you have a working Internet connection but still not able to connect to your E-mail server or sync your E-mails check that no Proxy server within your APN settings may be blocking this. You can check this by going to Settings > More (Wireless & networks) > Mobile networks > APN or Access Point Names > Your Internet APN. Check if any details are set for Proxy and Proxy port. If yes you can try to delete them (temporarily) and save the APN. Now check if you’re able to connect or sync with your E-mail server.
  You can also verify suspected Internet connection issues by trying via a Wi-Fi network instead.
  E-mail disappearing?
  By default our E-mail application is set to only mirror the server. So if an E-mail on the server is deleted it will also be removed from the phone at the next sync.
  Syncing sent E-mail?
  This is not possible on POP3 configurations. To be able to sync sent E-mails in the phone you must have configured an IMAP or Exchange Active Sync account.
  Problem sending E-mail?
  If you’re not using the same SMTP server as network operator in your phone you might experiencing problems sending E-mail via mobile networks. If this is the case you can connect to a Wi-Fi network to send E-mail or check with your SMTP provider if the outgoing port can be encrypted.
  If none of the tips above helps you, you can try to download a third party E-mail application from Google Play store. This can be easy way to rule out where a specific problem may be located.
  Exchange ActiveSync
  Our Xperia phones come with the built-in Android native client for synchronizing your corporate E-mails, calendar and contacts. Here are some things worth double checking if you would experience any problems with Exchange sync.
  Begin with checking your sync account details and if you haven’t configured the Exchange ActiveSync account yet see the instructions bellow.
  Configuring a Exchange ActiveSync account
  Go to the E-mail application and enter your corporate address and password. Then press next.
  Don’t worry if the setup might fail at this point because most Exchange servers don’t have auto setup enabled. In this case just press Manual setup. Please note that the Next button won’t be lit if you have typed an incorrect E-mail address containing characters or symbols that are not supported.
  Now our E-mail application needs to know what kind of account you want to configure. Press Exchange ActiveSync.
  This will bring you to the incoming settings screen. Enter domain\user name, password and server address. If you’re uncertain about your details contact your IT department to check which credentials to use. You will also need to know if you should accept all SSL certificated or use a client certificate.
  When all details are correct you will have to setup how and when to sync. So enter and check the options you desire.
  When you see this screen the setup is complete.
  If your Exchange server requires certain security settings you might see the following pop-up after finishing the setup. If this is the case you must approve the security update in order to sync E-mail, calendar and contacts.
  Pressing OK will give you a screen showing you what permissions you need to give the E-mail application. These permissions/ security settings are set from the Exchange server and depend on your corporate IT policy.
  Troubleshooting Exchange Active Sync
  First make sure that you have a working Internet connection in the phone.
  You can download Internet and MMS settings for your phone by going to Setting > Xperia > Internet settings.
  If you have a working Internet connection but still not able to connect to your E-mail server or sync your E-mails check that no Proxy server within your APN settings may be blocking this. You can check this by going to Settings > More (Wireless & networks) > Mobile networks > APN or Access Point Names > Your Internet APN. Check if any details are set for Proxy and Proxy port. If yes you can try to delete them (temporarily) and save the APN. Now check if you’re able to connect or sync with your E-mail server.
  You can also verify suspected Internet connection issues by trying via a Wi-Fi network instead.
  ActiveSync protocol version
  You can check which Exchange ActiveSync protocols that are supported by your phone model in its white paper. http://developer.sonymobile.com/downloads/whitepapers/
  Compare this with your server to make sure they’re compatible.
  “SERVER REQUIRES UNSUPPORTED SECURITY FEATURES”
  If you get the error message above your Exchange server is using security settings which are not supported by the Android native Exchange ActiveSync application. Which security settings that your phone model supports depend on firmware version and phone model. If your company runs on security settings that the Android native mail application doesn’t support and you don’t plan to alter the security settings, an alternative is to download any of the dedicated Exchange ActiveSync applications from Google Play store.
  New meetings don’t sync?
  If you have entered a new meeting in the phone and it doesn’t sync make sure that the meeting has been put into the correct account. When creating a new meeting in the calendar application make sure that you’ve chosen your ActiveSync account as calendar when creating the meeting.
  How to use GAL (Global Address List)?
  In most of our models you can access the GAL by opening the contacts application and tap the search icon. This will search the Global Address List on your exchange server. Our mail application also searches GAL when typing something in the To: field. Unfortunately we don’t have any default support at the moment for browsing the complete Global Address List.
  For more information about what is supported by our Contacts, Calendar and E-mail applications please see this link (Xperia Z, Xperia ZL, Xperia ZR and Xperia Tablet Z). Or this link (Xperia Z1, Xperia Z ultra and Xperia Z1 Compact).
   - Community Manager Sony Xperia Support Forum
  If you're new to our forums make sure that you have read our Discussion guidelines.
  If you want to get in touch with the local support team for your country please visit our contact page.

