Pop quiz. You receive the message below. Where do you look first?
99% of Exchange admins will go in to Active Directory Users and Computers (ADU&C) and look at the user properties to make sure that they have rights to use ActiveSync. Many people will go in to the Exchange System Manager and verify the ActiveSync Settings there. In our case, everything there looked like it checked out okay. Nothing had changed recently, and the user had not changed her password.
Hint: Exchange SP2 was recently applied to the server. We saw this error in Event Viewer that coincided when we attempted to log in with the mobile device:
Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3005
Date: 12/13/2005 Time: 5:02:58 PM
Description: Unexpected Exchange mailbox Server error: Server: Verify that the Exchange mailbox Server is working correctly.
So far, so good. Nothing out of the normal. We click on the Device Security… button and:
OK, so we’re not at a default install. Only “Enforce password on device”, “Wipe device after failed(attempts) ” and “Allow access to devices that do not support password settings” are checked by default.
It turns out that our test account had a password of “password“, which isn’t allowed according to the 3rd check box – “Require both numbers and letters”. Resetting the password to something a little more secure and retrying, of course, gets us right in to the mailbox. So, the original error message was correct – we don’t “have permission to sync with your current settings”, we just hadn’t anticipated the new SP2 security options being the root cause.
Thanks to James Frederickson for the initial research on this topic.