Error connecting mobile device to Exchange – missing permissions

activesyncexchangeexchange-2010

I'm having an issue connecting a mobile device to an exchange 2010 server for a single user.

Using https://testconnectivity.microsoft.com I get the following error:

  • The Exchange ActiveSync test failed.
    • Errors were encountered while testing the Exchange ActiveSync session.
      • The test of the FolderSync command failed.
        An HTTP 403 forbidden response was received. The response appears to have come from IIS7.

All other users work without receiving the error

I've tried including inheritable permissions as described on many blogs/sites, but they were already checked.

http://www.squidworks.net/2012/04/solved-iphone-passes-exchange-2010-setup-but-then-gets-cannot-get-mail-the-connection-to-the-server-failed/

Is there a set of permissions I can check for or add to get this user connecting?

Best Answer

The issue was that by default a user can only connect to 10 ActiveSync devices, and this user had reached that limit.

Run the following commands in your Exchange management shell to correct the issue by removing unused devices. Replace username with the affected user's username, and device identity with one of the devices returned from the Get-ActiveSyncDevice command you wish to remove.

Get-ActiveSyncDevice -Mailbox username |fl identity, first*, devicemodel
Remove-ActiveSyncDevice -Identity "device identity"

If you actually do need more than 10 devices you can change the EASMaxDevices policy. Best practices is to keep the number low though. Use the commands bellow to set the number of devices to 20.

New-Throttlingpolicy "Increased ActiveSync Devices" -EasMaxDevices 20 -EasMaxConcurrency 20
Set-Mailbox username -ThrottlingPolicy "Increased ActiveSync Devices"
Related Topic