  Hi and welcome to the community! Since you're new please be sure that you have checked out our Discussion guidelines.
  Are you sure that your account is really configured for the ActiveSync protocol? Because we've seen this occur only when using IMAP with Hotmail/Outlook.com.
  I suggest that you make sure that the account is configured as POP3 or EAS. Or use their own dedicated app.
   - Community Manager Sony Xperia Support Forum
  If you're new to our forums make sure that you have read our Discussion guidelines.
  If you want to get in touch with the local support team for your country please visit our contact page.

• Help with Exchange 2007, Active Sync and iPhone 3g - software 2.0.2

  Hello good evening and *******
  Now that's said, is anyone else having 'issues' with this?
  I'm on install number ten of Exchange 2007 and god knows how many different variations of trying to connect to it on the phone. I can get OWA working on the phone and via the web both on the phone and via my home pc, i've had Outlook at home working and i've had Outlook at work working. Honestly when it works, it's seamless and very very quick however i'd like it to work for longer than a day and have some faith that it will do so.
  What I keep finding is that for some reason, despite nothing changing on the server or the phone is that Active Sync eventually fails and for no apparent reason. The longest i've had it working is just over a day ( yesterday) and last night it packed up again.
  I think it's something to do with certificates / dns but that's purely guesswork as I thought i'd fixed it last time by setting up the FQDN to point at both internal and external network cards on our internal network.
  I would also like to point out that Exchange2007 has been working perfectly throughout all of this, it's just the iPhone / ActiveSync part that dies - unsurprisingly this is the most important bit for me as that's the bit our sales force will be relying on when we transfer to exchange.
  I'm no Mac 'fan' and i'm not that much in love with Windows but there seems to be something amiss between Apple and Microsoft and due to the iPhones complete lack of diagnostic logging further compounded by silent error messages i'm at a loss to find out where / why / when it's breaking.
  Is there a 2.0.3 update due which will address this problem?
  In the meantime i'm off to install Exchange ..... again, set up security certificates ... again ..... and see if it will fix what's broken .... again

  And now it's working!!!
  I changed the following in IIS.
  Default website - Microsoft Server ActiveSync Properties
  virtual directory - read access enabled
  directory security - integrated windows authentication, digest authentication, basic authentication enabled
  realm - set to mydomain.com
  Changed the same things for OWA
  That appears to have done the trick but i've been here before so i'll see if it stays working over the weekend.
  As a phone ... i'm impressed, as a web enabled device, i'm impressed but as a Corporate Tool ..... i've yet to be impressed, largely due to the complexity of integration into exchange.

• Active Sync not working (fails on last step of MS remote connectivity test)

