So I got a new HTC phone with Android – Awesome! Well .. yes and no 
I went to set the email component up for Exchange 2010 ActiveSync and it all fell apart on me. I’ve spent the last 3 days bashing my head against a wall until all of 5 minutes ago. Everytime I set the account up it would authorise and then turn around and give me an error of “Failed to create the account. Please try again later”. LAME!!
So after a lot of googling I came up with nothing .. talk of SSL certificates and so on .. I bought an SSL cert, installed it .. nothing
Then I decided to think straight .. I looked at the Windows Event logs and saw a bunch of errors – the one in particular that cracked this case for me was the event id 1053 for MSExchange Activesync. It basically said that the account didnt have permission. What?? The account is a Domain Admin!! BZZZT!!! That’s the problem!! STUPID!! Apparently that is an AD Protected Group and it will never work.
So enough blabbering already .. How did I fix it!
There is an awesome post at http://blog.nick.mackechnie.co.nz/post/2009/11/20/Exchange-2010-Active-Sync-Issue.aspx which explains this all very well! The basics are though
- Log onto Domain Controller
- Start AD Users and Computers
- Click on View – Advanced Features
- Double-click on the user who’s account wont work with ActiveSync
- Go to the security tab and then select the advanced button
- Select Exchange Servers, and tick the Include inheritable permissions toggle then Apply and OK.
- Reconfigure your phone and walk away happy
Anyway .. this isn’t really a security thing .. but I think if it’s annoyed other people as much as it’s annoyed me .. people may want to know how to fix it.
Good luck
Comments
Leave a comment Trackback