cryptic error from Test-ActiveSyncConnectivity

I came across some strange output when running the Exchange 2007 commandlet

 Test-ActiveSyncConnectivity

so I thought I'd share with those of you who might be trying to figure out what it means...

Test-ActiveSyncConnectivity -ClientAccessServer 02e2k7cas -TrustAnySSLCertificate:$true -LightMode:$true

CasServer MailboxServer Scenario Result Latency(MS) Error

--------- ------------- -------- ------ ----------- -----

02e2k7cas mclab02E2k7MB FolderSync Failure [System.Net.WebException]:

The remote server returned an error: (403) Forbidden.

HTTP response headers: MS-Server-ActiveSync: 8.1

Content-Length: 0

Cache-Control: private

Date: Wed, 13 May 2009 20:35:31 GMT

Server: Microsoft-IIS/7.0

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

In the IIS logs I saw this:

2009-05-13 20:35:31 02E2K7CAS 192.168.0.31 OPTIONS /Microsoft-Server-ActiveSync/default.eas &Log=V120_LdapC1_LdapL0_RpcC0_RpcL0_ 443 mcLab02.internal\CAS_16d82a7964354994 192.168.0.31 TestActiveSyncConnectivity - 02e2k7cas.mclab02.internal 200 0 0 15

2009-05-13 20:35:31 02E2K7CAS 192.168.0.31 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=CAS_16d82a7964354994&DeviceId=996795128&DeviceType=TestActiveSyncConnectivity&Log=V120_LdapC0_LdapL0_RpcC10_RpcL0_Ers1_Error:
LegacyDeviceOnStrictPolicy_ 443 mcLab02.internal\CAS_16d82a7964354994 192.168.0.31 TestActiveSyncConnectivity - 02e2k7cas.mclab02.internal 403 0 0 31

The LegacyDeviceOnStrictPolicy helped me remember I had disabled ActiveSync for nonprovisionable devices here:

So, the error, although cryptic at first, was really there to tell me the account I tested has a mailbox policy that doesn't allow nonprovisionable devices. If you use System Center Operations Manager, you may also run into this error.