  Hello,
  can't figure out what is wrong with our active sync.
  https://testconnectivity.microsoft.com fails on last step:
  Attempting the FolderSync command on the Exchange ActiveSync session.
  Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
  HTTP Response Headers:
  request-id: c058805f-cfb1-4303-8edc-7962e5cb0d18
  X-CalculatedBETarget: internal_servername.domain.com
  MS-Server-ActiveSync: 15.0
  X-MS-RP: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
  MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
  MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
  X-MS-BackOffDuration: L/-470
  X-MS-Diagnostics: &Log=PrxFrom:10.224.6.74_V120_HH:mail.domain.com_SmtpAdrs:username%40domain.com_NMS1_St:F_Sk0_Srv:12a0c0d0s0e0r0A0sd_Ers1_Cpo19921_Fet20000_ExStk:H4sIAAAAAAAEAOVWS2%2fjNhC%2bL9D%2fMEcvoAh20r0YiwCq5WwF1HFgedujS5Njmw1FqiRlWP31HVqW5LTZpHFboA9d%2bBBn5vvmRc4kt8aZjY%2bnB75jeotxIm1ea96OD2gLplF7OoCll0bD1dXVLcx%2bL5kyz%2bJUWuTe2DpO0nmJlgWRTnYMCfdyj9AdA9Megg2TCgXQbK%2f08CZ%2bdHtjpYuVj2G5kw7QWmOBJtp4sOitZGuFMSRCyKCBKZB6Ywhwa4ujc0FAoJYo4q%2fencyLzrxFVxrtcAzD5vswhhz51NoxpHmWXg1vRh%2buR9NRBKU1ZK6Ar4fDGxhk9%2fnnu7tVMplM83y1yD59u8zfRyDICTB81zgpr53HovdJjnYvCVP8YI033CjX%2f3vOWcsdQuXQwo4RDe2qzUZyScEA1lCzcrvzjngBAPN%2fxN53gpUTozUdIBMxTZ23FfeLkx8GmfY311CQdrbFTEQQJDpwfbgiIJFK%2bUSp4ESaLesSI1jKAvOSadr8uULnw3pe%2bQi%2bMUYh7WPLb65P%2f95fjj9HLRaNoUEndtpoETyPyZzZfT2ZHwJ4cZHxp%2f5T56sI7iulQhL%2fOAKuQmRzKTBHZvnuBDKC7Ji00tc5J%2b9T6M9WEeRUBnoLnCmFNqP0fwOrJA0bOcU60JkekFceZ0ZISrMjwJYd1fL6JxICQmjrCL7Mtj2ZUSFTdkoqypBEXfCL0tfNiZPZeZ%2fw%2fTHpQu9pmFAlwVSTug2VgKZi6BIInGf8EbxlHMOxS4knBLL%2bBbvf09BnBs%2bFHHg3fckJvaYOqqBQNaXljWdqEboXunbPNsu5DhmP9r8Wwn8jk4uR52yPPUbq2p5pjksT9ineU10VVP5NzdOVQr3AHzOhRbWuS%2bbc90xJwV4D0l3WaYqhU86Ypq5t44%2b3fLVKpSsVqyeK1F1fxx8nFpnH5gYMUo0IJbdnkurqdr1ajXDwJt73xnfhSahSPNleVPrs6h%2bczYGJs9bXZ349MZV%2bsRt%2fiecrlAatT49Wss3d8YXxF7aVvwHXJYZmZk0Kmj%2bDT8qsKc%2fpJoBtN41geqDoYbhUwJGmnCJIGo7yxDns9ynId8gf74ydsUOj9Cw9n0COYEbj2hxOyQ%2fFk%2bU%2fm9Gfhj4xBb2NRfy5FCHa6Utw36KPxlKhP9FvXrH0AgoDXfUvVuhvVf1g7CPa5Y6cIoIgvYCfeZaPxv%2bTZ%2fmvaIx0uvAMAAA%3d_S111_Error:ADOperationException1%3aActive+Directory+operation+failed+on+dc1.domain.com.+This+error+is+not+retriable.+Additional+information%3a+Access+is+denied.%0d%0aActive+directory+response%3a+00000005%3a+SecErr%3a+DSID-031521E1%2c+problem+4003+(INSUFF%5FACCESS%5FRIGHTS)%2c+data+0%0a_Mbx:internal_servername.domain.com_Dc:dc1.domain.com_Throttle0_SBkOffD:L%2f-470_DBL7_DBS1_CmdHC-1477255686_TmRcv08:21:38.3814461_TmSt08:21:38.3814461_TmDASt08:21:38.4126927_TmPolSt08:21:38.4126927_TmExSt08:21:38.4126927_TmExFin08:21:38.4439409_TmFin08:21:38.4595741_TmCmpl08:21:58.381466_ActivityContextData:ActivityID%3dc058805f-cfb1-4303-8edc-7962e5cb0d18%3bDbl%3aMBLB.T%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d8255%3bDbl%3aST.T%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d11%3bDbl%3aSTCPU.T%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d15%3bDbl%3aBudgUse.T%5b%5d%3d78.1279983520508%3bI32%3aMB.C%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d37%3bF%3aMB.AL%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d0.4054054%3bDbl%3aMAPI.T%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d15%3bI32%3aRPC.C%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d37%3bDbl%3aRPC.T%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d15%3bI32%3aROP.C%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d6740924%3bI32%3aMAPI.C%5binternal_servername.e04c7165-79e6-401c-a668-a1ed96a7e951%5d%3d85%3bI32%3aATE.C%5bsrv00.domain.com%5d%3d1%3bF%3aATE.AL%5bsrv00.domain.com%5d%3d0%3bI32%3aADS.C%5bsrv00%5d%3d1%3bF%3aADS.AL%5bsrv00%5d%3d8.6476%3bI32%3aADW.C%5bdc1%5d%3d1%3bF%3aADW.AL%5bdc1%5d%3d0.6981%3bI32%3aADS.C%5bdc1%5d%3d3%3bF%3aADS.AL%5bdc1%5d%3d1.060033%3bS%3aWLM.Cl%3dCustomerExpectation%3bS%3aWLM.Type%3dEas%3bS%3aWLM.Int%3dTrue%3bS%3aWLM.SvcA%3dFalse%3bS%3aWLM.Bal%3d480000%3bS%3aWLM.BT%3dEas_Budget:(D)Owner%3aSid%7eKSVORIS%5cusername%7eEas%7efalse%2cConn%3a0%2cMaxConn%3a10%2cMaxBurst%3a480000%2cBalance%3a480000%2cCutoff%3a600000%2cRechargeRate%3a1800000%2cPolicy%3aGlobalThrottlingPolicy%5F3e976729-4019-4478-bb02-790c76651d0a%2cIsServiceAccount%3aFalse%2cLiveTime%3a00%3a00%3a46.5620819_
  X-DiagInfo: internal_servername
  X-BEServer: internal_servername
  X-FEServer: internal_servername
  Content-Length: 5864
  Cache-Control: private
  Content-Type: text/html; charset=utf-8
  Date: Tue, 30 Sep 2014 08:21:58 GMT
  Set-Cookie: X-BackEndCookie=S-1-5-21-1715567821-1220945662-1801674531-2707=u56Lnp2ejJqBms/LnMjOycrSyMaaydLLz86c0p7JycfSns6am8bJnsiaxsrOgYHOz9DMz9DNz87L38/Hxc3OxcrH; expires=Thu, 30-Oct-2014 06:21:58 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
  Server: Microsoft-IIS/8.0
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Elapsed Time: 20931 ms.
  Owa and everything else works fine.

