Error connecting mobile device to Exchange - missing permissions

Question

I'm having an issue connecting a mobile device to an exchange 2010 server for a single user.

Using https://testconnectivity.microsoft.com I get the following error:

The Exchange ActiveSync test failed.
- Errors were encountered while testing the Exchange ActiveSync session.
  - The test of the FolderSync command failed. An HTTP 403 forbidden response was received. The response appears to have come from IIS7.

All other users work without receiving the error

I've tried including inheritable permissions as described on many blogs/sites, but they were already checked.

http://www.squidworks.net/2012/04/solved-iphone-passes-exchange-2010-setup-but-then-gets-cannot-get-mail-the-connection-to-the-server-failed/

Is there a set of permissions I can check for or add to get this user connecting?

waspinator · Accepted Answer · 2016-07-19T16:18:16.797

The issue was that by default a user can only connect to 10 ActiveSync devices, and this user had reached that limit.

Run the following commands in your Exchange management shell to correct the issue by removing unused devices. Replace username with the affected user's username, and device identity with one of the devices returned from the Get-ActiveSyncDevice command you wish to remove.

Get-ActiveSyncDevice -Mailbox username |fl identity, first*, devicemodel
Remove-ActiveSyncDevice -Identity "device identity"

If you actually do need more than 10 devices you can change the EASMaxDevices policy. Best practices is to keep the number low though. Use the commands bellow to set the number of devices to 20.

New-Throttlingpolicy "Increased ActiveSync Devices" -EasMaxDevices 20 -EasMaxConcurrency 20
Set-Mailbox username -ThrottlingPolicy "Increased ActiveSync Devices"

You might want to accept your own answer to keep the question from popping up from time to time. :) — Stuggi, Apr 19 '20 at 22:14

score 0 · Answer 2 · answered Jul 19 '16 at 15:42

0

Permission inheritance is the usual issue. Is the user also a member of a privileged group? Domain Admins etc? That can stop things from working.

Using attribute editor in ADUC, look for the value of AdminCount. If the user is not a member of any priviledged groups, but that is set to 1, clear it (so not set). Wait an hour or more for Exchange to clear the permission issue, then try again.

answered Jul 19 '16 at 15:42

Sembee

2,884
1
8
11

turned out to be too many devices assigned to the user – waspinator Jul 19 '16 at 16:10

Error connecting mobile device to Exchange - missing permissions

2 Answers2