Testing Active Sync and fixing access issue on Exchange 2013

If you have an issue with ActiveSync on Exchange 2010/2013 and you want to troubleshoot it, you will have to first test ActiveSync from Microsoft Exchange Management shell for any failing user
You can use the following cmdlet to start
Test-ActiveSyncConnectivity -MailboxCredential (Get-Credential domainuser) -UseAutodiscoverForClientAccessServer
clip_image001

As you can see in the previous snapshot, the test failed in folder syncing part. But in order to get the full report on the failure we’ll have to add the option | fl and if you want to export the report to a text file you can use the parameter >c:1.txt which will export the command output to a text file name called 1.txt on the C root drive.
clip_image002
clip_image003
Resolution:
As you can see the eror says “Internal server error” and if you proceed to read the error in the middle it says “Active Directory operation failed on DC.server.local. This error is not retriable. Additional information: Access is denied. Active Directory response: 000000005 up to <INSUFF_ACCESS_RIGHTS>. Searching for this error a little bit I found that it’s related to Inheritance under the user’s security advanced settings.
clip_image004
clip_image005
Once this was applied the user was able to log in from mobile without an issue

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.