  Third party COMODO wildcard sertificate. Owa gives no warnings on SSL.
   Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
   Additional Details
  Elapsed Time: 585 ms. 
   Test Steps
   The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.domain.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=*.domain.com, OU=COMODO SSL Wildcard, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
  Elapsed Time: 562 ms. 
   Validating the certificate name.
    The certificate name was validated successfully.
   Additional Details
  The host name that was found, mail.domain.com, is a wildcard certificate match for common name *.domain.com.
  Elapsed Time: 0 ms. 
   Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 9/16/2014 12:00:00 AM, NotAfter = 9/15/2017 11:59:59 PM
  Elapsed Time: 0 ms. 

• Exchange 2007 Active Sync Issue with 1 users mailbox

  Good Afternoon,
  Server OS:  Small Business Server 2008
  Exchange:  2007 Standard - Update Rollup 13 SP3
  Mobile phone:  Blackberry Z10
  We are in the process of decommissioning our Blackberry Enterprise Server, and down to one user.  I am able to setup Exchange on his new non BES server tied phone, but it will not sync any email, all Meetings, and only some contacts.  I have tried
  adding this account to an Android phone with the same results.  I have numerous times went into EMC and delete the Mobile device, when re-adding the account, everything seems to point to his exchange account being the culprit.  I am getting the below
  Active Sync error after adding his account.  I have Bing / Googled around, and nothing of substance I have found.  Thank you in advance!
  Log Name:      Application
  Source:        MSExchange ActiveSync
  Date:          3/24/2015 2:01:15 PM
  Event ID:      1008
  Task Category: Requests
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      SISBS.internaldomain.local
  Description:
  An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
  Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 
  URL=/Microsoft-Server-ActiveSync/default.eas?Cmd=FolderSync&DeviceType=BlackBerry&User=bbevers&DeviceId=BB3359D356
  --- Exception start ---
  Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
  Exception message: 
  Exception level: 0
  HttpStatusCode: 200
  AirSyncStatusCode: 6
  XmlResponse: 
  <?xml version="1.0" encoding="utf-8" ?>
  <FolderSync xmlns="FolderHierarchy:">
  <Status>6</Status>
  </FolderSync>
  Exception stack trace:    at Microsoft.Exchange.AirSync.FolderCommand.Execute()
     at Microsoft.Exchange.AirSync.Command.WorkerThread()
  Inner exception follows...
  Exception type: Microsoft.Exchange.Data.Storage.FolderSaveException
  Exception message: Unable to save sync state folder Root due to PartiallySucceeded, Property = [0x7c020102] SyncCustomState, PropertyErrorCode = MapiCallFailed, PropertyErrorCode = Properties could not be set.
  Exception = Microsoft.Exchange.Data.Storage.AccessDeniedException: Cannot set properties. ---> Microsoft.Mapi.MapiExceptionNoAccess: MapiExceptionNoAccess: Unable to set properties on object. (hr=0x80070005, ec=-2147024891)
  Diagnostic context:
      Lid: 18969   EcDoRpcExt2 called [length=7783]
      Lid: 27161   EcDoRpcExt2 returned [ec=0x0][length=88][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropSetProps [10]
      Lid: 17082   ROP Error: 0x80070005
      Lid: 30561  
      Lid: 21921   StoreEc: 0x80070005
      Lid: 27962   ROP: ropExtendedError [250]
      Lid: 1494    ---- Remote Context Beg ----
      Lid: 26426   ROP: ropSetProps [10]
      Lid: 4559    StoreEc: 0x80070005
      Lid: 1750    ---- Remote Context End ----
      Lid: 26849  
      Lid: 21817   ROP Failure: 0x80070005
      Lid: 25761  
      Lid: 1940    StoreEc: 0x80070005
      Lid: 25297  
      Lid: 21201   StoreEc: 0x80070005
     at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Object objLastErrorInfo)
     at Microsoft.Mapi.MapiProp.SetProps(PropValue[] pva)
     at Microsoft.Exchange.Data.Storage.MapiPropertyBag.<SetProperties>b__3(PropValue[] propValues)
     at Microsoft.Exchange.Data.Storage.MapiPropertyBag.InternalSetProperties(PropertyDefinition[] propertyDefinitions, Object[] propertyValues, MapiSetProps mapiSetProps)
     --- End of inner exception stack trace ---
     at Microsoft.Exchange.Data.Storage.MapiPropertyBag.InternalSetProperties(PropertyDefinition[] propertyDefinitions, Object[] propertyValues, MapiSetProps mapiSetProps)
     at Microsoft.Exchange.Data.Storage.StoreObjectPropertyBag.FlushSetProperties()
     at Microsoft.Exchange.Data.Storage.FolderPropertyBag.SaveFolderPropertyBag(Boolean needVersionCheck)..
  Exception level: 1
  Exception stack trace:    at Microsoft.Exchange.Data.Storage.FolderSaveResult.ToException(String exceptionMessage)
     at Microsoft.Exchange.Data.Storage.SyncState.Commit(PropertyDefinition[] properties, Object[] values, Int32[] sizes)
     at Microsoft.Exchange.AirSync.FolderCommand.Execute()
  --- Exception end ---.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchange ActiveSync" />
      <EventID Qualifiers="32772">1008</EventID>
      <Level>3</Level>
      <Task>1</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-03-24T19:01:15.000Z" />
      <EventRecordID>4756229</EventRecordID>
      <Channel>Application</Channel>
      <Computer>SISBS.internaldomain.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>/Microsoft-Server-ActiveSync/default.eas?Cmd=FolderSync&amp;DeviceType=BlackBerry&amp;User=bbevers&amp;DeviceId=BB3359D356</Data>
      <Data>--- Exception start ---
  Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
  Exception message: 
  Exception level: 0
  HttpStatusCode: 200
  AirSyncStatusCode: 6
  XmlResponse: 
  &lt;?xml version="1.0" encoding="utf-8" ?&gt;
  &lt;FolderSync xmlns="FolderHierarchy:"&gt;
  &lt;Status&gt;6&lt;/Status&gt;
  &lt;/FolderSync&gt;
  Exception stack trace:    at Microsoft.Exchange.AirSync.FolderCommand.Execute()
     at Microsoft.Exchange.AirSync.Command.WorkerThread()
  Inner exception follows...
  Exception type: Microsoft.Exchange.Data.Storage.FolderSaveException
  Exception message: Unable to save sync state folder Root due to PartiallySucceeded, Property = [0x7c020102] SyncCustomState, PropertyErrorCode = MapiCallFailed, PropertyErrorCode = Properties could not be set.
  Exception = Microsoft.Exchange.Data.Storage.AccessDeniedException: Cannot set properties. ---&gt; Microsoft.Mapi.MapiExceptionNoAccess: MapiExceptionNoAccess: Unable to set properties on object. (hr=0x80070005, ec=-2147024891)
  Diagnostic context:
      Lid: 18969   EcDoRpcExt2 called [length=7783]
      Lid: 27161   EcDoRpcExt2 returned [ec=0x0][length=88][latency=0]
      Lid: 23226   --- ROP Parse Start ---
      Lid: 27962   ROP: ropSetProps [10]
      Lid: 17082   ROP Error: 0x80070005
      Lid: 30561  
      Lid: 21921   StoreEc: 0x80070005
      Lid: 27962   ROP: ropExtendedError [250]
      Lid: 1494    ---- Remote Context Beg ----
      Lid: 26426   ROP: ropSetProps [10]
      Lid: 4559    StoreEc: 0x80070005
      Lid: 1750    ---- Remote Context End ----
      Lid: 26849  
      Lid: 21817   ROP Failure: 0x80070005
      Lid: 25761  
      Lid: 1940    StoreEc: 0x80070005
      Lid: 25297  
      Lid: 21201   StoreEc: 0x80070005
     at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Object objLastErrorInfo)
     at Microsoft.Mapi.MapiProp.SetProps(PropValue[] pva)
     at Microsoft.Exchange.Data.Storage.MapiPropertyBag.&lt;SetProperties&gt;b__3(PropValue[] propValues)
     at Microsoft.Exchange.Data.Storage.MapiPropertyBag.InternalSetProperties(PropertyDefinition[] propertyDefinitions, Object[] propertyValues, MapiSetProps mapiSetProps)
     --- End of inner exception stack trace ---
     at Microsoft.Exchange.Data.Storage.MapiPropertyBag.InternalSetProperties(PropertyDefinition[] propertyDefinitions, Object[] propertyValues, MapiSetProps mapiSetProps)
     at Microsoft.Exchange.Data.Storage.StoreObjectPropertyBag.FlushSetProperties()
     at Microsoft.Exchange.Data.Storage.FolderPropertyBag.SaveFolderPropertyBag(Boolean needVersionCheck)..
  Exception level: 1
  Exception stack trace:    at Microsoft.Exchange.Data.Storage.FolderSaveResult.ToException(String exceptionMessage)
     at Microsoft.Exchange.Data.Storage.SyncState.Commit(PropertyDefinition[] properties, Object[] values, Int32[] sizes)
     at Microsoft.Exchange.AirSync.FolderCommand.Execute()
  --- Exception end ---</Data>
    </EventData>
  </Event>

  Hello,
  Yes, it means the mailbox is corrupted. The most efficeint way is to rebuild the user's mailbox.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Again: BB Z10 Active Sync not syncing

  Hi Everyone,
  I am having problems syncing my contacts and calendat item with my Z10.
  I have gone through the other related topics but none of them contained any solution.
  I tried everything like security wipe, restart, delete and add gain the account etc etc.
  I verified the active sync by using other devices with the server and all work just fine.
  The situation is as follows:
  -calendar does not sync at all
  -task do not sync at all
  -contacts do not sync but i am able to perform a remote search which returns the contact i am searching.
  This looks as if the connection is working but the z10 does not start the process to sync the data.
  Does anyone have any idea what this might be? Are there any log on the bb side which I could check?
  Thanks for all assistance in advance...

  Hello gwendlandt,
  Thank you for your question regarding the issue you are experiencing with synchronizing Contacts and Calendar items on your BlackBerry Z10 smartphone.
  In order to synchronize contacts and/or calendar via Microsoft Exchange (with Microsoft Activesync enabled) a CardDAV and/or CalDAV server must be setup by your mail provider. We suggest that you contact your mail server administrator to verify that this is the case.
  Let us know if you have any other questions.
  -FB
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.
  Click "Accept as a Solution" for posts that have solved your issue(s)!

• How to fix an active sync problem

  All,
  I came across some issues with active sync that I could not find reference to in Sun documentation that we found a fix for. Read and enjoy.
  Problem: Active sync stopped working for no reason
  Reason: Too many users were attempting to be updated at the same time. SARunner was not running.
  Fix: Manually delete the invalid TaskInstances from the database.
  Process:
  Stop active sync
  Find the invaild task instances
  Oracle SQL Code to find errors:
  SELECT * from object where type='TaskInstance' and ATTR1='EXECUTING';
  Delete invalid task instances
  Oracle SQL to delete invalid TaskInstances:
  DELETE from object where type='TaskInstance' and ATTR1='EXECUTING';
  After this is done commit the changes to the DB.
  Active Sync can now be re-started.
  It should start functioning properly at this point.

  There were no problems what so ever. The integrity of the repository was not affected. I did this as a last resort because nothing else I tried worked.
  One of the other side issues we were having was viewing tasks. When all tasks was clicked on I was getting invailid Object references. The Object reference ended up being the ID of a task that failed to update users because of an invalid character that IdM can not apparently parse. We had about 16 of these entries in the table. Active Sync no longer worked. We made the decision to delete the records from the table, we backed up the DB, then deleted the invalid records. I also checked in the other tables and could not find reference to the invalid objects anywhere. Once I deleted the records active sync began to function again after is was cycled and the system was brought back to full operational status.
  Apparently someone created a new security group in AD but when it was created they did not use a normal "-" in the name. I think the person used MS Word to type the name, in some cases word then substitutes a special character in for the dash that looks longer. This character was the root of my problem. I had someone go back and change the name of the security group and changed the dash to the right dash and that solved the root of my problem.

• Exchange 2003 migrate to Exchange 2010 - single forest multiple domain. Active Sync problem

  Hi All, 
  I have AD single forest and multiple domain. for example, the forest domain is jakarta.co.id, and the other domain is bali.co.id.
  Exchange 2003 deployed in jakarta.co.id, User mail enabled in domain jakarta.co.id and bali.co.id.
  Then, I upgrade to Exchange 2010 (deploy in jakarta.co.id) and move mailbox from Exchange 2003 to Exchange 2010.
  All users in bali.co.id are able to access email from Owa, BlackBerry (BIS), Outlook, but cannot access from Android, Windows Phone. (Active-Sync).
  I got error information generated from https://testconnectivity.microsoft.com, as following:
  Attempting the FolderSync command on the Exchange ActiveSync session.
  The test of the FolderSync command failed.
  Tell me more about this issue and how to resolve it
  Additional Details
  Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
  Active-Sync still not work even I check option "Include inheritable permissions from this object" in security tab.
  any idea to fix this issue?
  Thanks.
  Endrik
  Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

  Hi Sathish, 
  We are planning to migrate Exchange 2003 to Exchange 2013, all user already in Exchange 2010 and Exchange 2003 was decommissioned
  Event Viewer log as following:
  Log Name:      Application
  Source:        MSExchange ActiveSync
  Date:          1/17/2014 10:00:48 PM
  Event ID:      1008
  Task Category: Requests
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      EXC2010.jakarta.co.id
  Description:
  An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
  Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 
  URL=/Microsoft-Server-ActiveSync/default.eas?Cmd=Sync&User=bali%5Csteveng&DeviceId=SAMSUNG123456789&DeviceType=SAMSUNGGTN7000
  --- Exception start ---
  Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
  Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=Steven Gerrard,OU=IT,DC=bali,DC=co,DC=id.
  Exception level: 0
  HttpStatusCode: 500
  AirSyncStatusCode: 110
  XmlResponse: 
  This request does not contain a WBXML response.
  Exception stack trace:    at Microsoft.Exchange.AirSync.ADDeviceManager.SetActiveSyncDeviceContainerPermissions(ActiveSyncDevices container)
     at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDeviceContainer(Boolean retryIfFailed)
     at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
     at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime)
     at Microsoft.Exchange.AirSync.Command.UpdateADDevice(GlobalInfo globalInfo)
     at Microsoft.Exchange.AirSync.Command.CompleteDeviceAccessProcessing()
     at Microsoft.Exchange.AirSync.Command.WorkerThread()
  --- Exception end ---.
  I think KB817379 is not related because Exchange 2003 was decommissioned.
  Regards, 
  Endrik
  Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Do I need other antivirus program with Firefox & MS Active Sync?

  Our computer guy removed AVG and installed Firefox and MS Active Sync on husband's lap top...said that was all he needed, but were is the antivirus protection????
  He is running XP Business version.

  If you are using Windows XP, I'd recommend using a anti-virus program. [http://windows.microsoft.com/en-US/windows/products/security-essentials Microsoft Security Essentials] is good, free and plays nicely with Firefox.

• Active Sync Email stopped working on Playbook

  Hi,
  I have 32GB Playbook with latest OS upgrade. My Official email using Active Sync was working fine till Morning but stopped working after that.
  I tried to reset with "Security Wipe" but it didnt helped. The error message i am getting is:
  "The account settings are not correct".
  But same setting is working on my IPAD and ANDRIOD phone. 
  Please let me know if anyone faced same problem and how did it solved.
  Thanks
  Rahul

  Hi,
  I have 32GB Playbook with latest OS upgrade. My Official email using Active Sync was working fine till Morning but stopped working after that.
  I tried to reset with "Security Wipe" but it didnt helped. The error message i am getting is:
  "The account settings are not correct".
  But same setting is working on my IPAD and ANDRIOD phone. 
  Please let me know if anyone faced same problem and how did it solved.
  Thanks
  Rahul

• Exchange 2007 SP3 + Active Sync + OWA

  I am curious if this can be done:
  We want OWA to say use https://webmail.xyz.com 
  Then we want say use:  https://activesync.xyz.com  to be exclusively for active sync NOT web mail.   
  So if someone set sup their device and it asks for exchange server:  webmail.xyz.com that only has exclusive rights to OWA, not active sync.
  If someone setups their device with activesync.xyz.com then they just go through active sync and NOT OWA.
  Can this be done with Exchange 2007 SP3, and the reason we are looking into this is for security reasons.
  I need help to find out if this can be done.
  Right now we have webmail.xyz.com configured for both OWA & active sync.
  thanks

  Can you give me some details on this has to be done, do I have to create another URL for say active sync and keep the OWA URL.
  Then get a certificate for the Active Sync URL?
  Thanks

• Active Sync Issue - Exchange 2010

  Hey,
  Alright I have had some issues with some iPhones connecting to our Exchange 2010 server.  When i run the Testconnectivity test, I receive a timeout error on the last step:  
  Attempting the FolderSync command on the Exchange ActiveSync session. 
    The test of the FolderSync command failed. 
   Additional Details 
  Exception details:
  Message: The operation has timed out
  Type: System.Net.WebException
  Stack trace:
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()
  Elapsed Time: 100439 ms.  
  When I run the Test from Powershell I receive the following message:
  [System.Net.WebException]: The underlying connection was closed:  Could not establish trust relationship for the SSL/TLS secure channel. Inner error [System.Security.authentication.AuthenticationException]: The remote certificate is invalid according
  to the validation procedure.
  I have already taken a number of steps including removing all of the Exchange Certificates that are not current.  I have also reassigned them to the correct services.  I have recreated the Active Sync Virtual Directory.  Among other things.
  I can't seem to find anything that points me to the correct direction so if anyone has any ideas on what I can look at, it would be appreciated. 
  At this point, I can't create the Exchange account on any new Active Sync clients (I have tested from an iPhone and Android phone) however a few people who had the account already setup get random e-mail messages that come through.
       

  I turns out the issue was Trend. I uninstalled this software and everything started working correctly.

• Exchange active sync not requesting advanced setup details

  hi - we have exchange 2010 with active sync 14.1  we have many types mobile devices connected using active sync including iphone and android.  when we previously added any account onto a phone we always had to add the advanced setup manually during
  the setup i.e. mail server and domain.  now these details are added automatically after adding email and password.  This seems less secure and i need to find how to stop this.
  Thanks

  Hi ,
  This is normal behavior in exchange because of autodiscover feature and it is making up the things easier during new account configuration on mobile devices.
  After giving up the user name and password ,autodiscover is the feature which will bring up the remaining settings that you mentioned .
  We will discuss in terms of security view .
  1.User's password would be confidential .
  However in worst cases someone might know about anyone's password and email address then on such case there would be chance to configure that particular account in any of the mobile devices.
  We can control the above scenario too.
  In exchange Active sync organisation settings we have an option to set the DefaultAccessLevel to quarantine for the devices.So that administrator can decide to allow or block the active sync device which is trying to connect to exchange.
  Reference Link : http://exchangeserverpro.com/preventing-new-activesync-device-types-from-connecting-to-exchange-server-2010/
  Note : If your existing exchange organisation is having active sync devices configured in use then before changing the "Defaultaccesslevel" to quarantine we need to make sure existing active sync device ID'S are added to the corresponding mailboxes
  -ActiveSyncAllowedDeviceIDs 
  Thanks & Regards S.Nithyanandham

• Active Sync Password Lock Requirement

  Hello,
  I have been using the iPhone 3g with Exchange the past month or so and everything has been working great. When the phone is first configured to work with Active Sync we have a password requirement and the device will automatically lock after 5 minutes if not being used. This weekend I decided to do a firmware restore and after it was complete I chose to restore the phone from a backup. Everything restored as expected but I noticed that it wasn't getting the forced 5 minute lockout or password requirement. I went into settings and sure enough Passcode Lock was set to off and when I selected this option, it prompted me for a new password. After I set the password it then resumed the 5 minute lockout as expected and I wasn't able to turn it back off again as expected. The concern I have is that from a security standpoint anyone we deploy an iPhone to in our company can easily bypass the password requirement by simply reloading the firmware and restoring from a backup that contains the active sync information. Has anyone else seen this issue? I personally verified it on 2 of our iPhones. It is bad enough that the iPhone doesn't have full disk encryption but with a way to bypass our security requirements this easily it is likely our security team will ban iPhones in our workplace completely.

  Hi Wildpacket,
  As said by m0j0m1k once
  active sync establishes continuous sync (direct push) it takes 8 to 24 hours to recognize the changed
  password.
  Any update on this ?
  Sathish